==============================
Release Notes for Samba 3.5.15
April 30, 2012
==============================
This is a security release in order to address
CVE-2012-2111 (Incorrect permission checks when granting/removing
privileges can compromise file server security).
o CVE-2012-2111:
Samba 3.4.x to 3.6.4 are affected by a
vulnerability that allows arbitrary users
to modify privileges on a file server.
This is a security release in order to address
CVE-2012-1182 ("root" credential remote code execution).
o CVE-2012-1182:
Samba 3.0.x to 3.6.3 are affected by a
vulnerability that allows remote code
execution as the "root" user.
Changes since 3.5.13:
---------------------
o Stefan Metzmacher <metze@samba.org>
*BUG 8815: PIDL based autogenerated code allows overwriting beyond of
allocated array (CVE-2012-1182).
* BUG 8327: Fix config reload to reload shares from registry.
* BUG 8139: Ignore SMBecho errors.
* BUG 8521: Fix Winbind cache timeout expiry test.
* BUG 8561: Fully observe password change settings.
* BUG 8631: Fix POSIX ACE x permission mapping to and from a DACL.
* BUG 8636: When returning an ACL without SECINFO_DACL requested, we still
set SEC_DESC_DACL_PRESENT in the type field.
* BUG 8644: Make sure that vfs_acl_xattr and vfs_acl_tdb modules add
inheritable entries on a directory with no stored ACL.
* BUG 8663: Fix deleting a symlink if the symlink target is outside of the
* share.
* BUG 8664: Fix renaming a symlink if the symlink target is outside of the
share.
* BUG 8673: Fix NT ACL issue.
* BUG 8679: Make sure that recvfile code path using splice() on Linux
does not leave data in the pipe on short write.
* BUG 8687: Fix typo in 'net memberships' usage.
Now that samba-nss-winbind-install and samba-nss-wins-install work again.
1) Switch back to using the the above mentioned targets for installing
nss-winbind and nss_wins. (These targets work on all platforms.)
2) Switch back to using ${NSS_WINBIND} and ${NSS_WINS} in the PLIST as
these work on all platforms.
Bump PKGREVISION
This is the latest stable release of Samba 3.5.
Major enhancements in Samba 3.5.12 include:
o Fix race condition in Winbind (bug 7844).
o The VFS ACL modules are no longer experimental but production-ready.
See full release notes at http://www.samba.org/samba/history/samba-3.5.12.html
* Fix access to Samba shares when Windows security patch KB2536276 is installed
* Fix DoS in Winbind and smbd with many file descriptors open
* Fix Winbind panics if verify_idpool() fails
"checking for replacing readdir using getdirentries()".
The functions in samba-3.5.10/lib/replace/repdir_getdirentries.c
fail on NetBSD 5.99.54, and the test code in
samba-3.5.10/lib/replace/test/os2_delete.c
did not handle the failure.
Not bumping PKGREVISION, because this affects only the
configure script, and the package did not build on
NetBSD-current before.
==============================
Release Notes for Samba 3.5.10
July 26, 2011
==============================
This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.
o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.
Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.
Changes since 3.5.9:
--------------------
o Kai Blin <kai@samba.org>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.
* Fix Winbind crash bug when no DC is available
* Fix finding users on domain members
* Fix memory leaks in Winbind
* Fix printing with Windows 7 clients
Release Announcements
=====================
Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to
address CVE-2011-0719.
o CVE-2011-0719:
All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.
A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).
Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.
Changes
-------
o Jeremy Allison <jra at samba.org>
* BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
These services may be hosted off any TCP/IP-enabled platform. The
Samba project includes not only an impressive feature set in file and
print serving capabilities, but has been extended to include client
functionality, utilities to ease migration to Samba, tools to aid
interoperability with Microsoft Windows, and administration tools.