[SCM] Samba Website Repository - branch master updated
Karolin Seeger
kseeger at samba.org
Tue Sep 14 04:33:52 MDT 2010
The branch, master has been updated
via 2f0fa47 Announce Samba 3.5.5, 3.4.9, 3.3.14.
from 7104439 Add link to Russian translation of Samba 3 by Example. I'm working with the translator to get it to DocBook and contributed back to the Samba.org
http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2f0fa472a997d2e621d1993436e52bcc5036dfe0
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Sep 14 12:34:48 2010 +0200
Announce Samba 3.5.5, 3.4.9, 3.3.14.
Karolin
-----------------------------------------------------------------------
Summary of changes:
devel/index.html | 10 +++--
history/header_history.html | 3 ++
history/samba-3.3.14.html | 49 +++++++++++++++++++++++++++++
history/samba-3.4.9.html | 49 +++++++++++++++++++++++++++++
history/samba-3.5.5.html | 49 +++++++++++++++++++++++++++++
history/security.html | 14 ++++++++
security/CVE-2010-2069.html | 73 +++++++++++++++++++++++++++++++++++++++++++
7 files changed, 243 insertions(+), 4 deletions(-)
create mode 100755 history/samba-3.3.14.html
create mode 100755 history/samba-3.4.9.html
create mode 100755 history/samba-3.5.5.html
create mode 100644 security/CVE-2010-2069.html
Changeset truncated at 500 lines:
diff --git a/devel/index.html b/devel/index.html
index d3e36c9..d1aaa56 100755
--- a/devel/index.html
+++ b/devel/index.html
@@ -67,20 +67,22 @@ Git for Samba Development</a>.</p>
<li>
<h4><em>v3-3-test</em></h4>
<p>This is the current branch for 3.3.x maintenance
- (critical bug fixes and security fixes <em>only</em>).</p>
+ (security fixes <em>only</em>).</p>
</li>
<li>
<h4><em>v3-3-stable</em></h4>
<p>This is the current branch for 3.3.x maintenance releases
- (critical bug fixes and security fixes <em>only</em>).</p>
+ (security fixes <em>only</em>).</p>
</li>
<li>
<h4><em>v3-4-test</em></h4>
- <p>This is the current branch for 3.4.x development.</p>
+ <p>This is the current branch for 3.4.x maintenance releases
+ (critical fixes and security fixes <em>only</em>.</p>
</li>
<li>
<h4><em>v3-4-stable</em></h4>
- <p>This is the current branch for 3.4.x production releases.</p>
+ <p>This is the current branch for 3.4.x production releases</p>
+ (critical fixes and security fixes <em>only</em>.</p>
</li>
<li>
<h4><em>v3-5-test</em></h4>
diff --git a/history/header_history.html b/history/header_history.html
index 726c663..8a5f146 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,11 +9,13 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-3.5.5.html">samba-3.5.5</a></li>
<li><a href="samba-3.5.4.html">samba-3.5.4</a></li>
<li><a href="samba-3.5.3.html">samba-3.5.3</a></li>
<li><a href="samba-3.5.2.html">samba-3.5.2</a></li>
<li><a href="samba-3.5.1.html">samba-3.5.1</a></li>
<li><a href="samba-3.5.0.html">samba-3.5.0</a></li>
+ <li><a href="samba-3.4.9.html">samba-3.4.9</a></li>
<li><a href="samba-3.4.8.html">samba-3.4.8</a></li>
<li><a href="samba-3.4.7.html">samba-3.4.7</a></li>
<li><a href="samba-3.4.6.html">samba-3.4.6</a></li>
@@ -23,6 +25,7 @@
<li><a href="samba-3.4.2.html">samba-3.4.2</a></li>
<li><a href="samba-3.4.1.html">samba-3.4.1</a></li>
<li><a href="samba-3.4.0.html">samba-3.4.0</a></li>
+ <li><a href="samba-3.3.14.html">samba-3.3.14</a></li>
<li><a href="samba-3.3.13.html">samba-3.3.13</a></li>
<li><a href="samba-3.3.12.html">samba-3.3.12</a></li>
<li><a href="samba-3.3.11.html">samba-3.3.11</a></li>
diff --git a/history/samba-3.3.14.html b/history/samba-3.3.14.html
new file mode 100755
index 0000000..a33860a
--- /dev/null
+++ b/history/samba-3.3.14.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 3.3.14 Available for Download</H2>
+
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 3.3.14
+ September 14, 2010
+ ==============================
+
+
+This is a security release in order to address CVE-2010-3069.
+
+
+o CVE-2010-3069:
+ All current released versions of Samba are vulnerable to
+ a buffer overrun vulnerability. The sid_parse() function
+ (and related dom_sid_parse() function in the source4 code)
+ do not correctly check their input lengths when reading a
+ binary representation of a Windows SID (Security ID). This
+ allows a malicious client to send a sid that can overflow
+ the stack variable that is being used to store the SID in the
+ Samba smbd server.
+
+
+Changes since 3.3.13
+--------------------
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 7669: Fix for CVE-2010-3069.
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 7669: Fix for CVE-2010-3069.
+</pre>
+</p>
+
+</body>
+</html>
diff --git a/history/samba-3.4.9.html b/history/samba-3.4.9.html
new file mode 100755
index 0000000..dc2172c
--- /dev/null
+++ b/history/samba-3.4.9.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 3.4.9 Available for Download</H2>
+
+<p>
+<pre>
+ =============================
+ Release Notes for Samba 3.4.9
+ September 14, 2010
+ =============================
+
+
+This is a security release in order to address CVE-2010-3069.
+
+
+o CVE-2010-3069:
+ All current released versions of Samba are vulnerable to
+ a buffer overrun vulnerability. The sid_parse() function
+ (and related dom_sid_parse() function in the source4 code)
+ do not correctly check their input lengths when reading a
+ binary representation of a Windows SID (Security ID). This
+ allows a malicious client to send a sid that can overflow
+ the stack variable that is being used to store the SID in the
+ Samba smbd server.
+
+
+Changes since 3.4.8
+-------------------
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 7669: Fix for CVE-2010-3069.
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 7669: Fix for CVE-2010-3069.
+</pre>
+</p>
+
+</body>
+</html>
diff --git a/history/samba-3.5.5.html b/history/samba-3.5.5.html
new file mode 100755
index 0000000..558f207
--- /dev/null
+++ b/history/samba-3.5.5.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 3.5.5 Available for Download</H2>
+
+<p>
+<pre>
+ =============================
+ Release Notes for Samba 3.5.5
+ September 14, 2010
+ =============================
+
+
+This is a security release in order to address CVE-2010-3069.
+
+
+o CVE-2010-3069:
+ All current released versions of Samba are vulnerable to
+ a buffer overrun vulnerability. The sid_parse() function
+ (and related dom_sid_parse() function in the source4 code)
+ do not correctly check their input lengths when reading a
+ binary representation of a Windows SID (Security ID). This
+ allows a malicious client to send a sid that can overflow
+ the stack variable that is being used to store the SID in the
+ Samba smbd server.
+
+
+Changes since 3.5.4
+--------------------
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 7669: Fix for CVE-2010-3069.
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 7669: Fix for CVE-2010-3069.
+</pre>
+</p>
+
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 0fc779f..f3ef89a 100755
--- a/history/security.html
+++ b/history/security.html
@@ -22,6 +22,20 @@ link to full release notes for each release.</p>
</tr>
<tr>
+ <td>14 Sep 2010</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.3.13-CVE-2010-2069.patch">
+ patch for Samba 3.3.13</a>
+ <a href="/samba/ftp/patches/security/samba-3.4.8-CVE-2010-2069.patch">
+ patch for Samba 3.4.8</a>
+ <a href="/samba/ftp/patches/security/samba-3.5.4-CVE-2010-2069.patch">
+ patch for Samba 3.5.4</a>
+ <td>Buffer Overrun Vulnerability</td>
+ <td>all current releases</td>
+ <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-CVE-2010-2069">CVE-2010-2069</a></td>
+ <td><a href="/samba/security/CVE-2010-2069.html">Announcement</a></td>
+ </tr>
+
+ <tr>
<td>16 Jun 2010</td>
<td><a href="/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch">
patch for Samba 3.3.12 and 3.2.15</a>
diff --git a/security/CVE-2010-2069.html b/security/CVE-2010-2069.html
new file mode 100644
index 0000000..898e183
--- /dev/null
+++ b/security/CVE-2010-2069.html
@@ -0,0 +1,73 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2010-2069: </H2>
+
+<p>
+<pre>
+===========================================================
+== Subject: Buffer Overrun Vulnerability
+==
+== CVE ID#: CVE-2010-3069
+==
+== Versions: Samba 3.0.x - 3.5.x (inclusive)
+==
+== Summary: Samba 3.0.x to 3.5.x are affected by a
+== buffer overrun vulnerability.
+==
+===========================================================
+
+===========
+Description
+===========
+
+All current released versions of Samba are vulnerable to
+a buffer overrun vulnerability. The sid_parse() function
+(and related dom_sid_parse() function in the source4 code)
+do not correctly check their input lengths when reading a
+binary representation of a Windows SID (Security ID). This
+allows a malicious client to send a sid that can overflow
+the stack variable that is being used to store the SID in the
+Samba smbd server.
+
+A connection to a file share is needed to exploit this
+vulnerability, either authenticated or unauthenticated
+(guest connection).
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 3.5.5 has been issued as security release to correct the
+defect. Patches against older Samba versions are available at
+http://samba.org/samba/patches/. Samba administrators running affected
+versions are advised to upgrade to 3.5.5 or apply the patch as soon
+as possible.
+
+==========
+Workaround
+==========
+
+None.
+
+=======
+Credits
+=======
+
+This problem was found by an internal audit of the Samba code by
+Andrew Bartlett of Cisco. Thanks to Andrew for his careful code
+review.
+</pre>
+</body>
+</html>
--
Samba Website Repository
More information about the samba-cvs
mailing list