Karolin Seeger
2012-Apr-10 15:21 UTC
[Samba] [Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available
Release Announcements
====================
Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to
address CVE-2012-1182.
o CVE-2012-1182:
Samba 3.0.x to 3.6.3 are affected by a
vulnerability that allows remote code
execution as the "root" user.
Changes:
--------
o Stefan Metzmacher <metze at samba.org>
*BUG 8815: PIDL based autogenerated code allows overwriting beyond of
allocated array (CVE-2012-1182).
######################################################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba corresponding product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================= Our
Code, Our Bugs, Our Responsibility.
== The Samba Team
=====================================================================
===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/
The release notes are available online at:
http://www.samba.org/samba/ftp/history/samba-3.6.4.html
http://www.samba.org/samba/ftp/history/samba-3.5.14.html
http://www.samba.org/samba/ftp/history/samba-3.4.16.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
Karolin Seeger
2012-Apr-10 15:21 UTC
[Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available
Release Announcements
====================
Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to
address CVE-2012-1182.
o CVE-2012-1182:
Samba 3.0.x to 3.6.3 are affected by a
vulnerability that allows remote code
execution as the "root" user.
Changes:
--------
o Stefan Metzmacher <metze@samba.org>
*BUG 8815: PIDL based autogenerated code allows overwriting beyond of
allocated array (CVE-2012-1182).
######################################################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don''t provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba corresponding product in the project''s
Bugzilla
database (https://bugzilla.samba.org/).
======================================================================= Our
Code, Our Bugs, Our Responsibility.
== The Samba Team
=====================================================================
===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/
The release notes are available online at:
http://www.samba.org/samba/ftp/history/samba-3.6.4.html
http://www.samba.org/samba/ftp/history/samba-3.5.14.html
http://www.samba.org/samba/ftp/history/samba-3.4.16.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
Karolin Seeger
2012-Apr-10 17:06 UTC
Re: [Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available
Further information can be found in the security advisory: http://www.samba.org/samba/security/CVE-2012-1182 Patches for older versions are available at http://www.samba.org/samba/history/security.html. This defect has been tracked in the following bug report: https://bugzilla.samba.org/show_bug.cgi?id=8815. On Tue, Apr 10, 2012 at 05:21:19PM +0200, Karolin Seeger wrote:> Release Announcements > ====================> > Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to > address CVE-2012-1182. > > o CVE-2012-1182: > Samba 3.0.x to 3.6.3 are affected by a > vulnerability that allows remote code > execution as the "root" user. > > > Changes: > -------- > > > o Stefan Metzmacher <metze@samba.org> > *BUG 8815: PIDL based autogenerated code allows overwriting beyond of > allocated array (CVE-2012-1182). > > > ###################################################################### > Reporting bugs & Development Discussion > ####################################### > > Please discuss this release on the samba-technical mailing list or by > joining the #samba-technical IRC channel on irc.freenode.net. > > If you do report problems then please try to send high quality > feedback. If you don''t provide vital information to help us track down > the problem then you will probably be ignored. All bug reports should > be filed under the Samba corresponding product in the project''s Bugzilla > database (https://bugzilla.samba.org/). > > > =====================================================================> == Our Code, Our Bugs, Our Responsibility. > == The Samba Team > =====================================================================> > > ===============> Download Details > ===============> > The uncompressed tarballs and patch files have been signed > using GnuPG (ID 6568B7EA). The source code can be downloaded > from: > > http://download.samba.org/samba/ftp/ > > The release notes are available online at: > > http://www.samba.org/samba/ftp/history/samba-3.6.4.html > http://www.samba.org/samba/ftp/history/samba-3.5.14.html > http://www.samba.org/samba/ftp/history/samba-3.4.16.html > > Binary packages will be made available on a volunteer basis from > > http://download.samba.org/samba/ftp/Binary_Packages/ > > Our Code, Our Bugs, Our Responsibility. > (https://bugzilla.samba.org/) > > --Enjoy > The Samba Team > >-- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org
Karolin Seeger
2012-Apr-10 17:06 UTC
[Samba] [Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available
Further information can be found in the security advisory: http://www.samba.org/samba/security/CVE-2012-1182 Patches for older versions are available at http://www.samba.org/samba/history/security.html. This defect has been tracked in the following bug report: https://bugzilla.samba.org/show_bug.cgi?id=8815. On Tue, Apr 10, 2012 at 05:21:19PM +0200, Karolin Seeger wrote:> Release Announcements > ====================> > Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to > address CVE-2012-1182. > > o CVE-2012-1182: > Samba 3.0.x to 3.6.3 are affected by a > vulnerability that allows remote code > execution as the "root" user. > > > Changes: > -------- > > > o Stefan Metzmacher <metze at samba.org> > *BUG 8815: PIDL based autogenerated code allows overwriting beyond of > allocated array (CVE-2012-1182). > > > ###################################################################### > Reporting bugs & Development Discussion > ####################################### > > Please discuss this release on the samba-technical mailing list or by > joining the #samba-technical IRC channel on irc.freenode.net. > > If you do report problems then please try to send high quality > feedback. If you don't provide vital information to help us track down > the problem then you will probably be ignored. All bug reports should > be filed under the Samba corresponding product in the project's Bugzilla > database (https://bugzilla.samba.org/). > > > =====================================================================> == Our Code, Our Bugs, Our Responsibility. > == The Samba Team > =====================================================================> > > ===============> Download Details > ===============> > The uncompressed tarballs and patch files have been signed > using GnuPG (ID 6568B7EA). The source code can be downloaded > from: > > http://download.samba.org/samba/ftp/ > > The release notes are available online at: > > http://www.samba.org/samba/ftp/history/samba-3.6.4.html > http://www.samba.org/samba/ftp/history/samba-3.5.14.html > http://www.samba.org/samba/ftp/history/samba-3.4.16.html > > Binary packages will be made available on a volunteer basis from > > http://download.samba.org/samba/ftp/Binary_Packages/ > > Our Code, Our Bugs, Our Responsibility. > (https://bugzilla.samba.org/) > > --Enjoy > The Samba Team > >-- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org