Karolin Seeger
2013-Aug-05 09:05 UTC
[Samba] [Announce] Samba 4.0.8, 3.6.17 and 3.5.22 Security Releases Available for Download
Release Announcements
---------------------
Samba 4.0.8, 3.6.17 and 3.5.22 have been issued as security releases in order
to address CVE-2013-4124 (Denial of service - CPU loop and memory allocation).
o CVE-2013-4124:
All current released versions of Samba are vulnerable to a denial of
service on an authenticated or guest connection. A malformed packet
can cause the smbd server to loop the CPU performing memory
allocations and preventing any further service.
A connection to a file share, or a local account is needed to exploit
this problem, either authenticated or unauthenticated if guest
connections are allowed.
This flaw is not exploitable beyond causing the code to loop
allocating memory, which may cause the machine to exceed memory
limits.
Changes:
=======
o Jeremy Allison <jra at samba.org>
* BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list
reading can cause server to loop with DOS.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 4.0 product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================= Our
Code, Our Bugs, Our Responsibility.
== The Samba Team
=====================================================================
===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/stable/
The release notes are available online at:
http://www.samba.org/samba/history/samba-4.0.8.html
http://www.samba.org/samba/history/samba-3.6.17.html
http://www.samba.org/samba/history/samba-3.5.22.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
Reasonably Related Threads
- [Announce] Samba 4.0.8, 3.6.17 and 3.5.22 Security Releases Available for Download
- [Announce] Samba 4.1.9, 4.0.19 and 3.6.24 Security Releases Available
- [Announce] Samba 4.1.9, 4.0.19 and 3.6.24 Security Releases Available
- [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
- [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
Wisdom of the Ancients
