samba announce - Nov 2008 - [Announce] Samba 3.2.5 Available for Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Release Announcements
====================

This is a security release in order to address CVE-2008-4314 ("Potential
leak of
arbitrary memory contents").

   o CVE-2008-4314
     Samba 3.0.29 to 3.2.4 can potentially leak
     arbitrary memory contents to malicious
     clients.

The original security announcement for this and past advisories can
be found http://www.samba.org/samba/security/

######################################################################
Changes
#######

Changes since 3.2.4
- -------------------


o   Volker Lendecke <vl@samba.org>
    * Fix for CVE-2008-4314.



######################################################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba 3.2 product in the project's Bugzilla
database (https://bugzilla.samba.org/).


======================================================================= Our
Code, Our Bugs, Our Responsibility.
== The Samba Team
=====================================================================

===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

        http://download.samba.org/samba/ftp/

The release notes are available online at:

        http://www.samba.org/samba/ftp/history/samba-3.2.5.html

Binary packages will be made available on a volunteer basis from

        http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFJLp71KGi9fisXk1ERAkceAJwLWd1ju3k+8eAOCLADSffvnfoWjQCff0Zf
w0Tpitu7/FNoMHR/oiUS9bI=wLET
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Release Announcements
====================

This is a security release in order to address CVE-2008-4314 ("Potential
leak of
arbitrary memory contents").

   o CVE-2008-4314
     Samba 3.0.29 to 3.2.4 can potentially leak
     arbitrary memory contents to malicious
     clients.

The original security announcement for this and past advisories can
be found http://www.samba.org/samba/security/

######################################################################
Changes
#######

Changes since 3.2.4
- -------------------


o   Volker Lendecke <vl@samba.org>
    * Fix for CVE-2008-4314.



######################################################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don''t provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba 3.2 product in the project''s Bugzilla
database (https://bugzilla.samba.org/).


======================================================================= Our
Code, Our Bugs, Our Responsibility.
== The Samba Team
=====================================================================

===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

        http://download.samba.org/samba/ftp/

The release notes are available online at:

        http://www.samba.org/samba/ftp/history/samba-3.2.5.html

Binary packages will be made available on a volunteer basis from

        http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFJLp71KGi9fisXk1ERAkceAJwLWd1ju3k+8eAOCLADSffvnfoWjQCff0Zf
w0Tpitu7/FNoMHR/oiUS9bI=wLET
-----END PGP SIGNATURE-----

Quoting Karolin Seeger (kseeger@samba.org):
> This is a security release in order to address CVE-2008-4314
("Potential leak of
> arbitrary memory contents").
> 
>    o CVE-2008-4314
>      Samba 3.0.29 to 3.2.4 can potentially leak
>      arbitrary memory contents to malicious
>      clients.

Debian packages have been uploaded today in unstable. They are
targeted for the upcoming Debian "lenny" release.

Debian etch is not affected by that security issue.