svn commit: samba r22856 - in branches/SAMBA_3_0_25: . source
jerry at samba.org
jerry at samba.org
Mon May 14 15:12:17 GMT 2007
Author: jerry
Date: 2007-05-14 15:12:14 +0000 (Mon, 14 May 2007)
New Revision: 22856
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22856
Log:
sync release notes from 3.0.25 and set version to 3.0.25a-SVN
Modified:
branches/SAMBA_3_0_25/WHATSNEW.txt
branches/SAMBA_3_0_25/source/VERSION
Changeset:
Modified: branches/SAMBA_3_0_25/WHATSNEW.txt
===================================================================
--- branches/SAMBA_3_0_25/WHATSNEW.txt 2007-05-14 14:53:45 UTC (rev 22855)
+++ branches/SAMBA_3_0_25/WHATSNEW.txt 2007-05-14 15:12:14 UTC (rev 22856)
@@ -8,10 +8,10 @@
current bug fixes.
The 3.0.25 release is an upgrade release over the 3.0.23/3.0.24
-series which means that a substancial amount of development has
-occured and many new features have been added since the last
+series which means that a substantial amount of development has
+occurred and many new features have been added since the last
Samba production release. We would like to thank everyone in
-the Samba commnunity that help to test the preview snapshots and
+the Samba community that help to test the preview snapshots and
release candidates. We believe that the this production release
is in much better shape due to your help.
@@ -32,7 +32,24 @@
improved read performance with Linux servers.
o Man pages for IdMap and VFS plug-ins.
+Security Fixes included in the Samba 3.0.25 release are:
+ o CVE-2007-2444
+ Versions: Samba 3.0.23d - 3.0.25pre2
+ Local SID/Name translation bug can result in
+ user privilege elevation
+
+ o CVE-2007-2446
+ Versions: Samba 3.0.0 - 3.0.24
+ Multiple heap overflows allow remote code execution
+
+ o CVE-2007-2447
+ Versions: Samba 3.0.0 - 3.0.24
+ Unescaped user input parameters are passed as
+ arguments to /bin/sh allowing for remote command
+ execution
+
+
Off-line Logons and AD Site Support
===================================
@@ -142,8 +159,9 @@
* Fix marshalling bugs in samr code based on incorrect
assumptions.
* Fix DFS MS-RPC enumeration reply when we have no DFS shares.
- * Fix memory curruption when enumerating accounts in the
+ * Fix memory corruption when enumerating accounts in the
LsaPrivilege database.
+ * Fixes for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447.
o Gerald (Jerry) Carter <jerry at samba.org>
@@ -175,6 +193,9 @@
* Fix compilation of explicit --without-winbind.
* Fix an uninitialized variable and other compiler warnings.
* Fix memory leak in smbd's claim session code.
+ * BUG 4613: Fix incorrect password expiration caused by stomping on
+ the time values in the NET_USER_INFO_3 for remote users.
+ * Fixes for CVE-2007-2446.
o Stefan Metzmacher <metze at samba.org>
@@ -192,6 +213,7 @@
* Fix socket leak in idmap_ldap.c.
* Fix failure in "net idmap restore".
* Fix crash bug in idmap_ldap's get_credentials() code.
+ * Fixes for CVE-2007-2446.
o Alison Winters <alisonw at sgi.com>
Modified: branches/SAMBA_3_0_25/source/VERSION
===================================================================
--- branches/SAMBA_3_0_25/source/VERSION 2007-05-14 14:53:45 UTC (rev 22855)
+++ branches/SAMBA_3_0_25/source/VERSION 2007-05-14 15:12:14 UTC (rev 22856)
@@ -36,7 +36,7 @@
# e.g. SAMBA_VERSION_REVISION=a #
# -> "2.2.8a" #
########################################################
-SAMBA_VERSION_REVISION=
+SAMBA_VERSION_REVISION=a
########################################################
# For 'pre' releases the version will be #
@@ -56,7 +56,7 @@
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=4
+SAMBA_VERSION_RC_RELEASE=
########################################################
# To mark SVN snapshots this should be set to 'yes' #
More information about the samba-cvs
mailing list