[SCM] Samba Website Repository - branch master updated

Karolin Seeger kseeger at samba.org
Tue Sep 14 04:33:52 MDT 2010


The branch, master has been updated
       via  2f0fa47 Announce Samba 3.5.5, 3.4.9, 3.3.14.
      from  7104439 Add link to Russian translation of Samba 3 by Example. I'm working with the translator to get it to DocBook and contributed back to the Samba.org

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 2f0fa472a997d2e621d1993436e52bcc5036dfe0
Author: Karolin Seeger <kseeger at samba.org>
Date:   Tue Sep 14 12:34:48 2010 +0200

    Announce Samba 3.5.5, 3.4.9, 3.3.14.
    
    Karolin

-----------------------------------------------------------------------

Summary of changes:
 devel/index.html            |   10 +++--
 history/header_history.html |    3 ++
 history/samba-3.3.14.html   |   49 +++++++++++++++++++++++++++++
 history/samba-3.4.9.html    |   49 +++++++++++++++++++++++++++++
 history/samba-3.5.5.html    |   49 +++++++++++++++++++++++++++++
 history/security.html       |   14 ++++++++
 security/CVE-2010-2069.html |   73 +++++++++++++++++++++++++++++++++++++++++++
 7 files changed, 243 insertions(+), 4 deletions(-)
 create mode 100755 history/samba-3.3.14.html
 create mode 100755 history/samba-3.4.9.html
 create mode 100755 history/samba-3.5.5.html
 create mode 100644 security/CVE-2010-2069.html


Changeset truncated at 500 lines:

diff --git a/devel/index.html b/devel/index.html
index d3e36c9..d1aaa56 100755
--- a/devel/index.html
+++ b/devel/index.html
@@ -67,20 +67,22 @@ Git for Samba Development</a>.</p>
     <li>
       <h4><em>v3-3-test</em></h4>
       <p>This is the current branch for 3.3.x maintenance
-         (critical bug fixes and security fixes <em>only</em>).</p>
+         (security fixes <em>only</em>).</p>
     </li>
     <li>
       <h4><em>v3-3-stable</em></h4>
       <p>This is the current branch for 3.3.x maintenance releases
-         (critical bug fixes and security fixes <em>only</em>).</p>
+         (security fixes <em>only</em>).</p>
     </li>
     <li>
       <h4><em>v3-4-test</em></h4>
-      <p>This is the current branch for 3.4.x development.</p>
+      <p>This is the current branch for 3.4.x maintenance releases
+	 (critical fixes and security fixes <em>only</em>.</p>
     </li>
     <li>
       <h4><em>v3-4-stable</em></h4>
-      <p>This is the current branch for 3.4.x production releases.</p>
+      <p>This is the current branch for 3.4.x production releases</p>
+	 (critical fixes and security fixes <em>only</em>.</p>
     </li>
     <li>
       <h4><em>v3-5-test</em></h4>
diff --git a/history/header_history.html b/history/header_history.html
index 726c663..8a5f146 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,11 +9,13 @@
 		<li><a href="/samba/history/">Release Notes</a>
 		<li class="navSub">
 			<ul>
+			<li><a href="samba-3.5.5.html">samba-3.5.5</a></li>
 			<li><a href="samba-3.5.4.html">samba-3.5.4</a></li>
 			<li><a href="samba-3.5.3.html">samba-3.5.3</a></li>
 			<li><a href="samba-3.5.2.html">samba-3.5.2</a></li>
 			<li><a href="samba-3.5.1.html">samba-3.5.1</a></li>
 			<li><a href="samba-3.5.0.html">samba-3.5.0</a></li>
+			<li><a href="samba-3.4.9.html">samba-3.4.9</a></li>
 			<li><a href="samba-3.4.8.html">samba-3.4.8</a></li>
 			<li><a href="samba-3.4.7.html">samba-3.4.7</a></li>
 			<li><a href="samba-3.4.6.html">samba-3.4.6</a></li>
@@ -23,6 +25,7 @@
 			<li><a href="samba-3.4.2.html">samba-3.4.2</a></li>
 			<li><a href="samba-3.4.1.html">samba-3.4.1</a></li>
 			<li><a href="samba-3.4.0.html">samba-3.4.0</a></li>
+			<li><a href="samba-3.3.14.html">samba-3.3.14</a></li>
 			<li><a href="samba-3.3.13.html">samba-3.3.13</a></li>
 			<li><a href="samba-3.3.12.html">samba-3.3.12</a></li>
 			<li><a href="samba-3.3.11.html">samba-3.3.11</a></li>
diff --git a/history/samba-3.3.14.html b/history/samba-3.3.14.html
new file mode 100755
index 0000000..a33860a
--- /dev/null
+++ b/history/samba-3.3.14.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+   <H2>Samba 3.3.14 Available for Download</H2>
+
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 3.3.14
+		         September 14, 2010
+                   ==============================
+
+
+This is a security release in order to address CVE-2010-3069.
+
+
+o  CVE-2010-3069:
+   All current released versions of Samba are vulnerable to
+   a buffer overrun vulnerability. The sid_parse() function
+   (and related dom_sid_parse() function in the source4 code)
+   do not correctly check their input lengths when reading a
+   binary representation of a Windows SID (Security ID). This
+   allows a malicious client to send a sid that can overflow
+   the stack variable that is being used to store the SID in the
+   Samba smbd server.
+
+
+Changes since 3.3.13
+--------------------
+
+
+o   Jeremy Allison &lt;jra at samba.org&gt;
+    * BUG 7669: Fix for CVE-2010-3069.
+
+
+o   Andrew Bartlett &lt;abartlet at samba.org&gt;
+    * BUG 7669: Fix for CVE-2010-3069.
+</pre>
+</p>
+
+</body>
+</html>
diff --git a/history/samba-3.4.9.html b/history/samba-3.4.9.html
new file mode 100755
index 0000000..dc2172c
--- /dev/null
+++ b/history/samba-3.4.9.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+   <H2>Samba 3.4.9 Available for Download</H2>
+
+<p>
+<pre>
+                   =============================
+                   Release Notes for Samba 3.4.9
+			 September 14, 2010
+                   =============================
+
+
+This is a security release in order to address CVE-2010-3069.
+
+
+o  CVE-2010-3069:
+   All current released versions of Samba are vulnerable to
+   a buffer overrun vulnerability. The sid_parse() function
+   (and related dom_sid_parse() function in the source4 code)
+   do not correctly check their input lengths when reading a
+   binary representation of a Windows SID (Security ID). This
+   allows a malicious client to send a sid that can overflow
+   the stack variable that is being used to store the SID in the
+   Samba smbd server.
+
+
+Changes since 3.4.8
+-------------------
+
+
+o   Jeremy Allison &lt;jra at samba.org&gt;
+    * BUG 7669: Fix for CVE-2010-3069.
+
+
+o   Andrew Bartlett &lt;abartlet at samba.org&gt;
+    * BUG 7669: Fix for CVE-2010-3069.
+</pre>
+</p>
+
+</body>
+</html>
diff --git a/history/samba-3.5.5.html b/history/samba-3.5.5.html
new file mode 100755
index 0000000..558f207
--- /dev/null
+++ b/history/samba-3.5.5.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+   <H2>Samba 3.5.5 Available for Download</H2>
+
+<p>
+<pre>
+                   =============================
+                   Release Notes for Samba 3.5.5
+			 September 14, 2010
+                   =============================
+
+
+This is a security release in order to address CVE-2010-3069.
+
+
+o  CVE-2010-3069:
+   All current released versions of Samba are vulnerable to
+   a buffer overrun vulnerability. The sid_parse() function
+   (and related dom_sid_parse() function in the source4 code)
+   do not correctly check their input lengths when reading a
+   binary representation of a Windows SID (Security ID). This
+   allows a malicious client to send a sid that can overflow
+   the stack variable that is being used to store the SID in the
+   Samba smbd server.
+
+
+Changes since 3.5.4
+--------------------
+
+
+o   Jeremy Allison &lt;jra at samba.org&gt;
+    * BUG 7669: Fix for CVE-2010-3069.
+
+
+o   Andrew Bartlett &lt;abartlet at samba.org&gt;
+    * BUG 7669: Fix for CVE-2010-3069.
+</pre>
+</p>
+
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 0fc779f..f3ef89a 100755
--- a/history/security.html
+++ b/history/security.html
@@ -22,6 +22,20 @@ link to full release notes for each release.</p>
       </tr>
 
     <tr>
+	<td>14 Sep 2010</td>
+	<td><a href="/samba/ftp/patches/security/samba-3.3.13-CVE-2010-2069.patch">
+	patch for Samba 3.3.13</a>
+	<a href="/samba/ftp/patches/security/samba-3.4.8-CVE-2010-2069.patch">
+	patch for Samba 3.4.8</a>
+	<a href="/samba/ftp/patches/security/samba-3.5.4-CVE-2010-2069.patch">
+	patch for Samba 3.5.4</a>
+	<td>Buffer Overrun Vulnerability</td>
+	<td>all current releases</td>
+	<td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-CVE-2010-2069">CVE-2010-2069</a></td>
+	<td><a href="/samba/security/CVE-2010-2069.html">Announcement</a></td>
+    </tr>
+
+    <tr>
         <td>16 Jun 2010</td>
         <td><a href="/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch">
 	patch for Samba 3.3.12 and 3.2.15</a>
diff --git a/security/CVE-2010-2069.html b/security/CVE-2010-2069.html
new file mode 100644
index 0000000..898e183
--- /dev/null
+++ b/security/CVE-2010-2069.html
@@ -0,0 +1,73 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2010-2069: </H2>
+
+<p>
+<pre>
+===========================================================
+== Subject:     Buffer Overrun Vulnerability
+==
+== CVE ID#:     CVE-2010-3069
+==
+== Versions:    Samba 3.0.x - 3.5.x (inclusive)
+==
+== Summary:     Samba 3.0.x to 3.5.x are affected by a
+==              buffer overrun vulnerability.
+==
+===========================================================
+
+===========
+Description
+===========
+
+All current released versions of Samba are vulnerable to
+a buffer overrun vulnerability. The sid_parse() function
+(and related dom_sid_parse() function in the source4 code)
+do not correctly check their input lengths when reading a
+binary representation of a Windows SID (Security ID). This
+allows a malicious client to send a sid that can overflow
+the stack variable that is being used to store the SID in the
+Samba smbd server.
+
+A connection to a file share is needed to exploit this
+vulnerability, either authenticated or unauthenticated
+(guest connection).
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+  http://www.samba.org/samba/security/
+
+Additionally, Samba 3.5.5 has been issued as security release to correct the
+defect.  Patches against older Samba versions are available at
+http://samba.org/samba/patches/.  Samba administrators running affected
+versions are advised to upgrade to 3.5.5 or apply the patch as soon
+as possible.
+
+==========
+Workaround
+==========
+
+None.
+
+=======
+Credits
+=======
+
+This problem was found by an internal audit of the Samba code by
+Andrew Bartlett of Cisco. Thanks to Andrew for his careful code
+review.
+</pre>
+</body>
+</html>


-- 
Samba Website Repository


More information about the samba-cvs mailing list