svn commit: samba-web r403 - in trunk: .
jerry at samba.org
jerry at samba.org
Mon Nov 8 21:01:11 GMT 2004
Author: jerry
Date: 2004-11-08 21:01:10 +0000 (Mon, 08 Nov 2004)
New Revision: 403
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=403
Log:
readding CAN-2004-0930 announcement
Modified:
trunk/index.html
Changeset:
Modified: trunk/index.html
===================================================================
--- trunk/index.html 2004-11-08 20:55:55 UTC (rev 402)
+++ trunk/index.html 2004-11-08 21:01:10 UTC (rev 403)
@@ -24,6 +24,21 @@
Precompiled packages for various platforms are available in the
<a href="http://download.samba.org/samba/ftp/Binary_Packages/">Binary_Packages
download area</a>.</p>
+
+ <p class="headline">Security Notice -- CVE CAN-2004-0930</p>
+
+ <p>A security vulnerability has been located in Samba 3.0.x <= 3.0.7.
+ A bug in the input validation routines used to match
+ filename strings containing wildcard characters may allow
+ a user to consume more than normal amounts of CPU cycles
+ thus impacting the performance and response of the server.
+ In some circumstances the server can become entirely
+ unresponsive. The <a href="/samba/security/CAN-2004-0930.html">full security announcement</a>
+ is available online.</p>
+
+ <p>A <a href="/samba/ftp/patches/security/samba-3.0.7-CAN-2004-0930.patch">patch
+ for Samba 3.0.7</a> (<a href="/samba/ftp/patches/security/samba-3.0.7-CAN-2004-0930.patch.asc">signature</a>)
+ is available for those not wishing to upgrade to Samba 3.0.8.</p>
<h4>24 September 2004</h4>
More information about the samba-cvs
mailing list