Karolin Seeger
2013-Aug-05 09:05 UTC
[Announce] Samba 4.0.8, 3.6.17 and 3.5.22 Security Releases Available for Download
Release Announcements --------------------- Samba 4.0.8, 3.6.17 and 3.5.22 have been issued as security releases in order to address CVE-2013-4124 (Denial of service - CPU loop and memory allocation). o CVE-2013-4124: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed. This flaw is not exploitable beyond causing the code to loop allocating memory, which may cause the machine to exceed memory limits. Changes: ======= o Jeremy Allison <jra@samba.org> * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list reading can cause server to loop with DOS. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don''t provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.0 product in the project''s Bugzilla database (https://bugzilla.samba.org/). ======================================================================= Our Code, Our Bugs, Our Responsibility. == The Samba Team ===================================================================== ===============Download Details =============== The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable/ The release notes are available online at: http://www.samba.org/samba/history/samba-4.0.8.html http://www.samba.org/samba/history/samba-3.6.17.html http://www.samba.org/samba/history/samba-3.5.22.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team