[Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available

Karolin Seeger kseeger at samba.org
Tue Apr 10 09:21:19 MDT 2012


Release Announcements
=====================

Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to
address CVE-2012-1182.

o  CVE-2012-1182:
   Samba 3.0.x to 3.6.3 are affected by a
   vulnerability that allows remote code
   execution as the "root" user.


Changes:
--------


o   Stefan Metzmacher <metze at samba.org>
    *BUG 8815: PIDL based autogenerated code allows overwriting beyond of
     allocated array (CVE-2012-1182).


######################################################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba corresponding product in the project's Bugzilla
database (https://bugzilla.samba.org/).


======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================


================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

        http://download.samba.org/samba/ftp/

The release notes are available online at:

        http://www.samba.org/samba/ftp/history/samba-3.6.4.html
        http://www.samba.org/samba/ftp/history/samba-3.5.14.html
        http://www.samba.org/samba/ftp/history/samba-3.4.16.html

Binary packages will be made available on a volunteer basis from

        http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team



More information about the samba-technical mailing list