Karolin Seeger
2011-Jul-26 18:17 UTC
[Announce] Samba 3.5.10, 3.4.14 and 3.3.16 Security Releases Available
Release Announcements
====================
Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to
address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.
o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.
Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.
Changes
-------
o Kai Blin <kai@samba.org>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.
===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/stable
The release notes are available online at:
http://www.samba.org/samba/history/samba-3.5.10.html
http://www.samba.org/samba/history/samba-3.4.14.html
http://www.samba.org/samba/history/samba-3.3.16.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
Karolin Seeger
2011-Jul-26 18:17 UTC
[Samba] [Announce] Samba 3.5.10, 3.4.14 and 3.3.16 Security Releases Available
Release Announcements
====================
Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to
address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.
o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.
Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.
Changes
-------
o Kai Blin <kai at samba.org>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.
===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/stable
The release notes are available online at:
http://www.samba.org/samba/history/samba-3.5.10.html
http://www.samba.org/samba/history/samba-3.4.14.html
http://www.samba.org/samba/history/samba-3.3.16.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
Reasonably Related Threads
- [Announce] Samba 3.5.10, 3.4.14 and 3.3.16 Security Releases Available
- rspec-rails how to selectively turn on csrf protection for controller specs?
- [Announce] Samba 3.6.0rc3 Available for Download
- [Announce] Samba 3.6.0rc3 Available for Download
- forgery protection for multiple browser tabs