svn commit: samba-web r403 - in trunk: .

jerry at samba.org jerry at samba.org
Mon Nov 8 21:01:11 GMT 2004


Author: jerry
Date: 2004-11-08 21:01:10 +0000 (Mon, 08 Nov 2004)
New Revision: 403

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=403

Log:
readding CAN-2004-0930 announcement
Modified:
   trunk/index.html


Changeset:
Modified: trunk/index.html
===================================================================
--- trunk/index.html	2004-11-08 20:55:55 UTC (rev 402)
+++ trunk/index.html	2004-11-08 21:01:10 UTC (rev 403)
@@ -24,6 +24,21 @@
        Precompiled packages for various platforms are available in the 
        <a href="http://download.samba.org/samba/ftp/Binary_Packages/">Binary_Packages 
        download area</a>.</p>
+
+    <p class="headline">Security Notice -- CVE CAN-2004-0930</p>
+
+    <p>A security vulnerability has been located in Samba 3.0.x &lt;= 3.0.7.
+       A bug in the input validation routines used to match
+       filename strings containing wildcard characters may allow
+       a user to consume more than normal amounts of CPU cycles
+       thus impacting the performance and response of the server.
+       In some circumstances the server can become entirely
+       unresponsive.  The <a href="/samba/security/CAN-2004-0930.html">full security announcement</a>
+       is available online.</p>
+
+    <p>A <a href="/samba/ftp/patches/security/samba-3.0.7-CAN-2004-0930.patch">patch
+       for Samba 3.0.7</a> (<a href="/samba/ftp/patches/security/samba-3.0.7-CAN-2004-0930.patch.asc">signature</a>)
+       is available for those not wishing to upgrade to Samba 3.0.8.</p>
     
 
     <h4>24 September 2004</h4>



More information about the samba-cvs mailing list