Followup Samba4 alpha security release
Andrew Bartlett
abartlet at samba.org
Mon Apr 30 07:05:07 MDT 2012
On Mon, 2012-04-30 at 14:46 +0200, Karolin Seeger wrote:
> Release Announcements
> =====================
>
> Samba 3.6.5, 3.5.15 and 3.4.17 are security releases in order to
> address CVE-2012-2111.
>
> o CVE-2012-2111:
> Samba 3.4.x to 3.6.4 are affected by a vulnerability that allows arbitrary
> users to modify privileges on a file server.
>
>
> Changes:
> --------
>
>
> o Jeremy Allison <jra at samba.org>
> * Fix incorrect permission checks when granting/removing
> privileges (CVE-2012-2111).
>
Just a heads-up that tomorrow I plan to spin a Samba security release
based on master, for the Samba 4.0 alpha series, to cover this.
Please let me know urgently if you know of any problem with master that
means we cannot make such an alpha, so I can decide how to deal with it.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list