similar to: [Announce] Samba 3.2.15 Security Release Available

Release Announcements ===================== This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.

Release Announcements ===================== This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.

Release Announcements ===================== This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.

Release Announcements ===================== This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.

Release Announcements ===================== This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.

Release Announcements ===================== This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.

Hi everyone, I am happy to announce that Rails 3.2.15 has been released. This is a bug fix release and includes 56 commits. This release also contains one security fix that you can read about [here](https://groups.google.com/forum/#!topic/ruby-security-ann/yvlR1Vx44c8). Users are encouraged to upgrade as soon as possible. ## CHANGES since 3.2.14 To view the changes for each gem, please read

Hi everyone, I am happy to announce that Rails 3.2.15 has been released. This is a bug fix release and includes 56 commits. This release also contains one security fix that you can read about [here](https://groups.google.com/forum/#!topic/ruby-security-ann/yvlR1Vx44c8). Users are encouraged to upgrade as soon as possible. ## CHANGES since 3.2.14 To view the changes for each gem, please read

Hello, Trying to compile Samba 3.2.15 on a RHEL AS 4u2 (i686) and I'm getting the following result from 'sh makerpms.sh': > Provides: samba-doc = 3.2.15-1 > Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(VersionedDependencies) <= 3.0.3-1 > > > RPM build errors: > File not found:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Since we now have a fix of sorts for CVE-2012-1586, it seems like as good a time as any to do a new release. Go forth, download and build cifs-utils-5.4. Highlights: * the "rootsbindir" can now be specified at configure time * mount.cifs now supports the -s option by passing "sloppy" to the kernel in the options string *

Release Announcements ===================== This is a security release in order to address CVE-2009-1886 and CVE-2009-1888. o CVE-2009-1886: In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server.

Release Announcements ===================== This is a security release in order to address CVE-2009-1886 and CVE-2009-1888. o CVE-2009-1886: In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server.

We've had a number of changes since the last release, and we have some other upcoming kernel changes that might require corresponding cifs-utils changes. So it's probably as good a time as any for a new release. Highlights: + fix for a minor security issue that can corrupt the mtab + new getcifsacl/setcifsacl tools that allow you to fetch and set raw Windows ACLs via an xattr. + a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Time for another cifs-utils release! Nothing terribly earth shattering here. Some distros (like Fedora) are moving krb5 credcaches out of /tmp by default. Users of these distros will definitely want to upgrade. Highlights: * Fixes for mounting with '/' in usernames with sec=krb5 * Support for DIR: type krb5 ccaches * support for

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2022-2127:? When winbind is used for NTLM authentication, a maliciously ????????????????? crafted request can trigger an out-of-bounds read in winbind ????????????????? and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html o CVE-2023-3347:? SMB2

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2022-2127:? When winbind is used for NTLM authentication, a maliciously ????????????????? crafted request can trigger an out-of-bounds read in winbind ????????????????? and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html o CVE-2023-3347:? SMB2

Release Announcements --------------------- Samba 4.1.6, 4.0.16 and 3.6.23 have been issued as security releases in order to address CVE-2013-4496 (Password lockout not enforced for SAMR password changes) and CVE-2013-6442 (smbcacls can remove a file or directory ACL by mistake). Please note that Samba 3.6.23 is not affected by CVE-2013-6442. o CVE-2013-4496: Samba versions 3.4.0 and above

Release Announcements --------------------- Samba 4.1.6, 4.0.16 and 3.6.23 have been issued as security releases in order to address CVE-2013-4496 (Password lockout not enforced for SAMR password changes) and CVE-2013-6442 (smbcacls can remove a file or directory ACL by mistake). Please note that Samba 3.6.23 is not affected by CVE-2013-6442. o CVE-2013-4496: Samba versions 3.4.0 and above

Hi folks. We were made aware of a MITRE CVE assignment on OpenSSH for a remote DoS in sftp, described as: The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via

libvorbis 1.3.6 has been released. This release fixes several vulnerabilities, including CVE-2018-5146, that could allow code execution from a specially crafted Ogg Vorbis file. * Fix CVE-2018-5146 - out-of-bounds write on codebook decoding. * Fix CVE-2017-14632 - free() on unitialized data * Fix CVE-2017-14633 - out-of-bounds read * Fix bitrate metadata parsing. * Fix out-of-bounds read in