Displaying 20 results from an estimated 10000 matches similar to: "[Announce] Samba 3.3.6 Security Release Available for Download"
2009 Jun 23
1
[Announce] Samba 3.2.13 Security Release Available for Download
Release Announcements
=====================
This is a security release in order to address CVE-2009-1886 and CVE-2009-1888.
o CVE-2009-1886:
In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing
with file names treat user input as a format string to asprintf.
With a maliciously crafted file name smbclient can be made
to execute code triggered by the server.
2009 Jun 23
1
[Announce] Samba 3.2.13 Security Release Available for Download
Release Announcements
=====================
This is a security release in order to address CVE-2009-1886 and CVE-2009-1888.
o CVE-2009-1886:
In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing
with file names treat user input as a format string to asprintf.
With a maliciously crafted file name smbclient can be made
to execute code triggered by the server.
2009 Jun 23
1
[Announce] Samba 3.0.35 Security Release Available for Download
Release Announcements
=====================
This is a security release in order to address CVE-2009-1888.
o CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
data value can potentially affect access control when "dos filemode"
is set to "yes".
######################################################################
Changes
2009 Jun 23
1
[Announce] Samba 3.0.35 Security Release Available for Download
Release Announcements
=====================
This is a security release in order to address CVE-2009-1888.
o CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
data value can potentially affect access control when "dos filemode"
is set to "yes".
######################################################################
Changes
2008 Nov 27
2
[Announce] Samba 3.2.5 Available for Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Release Announcements
=====================
This is a security release in order to address CVE-2008-4314 ("Potential leak of
arbitrary memory contents").
o CVE-2008-4314
Samba 3.0.29 to 3.2.4 can potentially leak
arbitrary memory contents to malicious
clients.
The original security announcement for this and past
2008 Nov 27
2
[Announce] Samba 3.2.5 Available for Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Release Announcements
=====================
This is a security release in order to address CVE-2008-4314 ("Potential leak of
arbitrary memory contents").
o CVE-2008-4314
Samba 3.0.29 to 3.2.4 can potentially leak
arbitrary memory contents to malicious
clients.
The original security announcement for this and past
2007 Feb 05
2
Samba 3.0.24 Available for Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==============================================================
I can say 'no' in 4 different languages.
-- Jeremy Allison
==============================================================
Release Announcements
=====================
This is the latest stable release of Samba. This
2008 Nov 27
1
[Announce] Samba 3.0.33 Available for Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Release Announcements
=====================
This is a security release in order to address CVE-2008-4314 ("Potential leak of
arbitrary memory contents").
o CVE-2008-4314
Samba 3.0.29 to 3.2.4 can potentially leak
arbitrary memory contents to malicious
clients.
The original security announcement for this and past
2008 Nov 27
1
[Announce] Samba 3.0.33 Available for Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Release Announcements
=====================
This is a security release in order to address CVE-2008-4314 ("Potential leak of
arbitrary memory contents").
o CVE-2008-4314
Samba 3.0.29 to 3.2.4 can potentially leak
arbitrary memory contents to malicious
clients.
The original security announcement for this and past
2009 Jan 05
1
[ANNOUNCE] Samba 3.2.7 Available for Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Release Announcements
=====================
This is a security release in order to address CVE-2009-0022.
o CVE-2009-0022
In Samba 3.2.0 to 3.2.6, in setups with registry shares enabled,
access to the root filesystem ("/") is granted
when connecting to a share called "" (empty string)
using old versions of
2009 Jan 05
1
[ANNOUNCE] Samba 3.2.7 Available for Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Release Announcements
=====================
This is a security release in order to address CVE-2009-0022.
o CVE-2009-0022
In Samba 3.2.0 to 3.2.6, in setups with registry shares enabled,
access to the root filesystem ("/") is granted
when connecting to a share called "" (empty string)
using old versions of
2013 Jan 15
1
Samba 4.0.1 Security Release Available for Download
Release Announcements
---------------------
This is a security release in order to address CVE-2013-0172.
o CVE-2013-0172:
Samba 4.0.0 as an AD DC may provide authenticated users with write access
to LDAP directory objects.
In AD, Access Control Entries can be assigned based on the objectClass
of the object. If a user or a group the user is a member of has any
access based on
2013 Jan 15
1
Samba 4.0.1 Security Release Available for Download
Release Announcements
---------------------
This is a security release in order to address CVE-2013-0172.
o CVE-2013-0172:
Samba 4.0.0 as an AD DC may provide authenticated users with write access
to LDAP directory objects.
In AD, Access Control Entries can be assigned based on the objectClass
of the object. If a user or a group the user is a member of has any
access based on
2012 Apr 10
3
[Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available
Release Announcements
=====================
Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to
address CVE-2012-1182.
o CVE-2012-1182:
Samba 3.0.x to 3.6.3 are affected by a
vulnerability that allows remote code
execution as the "root" user.
Changes:
--------
o Stefan Metzmacher <metze at samba.org>
*BUG 8815: PIDL based autogenerated code allows
2012 Apr 10
3
[Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available
Release Announcements
=====================
Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to
address CVE-2012-1182.
o CVE-2012-1182:
Samba 3.0.x to 3.6.3 are affected by a
vulnerability that allows remote code
execution as the "root" user.
Changes:
--------
o Stefan Metzmacher <metze at samba.org>
*BUG 8815: PIDL based autogenerated code allows
2009 Oct 01
1
[Announce] Samba 3.3.8 Security Release Available
Release Announcements
=====================
This is a security release in order to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.
o CVE-2009-2813:
In all versions of Samba later than 3.0.11, connecting to the home
share of a user will use the root of the filesystem
as the home directory if this user is misconfigured to have
an empty home directory in /etc/passwd.
2009 Oct 01
1
[Announce] Samba 3.2.15 Security Release Available
Release Announcements
=====================
This is a security release in order to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.
o CVE-2009-2813:
In all versions of Samba later than 3.0.11, connecting to the home
share of a user will use the root of the filesystem
as the home directory if this user is misconfigured to have
an empty home directory in /etc/passwd.
2009 Oct 01
1
[Announce] Samba 3.0.37 Security Release Available
Release Announcements
=====================
This is a security release in order to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.
o CVE-2009-2813:
In all versions of Samba later than 3.0.11, connecting to the home
share of a user will use the root of the filesystem
as the home directory if this user is misconfigured to have
an empty home directory in /etc/passwd.
2009 Oct 01
1
[Announce] Samba 3.3.8 Security Release Available
Release Announcements
=====================
This is a security release in order to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.
o CVE-2009-2813:
In all versions of Samba later than 3.0.11, connecting to the home
share of a user will use the root of the filesystem
as the home directory if this user is misconfigured to have
an empty home directory in /etc/passwd.
2009 Oct 01
1
[Announce] Samba 3.2.15 Security Release Available
Release Announcements
=====================
This is a security release in order to address CVE-2009-2813, CVE-2009-2948
and CVE-2009-2906.
o CVE-2009-2813:
In all versions of Samba later than 3.0.11, connecting to the home
share of a user will use the root of the filesystem
as the home directory if this user is misconfigured to have
an empty home directory in /etc/passwd.