[Announce] Samba 4.1.11 and 4.0.21 Security Releases Available

Mike@M2-Inc mike at m2-inc.com
Fri Aug 1 06:51:46 MDT 2014 

Please remove me from this distribution. I am no longer using samba and could not find where to unsubscribe. 

Mike

> On Aug 1, 2014, at 7:32 AM, Karolin Seeger <kseeger at samba.org> wrote:
> 
> Release Announcements
> ---------------------
> 
> Samba 4.1.11 and 4.0.21 have been issued as security releases in order
> to address CVE-2014-3560 (Remote code execution in nmbd).
> 
> For more details, please see
>  http://www.samba.org/samba/history/security.html
> 
> 
> o  CVE-2014-3560:
>   All current versions of Samba 4.x.x are vulnerable to a remote code
>   execution vulnerability in the nmbd NetBIOS name services daemon.
> 
>   A malicious browser can send packets that may overwrite the heap of
>   the target nmbd NetBIOS name services daemon. It may be possible to
>   use this to generate a remote code execution vulnerability as the
>   superuser (root).
> 
> 
> Changes:
> ========
> 
> o   Volker Lendecke <vl at samba.org>
>    * BUG 10735: CVE-2014-3560: Fix unstrcpy macro length.
> 
> 
> #######################################
> Reporting bugs & Development Discussion
> #######################################
> 
> Please discuss this release on the samba-technical mailing list or by
> joining the #samba-technical IRC channel on irc.freenode.net.
> 
> If you do report problems then please try to send high quality
> feedback. If you don't provide vital information to help us track down
> the problem then you will probably be ignored.  All bug reports should
> be filed under the Samba correct product in the project's Bugzilla
> database (https://bugzilla.samba.org/).
> 
> 
> ======================================================================
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ======================================================================
> 
> ================
> Download Details
> ================
> 
> The uncompressed tarballs and patch files have been signed
> using GnuPG (ID 6568B7EA).  The source code can be downloaded
> from:
> 
>        http://download.samba.org/samba/ftp/stable/
> 
> The release notes are available online at:
> 
>    http://www.samba.org/samba/history/samba-4.1.11.html
>    http://www.samba.org/samba/history/samba-4.0.21.html
> 
> Binary packages will be made available on a volunteer basis from
> 
>        http://download.samba.org/samba/ftp/Binary_Packages/
> 
> Our Code, Our Bugs, Our Responsibility.
> (https://bugzilla.samba.org/)
> 
>                        --Enjoy
>                        The Samba Team

More information about the samba-technical mailing list