Multiple vulnerabilities has been discovered and corrected in samba:

All current released versions of Samba are vulnerable to a cross-site
request forgery in the Samba Web Administration Tool (SWAT). By
tricking a user who is authenticated with SWAT into clicking a
manipulated URL on a different web page, it is possible to manipulate
SWAT (CVE-2011-2522).

All current released versions of Samba are vulnerable to a cross-site
scripting issue in the Samba Web Administration Tool (SWAT). On the
Change Password field, it is possible to insert arbitrary content
into the user field (CVE-2011-2694).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.