A vulnerability leading to unauthorized file access has been found. A
pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a textfile
will cause Smb4k to write the contents of these files to the target of the
symlink, as Smb4k does not check for the existence of these files before
writing to them.
For the testing distribution (etch) this is fixed in version 0.6.4-0.0etch1
For the unstable distribution (sid) this is fixed in version 0.6.4-1
This upgrade is recommended if you use smb4k.
If you have the secure testing lines in your sources.list, you can update by running this command as root:
apt-get update && apt-get install smb4k
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free
deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free