I am supporting SLES 9 from an Audit & Compliance perspective. The Samba release in use (3.0.26a-0.19) is not documented as being applicable for SLES 9 on the Novell CVE site. (http://support.novell.com/security/c...2010-1635.html).
However, if I reference mitre.org or cve details sites, Samba releases of 3.0.26a are vulnerable to this issue. Does Novell simply not document such things in all cases for unsupported releases of the OS? I know this isn't always the case but in this instance I am unable to state or provide any evidence to Data Security whether or not this issue resulting from an internal scan can be closed. Anyone with idea's on the subject?