[SCM] Samba Website Repository - branch master updated
Karolin Seeger
kseeger at samba.org
Tue Jul 26 11:37:51 MDT 2011
The branch, master has been updated
via 5b1c8c8 Announce Samba 3.3.16, 3.4.14 and 3.5.10.
from ab39177 List 3.4.13 also.
http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5b1c8c852bb41d9483443b03a871c4dbe58bca48
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Jul 26 19:35:56 2011 +0200
Announce Samba 3.3.16, 3.4.14 and 3.5.10.
These are security releases in order to address CVE-2011-2522 and
CVE-2011-2694.
Karolin
-----------------------------------------------------------------------
Summary of changes:
generated_news/latest_10_bodies.html | 82 ++++++++++++++++++-------------
generated_news/latest_10_headlines.html | 12 ++--
generated_news/latest_2_bodies.html | 47 +++++++++--------
history/header_history.html | 3 +
history/samba-3.3.16.html | 52 +++++++++++++++++++
history/samba-3.4.14.html | 52 +++++++++++++++++++
history/samba-3.5.10.html | 51 +++++++++++++++++++
history/security.html | 28 +++++++++++
latest_stable_release.html | 6 +-
security/CVE-2011-2522.html | 79 +++++++++++++++++++++++++++++
security/CVE-2011-2694.html | 73 +++++++++++++++++++++++++++
11 files changed, 420 insertions(+), 65 deletions(-)
create mode 100755 history/samba-3.3.16.html
create mode 100755 history/samba-3.4.14.html
create mode 100755 history/samba-3.5.10.html
create mode 100644 security/CVE-2011-2522.html
create mode 100644 security/CVE-2011-2694.html
Changeset truncated at 500 lines:
diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html
index 60e81d6..af5b994 100644
--- a/generated_news/latest_10_bodies.html
+++ b/generated_news/latest_10_bodies.html
@@ -1,3 +1,51 @@
+ <h5><a name="3.5.10">26 July 2011</a></h5>
+ <p class="headline">Samba 3.5.10 Available for Download</p>
+
+<p>This is a security release in order to address
+<a href="http://www.samba.org/samba/security/CVE-2011-2522">CVE-2011-2522</a>
+(Cross-Site Request Forgery in SWAT) and
+<a href="http://www.samba.org/samba/security/CVE-2011-2694">CVE-2011-2694</a>
+(Cross-Site Scripting vulnerability in SWAT).</p>
+
+<p>The uncompressed tarballs and patch files have been signed
+using GnuPG (ID 6568B7EA). The source code can be
+<a href="http://samba.org/samba/ftp/stable/samba-3.5.10.tar.gz">downloaded
+now</a>. See <a href="http://samba.org/samba/history/samba-3.5.10.html">
+the release notes for more info</a>.</p>
+
+
+ <h5><a name="3.4.14">26 July 2011</a></h5>
+ <p class="headline">Samba 3.4.14 Available for Download</p>
+
+<p>This is a security release in order to address
+<a href="http://www.samba.org/samba/security/CVE-2011-2522">CVE-2011-2522</a>
+(Cross-Site Request Forgery in SWAT) and
+<a href="http://www.samba.org/samba/security/CVE-2011-2694">CVE-2011-2694</a>
+(Cross-Site Scripting vulnerability in SWAT).</p>
+
+<p>The uncompressed tarballs and patch files have been signed
+using GnuPG (ID 6568B7EA). The source code can be
+<a href="http://samba.org/samba/ftp/stable/samba-3.4.14.tar.gz">downloaded
+now</a>. See <a href="http://samba.org/samba/history/samba-3.4.14.html">
+the release notes for more info</a>.</p>
+
+
+ <h5><a name="3.3.16">26 July 2011</a></h5>
+ <p class="headline">Samba 3.3.16 Available for Download</p>
+
+<p>This is a security release in order to address
+<a href="http://www.samba.org/samba/security/CVE-2011-2522">CVE-2011-2522</a>
+(Cross-Site Request Forgery in SWAT) and
+<a href="http://www.samba.org/samba/security/CVE-2011-2694">CVE-2011-2694</a>
+(Cross-Site Scripting vulnerability in SWAT).</p>
+
+<p>The uncompressed tarballs and patch files have been signed
+using GnuPG (ID 6568B7EA). The source code can be
+<a href="http://samba.org/samba/ftp/stable/samba-3.3.16.tar.gz">downloaded
+now</a>. See <a href="http://samba.org/samba/history/samba-3.3.16.html">
+the release notes for more info</a>.</p>
+
+
<h5><a name="3.5.9">14 June 2011</a></h5>
<p class="headline">Samba 3.5.9 Available for Download</p>
<p>This is the latest stable release of the Samba 3.5 series.</p>
@@ -105,37 +153,3 @@ info</a>.</p>
using GnuPG (ID 6568B7EA). The source code can be
<a href="http://samba.org/samba/ftp/stable/samba-3.5.8.tar.gz">downloaded
now</a>. A <a href="http://samba.org/samba/ftp/patches/patch-3.5.7-3.5.8.diffs.gz">patch against Samba 3.5.7</a> is also available. See <a href="http://samba.org/samba/history/samba-3.5.8.html">the release notes for more info</a>.</p>
-
-
- <h5><a name="3.5.7">28 February 2011</a></h5>
- <p class="headline">Samba 3.5.7 Security Release Available</p>
-
- <p>This is a security release to address <a href="http://www.samba.org/samba/security/CVE-2011-0719">CVE-2011-0719</a> (Denial of service - memory corruption). Patches for all current releases are available on our <a href="http://www.samba.org/samba/security/">security page</a>.</p>
-
-<p>The uncompressed tarballs and patch files have been signed
-using GnuPG (ID 6568B7EA). The source code can be
-<a href="http://www.samba.org/samba/ftp/stable/samba-3.5.7.tar.gz">downloaded now</a>.
-See <a href="http://www.samba.org/samba/history/samba-3.5.7.html">the release notes for more
-info</a>.</p>
-
- <h5><a name="3.4.12">28 February 2011</a></h5>
- <p class="headline">Samba 3.4.12 Security Release Available</p>
-
- <p>This is a security release to address <a href="http://www.samba.org/samba/security/CVE-2011-0719">CVE-2011-0719</a> (Denial of service - memory corruption). Patches for all current releases are available on our <a href="http://www.samba.org/samba/security/">security page</a>.</p>
-
-<p>The uncompressed tarballs and patch files have been signed
-using GnuPG (ID 6568B7EA). The source code can be
-<a href="http://www.samba.org/samba/ftp/stable/samba-3.4.12.tar.gz">downloaded now</a>.
-See <a href="http://www.samba.org/samba/history/samba-3.4.12.html">the release notes for more
-info</a>.</p>
-
- <h5><a name="3.3.15">28 February 2011</a></h5>
- <p class="headline">Samba 3.3.15 Security Release Available</p>
-
- <p>This is a security release to address <a href="http://www.samba.org/samba/security/CVE-2011-0719">CVE-2011-0719</a> (Denial of service - memory corruption). Patches for all current releases are available on our <a href="http://www.samba.org/samba/security/">security page</a>.</p>
-
-<p>The uncompressed tarballs and patch files have been signed
-using GnuPG (ID 6568B7EA). The source code can be
-<a href="http://www.samba.org/samba/ftp/stable/samba-3.3.15.tar.gz">downloaded now</a>.
-See <a href="http://www.samba.org/samba/history/samba-3.3.15.html">the release notes for more
-info</a>.</p>
diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html
index 2d9b600..e060f9c 100644
--- a/generated_news/latest_10_headlines.html
+++ b/generated_news/latest_10_headlines.html
@@ -1,4 +1,10 @@
<ul>
+ <li> 26 July 2011 <a href="#3.5.10">Samba 3.5.10 Available for Download</a></li>
+
+ <li> 26 July 2011 <a href="#3.4.14">Samba 3.4.14 Available for Download</a></li>
+
+ <li> 26 July 2011 <a href="#3.3.16">Samba 3.3.16 Available for Download</a></li>
+
<li> 14 June 2011 <a href="#3.5.9">Samba 3.5.9 Available for Download</a></li>
<li> 7 June 2011 <a href="#3.6.0rc2">Samba 3.6.0rc2 Available for Download</a></li>
@@ -12,10 +18,4 @@
<li> 12 April 2011 <a href="#3.6.0pre2">Samba 3.6.0pre2 Available for Download</a></li>
<li> 7 March 2011 <a href="#3.5.8">Samba 3.5.8 Available for Download</a></li>
-
- <li> 28 February 2011 <a href="#3.5.7">Samba 3.5.7 Available for Download</a></li>
-
- <li> 28 February 2011 <a href="#3.4.12">Samba 3.4.12 Available for Download</a></li>
-
- <li> 28 February 2011 <a href="#3.3.15">Samba 3.3.15 Available for Download</a></li>
</ul>
diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html
index 606fa49..4e74e54 100644
--- a/generated_news/latest_2_bodies.html
+++ b/generated_news/latest_2_bodies.html
@@ -1,27 +1,30 @@
- <h5><a name="3.5.9">14 June 2011</a></h5>
- <p class="headline">Samba 3.5.9 Available for Download</p>
- <p>This is the latest stable release of the Samba 3.5 series.</p>
+ <h5><a name="3.5.10">26 July 2011</a></h5>
+ <p class="headline">Samba 3.5.10 Available for Download</p>
+
+<p>This is a security release in order to address
+<a href="http://www.samba.org/samba/security/CVE-2011-2522">CVE-2011-2522</a>
+(Cross-Site Request Forgery in SWAT) and
+<a href="http://www.samba.org/samba/security/CVE-2011-2694">CVE-2011-2694</a>
+(Cross-Site Scripting vulnerability in SWAT).</p>
<p>The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be
-<a href="http://samba.org/samba/ftp/stable/samba-3.5.9.tar.gz">downloaded
-now</a>. A <a href="http://samba.org/samba/ftp/patches/patch-3.5.8-3.5.9.diffs.gz">patch against Samba 3.5.8</a> is also available. See <a href="http://samba.org/samba/history/samba-3.5.9.html">the release notes for more info</a>.</p>
+<a href="http://samba.org/samba/ftp/stable/samba-3.5.10.tar.gz">downloaded
+now</a>. See <a href="http://samba.org/samba/history/samba-3.5.10.html">
+the release notes for more info</a>.</p>
+
+
+ <h5><a name="3.4.14">26 July 2011</a></h5>
+ <p class="headline">Samba 3.4.14 Available for Download</p>
- <h5><a name="3.6.0rc2">7 June 2011</a></h5>
- <p class="headline">Samba 3.6.0rc2 Available for Download</p>
- <p>Samba 3.6.0rc2 is available for download. This is the
- first release candidate of the next upgrade production release version of Samba 3.6.0.
- It is intended for <b>testing purposes only</b>. Please test and
- <a href="https://bugzilla.samba.org/">report any bugs that you
- find</a>. Please read the changes in the
- <a href="http://samba.org/samba/ftp/rc/WHATSNEW-3-6-0rc2.txt">Release Notes</a>
- for details on new features and difference in behavior from
- previous releases.</p>
+<p>This is a security release in order to address
+<a href="http://www.samba.org/samba/security/CVE-2011-2522">CVE-2011-2522</a>
+(Cross-Site Request Forgery in SWAT) and
+<a href="http://www.samba.org/samba/security/CVE-2011-2694">CVE-2011-2694</a>
+(Cross-Site Scripting vulnerability in SWAT).</p>
- <p>The <a href="http://samba.org/samba/ftp/rc/samba-3.6.0rc2.tar.gz">Samba 3.6.0rc2
- source code</a> can be downloaded now. The <a
- href="http://samba.org/samba/ftp/rc/samba-3.6.0rc2.tar.asc">GnuPG
- signature is for the <em>un</em>compressed tarball</a>.
- Precompiled packages will
- be made available on a volunteer basis and can be found in the
- <a href="http://samba.org/samba/ftp/Binary_Packages/">Binary_Packages download area</a>.</p>
+<p>The uncompressed tarballs and patch files have been signed
+using GnuPG (ID 6568B7EA). The source code can be
+<a href="http://samba.org/samba/ftp/stable/samba-3.4.14.tar.gz">downloaded
+now</a>. See <a href="http://samba.org/samba/history/samba-3.4.14.html">
+the release notes for more info</a>.</p>
diff --git a/history/header_history.html b/history/header_history.html
index 8b2fb0c..57f7775 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,6 +9,7 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-3.5.10.html">samba-3.5.10</a></li>
<li><a href="samba-3.5.9.html">samba-3.5.9</a></li>
<li><a href="samba-3.5.8.html">samba-3.5.8</a></li>
<li><a href="samba-3.5.7.html">samba-3.5.7</a></li>
@@ -19,6 +20,7 @@
<li><a href="samba-3.5.2.html">samba-3.5.2</a></li>
<li><a href="samba-3.5.1.html">samba-3.5.1</a></li>
<li><a href="samba-3.5.0.html">samba-3.5.0</a></li>
+ <li><a href="samba-3.4.14.html">samba-3.4.14</a></li>
<li><a href="samba-3.4.13.html">samba-3.4.13</a></li>
<li><a href="samba-3.4.12.html">samba-3.4.12</a></li>
<li><a href="samba-3.4.11.html">samba-3.4.11</a></li>
@@ -33,6 +35,7 @@
<li><a href="samba-3.4.2.html">samba-3.4.2</a></li>
<li><a href="samba-3.4.1.html">samba-3.4.1</a></li>
<li><a href="samba-3.4.0.html">samba-3.4.0</a></li>
+ <li><a href="samba-3.3.16.html">samba-3.3.16</a></li>
<li><a href="samba-3.3.15.html">samba-3.3.15</a></li>
<li><a href="samba-3.3.14.html">samba-3.3.14</a></li>
<li><a href="samba-3.3.13.html">samba-3.3.13</a></li>
diff --git a/history/samba-3.3.16.html b/history/samba-3.3.16.html
new file mode 100755
index 0000000..c5e6e98
--- /dev/null
+++ b/history/samba-3.3.16.html
@@ -0,0 +1,52 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 3.3.16 Available for Download</H2>
+
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 3.3.16
+ July 26, 2011
+ ==============================
+
+
+This is a security release in order to address
+CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
+CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
+
+
+o CVE-2011-2522:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site request forgery.
+
+
+o CVE-2011-2694:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site scripting
+ vulnerability.
+
+Please note that SWAT must be enabled in order for these
+vulnerabilities to be exploitable. By default, SWAT
+is *not* enabled on a Samba install.
+
+
+Changes since 3.3.15
+--------------------
+
+
+o Kai Blin <kai at samba.org>
+ * BUG 8289: SWAT contains a cross-site scripting vulnerability.
+ * BUG 8290: CSRF vulnerability in SWAT.
+</pre>
+</p>
+
+</body>
+</html>
diff --git a/history/samba-3.4.14.html b/history/samba-3.4.14.html
new file mode 100755
index 0000000..ddbc064
--- /dev/null
+++ b/history/samba-3.4.14.html
@@ -0,0 +1,52 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 3.4.14 Available for Download</H2>
+
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 3.4.14
+ July 26, 2011
+ ==============================
+
+
+This is a security release in order to address
+CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
+CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
+
+
+o CVE-2011-2522:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site request forgery.
+
+
+o CVE-2011-2694:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site scripting
+ vulnerability.
+
+Please note that SWAT must be enabled in order for these
+vulnerabilities to be exploitable. By default, SWAT
+is *not* enabled on a Samba install.
+
+
+Changes since 3.4.13
+--------------------
+
+
+o Kai Blin <kai at samba.org>
+ * BUG 8289: SWAT contains a cross-site scripting vulnerability.
+ * BUG 8290: CSRF vulnerability in SWAT.
+</pre>
+</p>
+
+</body>
+</html>
diff --git a/history/samba-3.5.10.html b/history/samba-3.5.10.html
new file mode 100755
index 0000000..7019439
--- /dev/null
+++ b/history/samba-3.5.10.html
@@ -0,0 +1,51 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 3.5.10 Available for Download</H2>
+
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 3.5.10
+ July 26, 2011
+ ==============================
+
+
+This is a security release in order to address
+CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
+CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
+
+
+o CVE-2011-2522:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site request forgery.
+
+
+o CVE-2011-2694:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site scripting
+ vulnerability.
+
+Please note that SWAT must be enabled in order for these
+vulnerabilities to be exploitable. By default, SWAT
+is *not* enabled on a Samba install.
+
+
+Changes since 3.5.9:
+--------------------
+
+
+o Kai Blin <kai at samba.org>
+ * BUG 8289: SWAT contains a cross-site scripting vulnerability.
+ * BUG 8290: CSRF vulnerability in SWAT.
+</pre>
+
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 6c9bdb3..6e7e045 100755
--- a/history/security.html
+++ b/history/security.html
@@ -22,6 +22,34 @@ link to full release notes for each release.</p>
</tr>
<tr>
+ <td>26 Jul 2011</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.3.15-CVE-2011-2522.patch">
+ patch for Samba 3.3.15</a>
+ <a href="/samba/ftp/patches/security/samba-3.4.13-CVE-2011-2522.patch">
+ patch for Samba 3.4.13</a>
+ <a href="/samba/ftp/patches/security/samba-3.5.9-CVE-2011-2522.patch">
+ patch for Samba 3.5.9</a>
+ <td>Cross-Site Request Forgery in SWAT</td>
+ <td>all current releases</td>
+ <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522">CVE-2011-2522</a></td>
+ <td><a href="/samba/security/CVE-2011-2522">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>26 Jul 2011</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.3.15-CVE-2011-2694.patch">
+ patch for Samba 3.3.15</a>
+ <a href="/samba/ftp/patches/security/samba-3.4.13-CVE-2011-2694.patch">
+ patch for Samba 3.4.13</a>
+ <a href="/samba/ftp/patches/security/samba-3.5.9-CVE-2011-2694.patch">
+ patch for Samba 3.5.9</a>
+ <td>Cross-Site Scripting vulnerability in SWAT</td>
+ <td>all current releases</td>
+ <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694">CVE-2011-2694</a></td>
+ <td><a href="/samba/security/CVE-2011-2694">Announcement</a></td>
+ </tr>
+
+ <tr>
<td>18 Feb 2011</td>
<td><a href="/samba/ftp/patches/security/samba-3.3.14-CVE-2011-0719.patch">
patch for Samba 3.3.14</a>
diff --git a/latest_stable_release.html b/latest_stable_release.html
index 85d1a0b..942e69a 100644
--- a/latest_stable_release.html
+++ b/latest_stable_release.html
@@ -1,5 +1,5 @@
<p>
- <a href="/samba/ftp/stable/samba-3.5.9.tar.gz">Samba 3.5.9 (gzipped)</a><br>
- <a href="/samba/history/samba-3.5.9.html">Release Notes</a> ·
- <a href="/samba/ftp/stable/samba-3.5.9.tar.asc">Signature</a>
+ <a href="/samba/ftp/stable/samba-3.5.10.tar.gz">Samba 3.5.10 (gzipped)</a><br>
+ <a href="/samba/history/samba-3.5.10.html">Release Notes</a> ·
+ <a href="/samba/ftp/stable/samba-3.5.10.tar.asc">Signature</a>
</p>
diff --git a/security/CVE-2011-2522.html b/security/CVE-2011-2522.html
new file mode 100644
index 0000000..cd79fc2
--- /dev/null
+++ b/security/CVE-2011-2522.html
@@ -0,0 +1,79 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2011-2522: </H2>
+
+<p>
+<pre>
+===========================================================
+== Subject: Cross-Site Request Forgery in SWAT
+==
+== CVE ID#: CVE-2011-2522
+==
+== Versions: Samba 3.0.x - 3.5.9 (inclusive)
+==
+== Summary: The Samba Web Administration Tool (SWAT) in Samba versions
+== 3.0.x to 3.5.9 are affected by a cross-site request forgery.
+==
+== Note that SWAT must be enabled in order for this
+== vulnerability to be exploitable. By default, SWAT
+== is *not* enabled on a Samba install.
+==
+===========================================================
+
+===========
+Description
+===========
+
+All current released versions of Samba are vulnerable to a cross-site
+request forgery in the Samba Web Administration Tool (SWAT). By tricking
+a user who is authenticated with SWAT into clicking a manipulated URL on
+a different web page, it is possible to manipulate SWAT.
+
+In order to be vulnerable, SWAT must have been installed and enabled
+either as a standalone server launched from inetd or xinetd, or as a
+CGI plugin to Apache. If SWAT has not been installed or enabled (which
+is the default install state for Samba) this advisory can be ignored.
+
+If the user authenticated to SWAT as root, it is possible to shut down or
+start the samba daemons, add or remove shares, printers and user accounts
+and to change other aspects of the Samba configuration.
+
+==========
+Workaround
+==========
+
+Ensure SWAT is turned off and configure Samba using an alternative method
+to edit the smb.conf file.
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 3.5.10 has been issued as security release to correct the
--
Samba Website Repository
More information about the samba-cvs
mailing list