similar to: [Announce] Samba 3.3.6 Security Release Available for Download

Release Announcements ===================== This is a security release in order to address CVE-2009-1886 and CVE-2009-1888. o CVE-2009-1886: In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server.

Release Announcements ===================== This is a security release in order to address CVE-2009-1886 and CVE-2009-1888. o CVE-2009-1886: In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server.

Release Announcements ===================== This is a security release in order to address CVE-2009-1888. o CVE-2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes". ###################################################################### Changes

Release Announcements ===================== This is a security release in order to address CVE-2009-1888. o CVE-2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes". ###################################################################### Changes

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Release Announcements ===================== This is a security release in order to address CVE-2008-4314 ("Potential leak of arbitrary memory contents"). o CVE-2008-4314 Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to malicious clients. The original security announcement for this and past

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Release Announcements ===================== This is a security release in order to address CVE-2008-4314 ("Potential leak of arbitrary memory contents"). o CVE-2008-4314 Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to malicious clients. The original security announcement for this and past

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================== I can say 'no' in 4 different languages. -- Jeremy Allison ============================================================== Release Announcements ===================== This is the latest stable release of Samba. This

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Release Announcements ===================== This is a security release in order to address CVE-2008-4314 ("Potential leak of arbitrary memory contents"). o CVE-2008-4314 Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to malicious clients. The original security announcement for this and past

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Release Announcements ===================== This is a security release in order to address CVE-2008-4314 ("Potential leak of arbitrary memory contents"). o CVE-2008-4314 Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to malicious clients. The original security announcement for this and past

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Release Announcements ===================== This is a security release in order to address CVE-2009-0022. o CVE-2009-0022 In Samba 3.2.0 to 3.2.6, in setups with registry shares enabled, access to the root filesystem ("/") is granted when connecting to a share called "" (empty string) using old versions of

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Release Announcements ===================== This is a security release in order to address CVE-2009-0022. o CVE-2009-0022 In Samba 3.2.0 to 3.2.6, in setups with registry shares enabled, access to the root filesystem ("/") is granted when connecting to a share called "" (empty string) using old versions of

Release Announcements --------------------- This is a security release in order to address CVE-2013-0172. o CVE-2013-0172: Samba 4.0.0 as an AD DC may provide authenticated users with write access to LDAP directory objects. In AD, Access Control Entries can be assigned based on the objectClass of the object. If a user or a group the user is a member of has any access based on

Release Announcements --------------------- This is a security release in order to address CVE-2013-0172. o CVE-2013-0172: Samba 4.0.0 as an AD DC may provide authenticated users with write access to LDAP directory objects. In AD, Access Control Entries can be assigned based on the objectClass of the object. If a user or a group the user is a member of has any access based on

Release Announcements ===================== Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to address CVE-2012-1182. o CVE-2012-1182: Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user. Changes: -------- o Stefan Metzmacher <metze at samba.org> *BUG 8815: PIDL based autogenerated code allows

Release Announcements ===================== Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to address CVE-2012-1182. o CVE-2012-1182: Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user. Changes: -------- o Stefan Metzmacher <metze at samba.org> *BUG 8815: PIDL based autogenerated code allows

Release Announcements ===================== This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.

Release Announcements ===================== This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.

Release Announcements ===================== This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.

Release Announcements ===================== This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.

Release Announcements ===================== This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.