similar to: [Announce] Samba 4.0.8, 3.6.17 and 3.5.22 Security Releases Available for Download

Release Announcements --------------------- Samba 4.1.9, 4.0.19 and 3.6.24 have been issued as security releases in order to address CVE-2014-0244 (Denial of service - CPU loop) and CVE-2014-3493 (Denial of service - Server crash/memory corruption). For more details/patches, please see http://www.samba.org/samba/history/security.html o CVE-2014-0244: All current released versions of

Release Announcements --------------------- Samba 4.1.9, 4.0.19 and 3.6.24 have been issued as security releases in order to address CVE-2014-0244 (Denial of service - CPU loop) and CVE-2014-3493 (Denial of service - Server crash/memory corruption). For more details/patches, please see http://www.samba.org/samba/history/security.html o CVE-2014-0244: All current released versions of

Release Announcements ===================== Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719. o CVE-2011-0719: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the

Release Announcements ===================== Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719. o CVE-2011-0719: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server) o CVE-2015-3223 (Denial of service in Samba Active Directory server) o CVE-2015-5252 (Insufficient symlink verification in smbd) o CVE-2015-5299 (Missing access control check in shadow copy code) o CVE-2015-5296 (Samba

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server) o CVE-2015-3223 (Denial of service in Samba Active Directory server) o CVE-2015-5252 (Insufficient symlink verification in smbd) o CVE-2015-5299 (Missing access control check in shadow copy code) o CVE-2015-5296 (Samba

Release Announcements --------------------- Samba 4.1.3, 4.0.13 and 3.6.22 have been issued as security releases in order to address CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and CVE-2012-6150 (pam_winbind login without require_membership_of restrictions). o CVE-2013-4408: Samba versions 3.4.0 and above (versions 3.4.0 - 3.4.17, 3.5.0 - 3.5.22, 3.6.0 - 3.6.21,

Release Announcements --------------------- Samba 4.1.3, 4.0.13 and 3.6.22 have been issued as security releases in order to address CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and CVE-2012-6150 (pam_winbind login without require_membership_of restrictions). o CVE-2013-4408: Samba versions 3.4.0 and above (versions 3.4.0 - 3.4.17, 3.5.0 - 3.5.22, 3.6.0 - 3.6.21,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================== I can say 'no' in 4 different languages. -- Jeremy Allison ============================================================== Release Announcements ===================== This is the latest stable release of Samba. This

Release Announcements ===================== Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). o CVE-2011-2522: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site request forgery. o CVE-2011-2694:

Release Announcements ===================== Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). o CVE-2011-2522: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site request forgery. o CVE-2011-2694:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================== I can say 'no' in 4 different languages. -- Jeremy Allison ============================================================== Release Announcements ===================== This is the latest stable release of Samba. This

Release Announcements --------------------- Samba 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases in order to address CVE-2015-0240 (Unexpected code execution in smbd.). For the sake of completeness, Samba 4.2.0rc5 including a fix for this defect will follow soon, but it won't be a dedicated security release and will therefore address other bug fixes also. o CVE-2015-0240:

Release Announcements --------------------- Samba 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases in order to address CVE-2015-0240 (Unexpected code execution in smbd.). For the sake of completeness, Samba 4.2.0rc5 including a fix for this defect will follow soon, but it won't be a dedicated security release and will therefore address other bug fixes also. o CVE-2015-0240:

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path) o CVE-2016-0771 (Out-of-bounds read in internal DNS server) ======= Details ======= o CVE-2015-7560: All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to a malicious client overwriting the

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path) o CVE-2016-0771 (Out-of-bounds read in internal DNS server) ======= Details ======= o CVE-2015-7560: All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to a malicious client overwriting the

Release Announcements ===================== This is a security release in order to address CVE-2012-0817 (Memory leak/Denial of service). o CVE-2012-0817: The Samba File Serving daemon (smbd) in Samba versions 3.6.0 to 3.6.2 is affected by a memory leak that can cause a server denial of service. Changes since 3.6.2: -------------------- o Jeremy Allison <jra at samba.org>

Release Announcements ===================== This is a security release in order to address CVE-2012-0817 (Memory leak/Denial of service). o CVE-2012-0817: The Samba File Serving daemon (smbd) in Samba versions 3.6.0 to 3.6.2 is affected by a memory leak that can cause a server denial of service. Changes since 3.6.2: -------------------- o Jeremy Allison <jra at samba.org>

Release Announcements --------------------- Samba 4.1.1, 4.0.11 and 3.6.20 have been issued as security releases in order to address CVE-2013-4475 (ACLs are not checked on opening an alternate data stream on a file or directory) and CVE-2013-4476 (Private key in key.pem world readable). Samba 3.6.20 includes the fix for CVE-2013-4475 only, Samba 4.1.1 and 4.0.11 address both issues. o

Release Announcements --------------------- Samba 4.1.1, 4.0.11 and 3.6.20 have been issued as security releases in order to address CVE-2013-4475 (ACLs are not checked on opening an alternate data stream on a file or directory) and CVE-2013-4476 (Private key in key.pem world readable). Samba 3.6.20 includes the fix for CVE-2013-4475 only, Samba 4.1.1 and 4.0.11 address both issues. o