Release Announcements
=====================
Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to
address CVE-2011-0719.
o CVE-2011-0719:
All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.
A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).
Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.
Changes
-------
o Jeremy Allison <jra at samba.org>
* BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
==============================
Release Notes for Samba 3.3.14
September 14, 2010
==============================
This is a security release in order to address CVE-2010-3069.
o CVE-2010-3069:
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.
o CVE-2010-0728:
In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
was added to fix a problem with Linux asynchronous IO handling.
This code introduced a bad security flaw on Linux platforms if the
binaries were built on Linux platforms with libcap support.
The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
capabilities, allowing all file system access to be allowed
even when permissions should have denied access.
Samba 3.0 and 3.3. They were completely broken before this.
Bump PKGREVISION for both samba and samba33.
Fix from PR pkg/38961 by Makoto Fujiwara <makoto at ki dot nu>.
Changes since 3.3.10
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 6557: Fix vfs_full_audit.
* BUG 7036: Fix 'net rpc getsid' in hardened Windows environments.
* BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls.
* BUG 7067: Fix failing of smbd to respond to a read or a write caused by
Linux asynchronous IO (aio).
* BUG 7072: Fix unlocking of accounts from ldap.
* BUG 7104: "wide links" and "unix extensions" are incompatible.
* BUG 7122: Fix reading of large browselist.
* BUG 7154: "mangling method = hash" can crash storing a name containing
a '.'.
* BUG 7155: Valgrind Conditional jump or move depends on uninitialised
value(s) error when "mangling method = hash".
o Gunther Deschner <gd@samba.org>
* BUG 7043: Fix crash bug in "SMBC_parse_path".
o Volker Lendecke <vl@samba.org>
* BUG 5626: Fix build on AIX.
* BUG 5885: Fix bogus ip address in SWAT.
* BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS
server.
o Stefan Metzmacher <metze@samba.org>
* BUG 7098: Fix results of 'smbclient -L' with a large browse list.
* BUG 7170: Fix handling of external domains in setups with one way trusts.
o William Jojo <w.jojo@hvcc.edu>
* BUG 7052: Fix DFS on AIX (maybe others).
o Bo Yang <boyang@samba.org>
* BUG 7106: Fix malformed require_membership_of_sid.
This isn't latest release, but diffrence from current package is minimal
supported release.
Since changes are too huge to write here, please refer each release notes:
http://www.samba.org/samba/history/
And this pacakge already contain fix for CVE-2009-3297.
