[Samba] Security Release - Samba 3.0.5 and 2.2.10

Gerald (Jerry) Carter jerry at samba.org
Thu Jul 22 11:26:45 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerald (Jerry) Carter wrote:
| Summary:       Potential Buffer Overruns in Samba 3.0 and Samba 2.2
| CVE ID:        CAN-2004-0600, CAN-2004-0686
|                (http://cve.mitre.org/)
|
...
| Samba 3.0.5 and 2.2.10 are identical to the previous release
| in each respective series with the exception of fixing these
| issues. Samba 3.0.5rc1 has been removed from the download area
| on Samba.org and 3.0.6rc2 will be available later this week.
|

I should  clarify that the bug fixes in

~   http://samba.org/~jerry/patches/post-3.0.4/

have *not* been incorporated into 3.0.5.  I'm sure there
will be debate as to whether or not this was a good idea.
But a security release should only contain security fixes
(minimal amount of change necessary).  So if you needed
this patch before, you will need to replly it again to
3.0.5.

For those running 3.0.5pre1 or 3.0.5rc1, these have
effectively been bumped to 3.0.6.  We'll get 3.0.6rc2
out later this week hopefully.




cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFA/6R1IR7qMdg1EfYRAvUpAJ9XSDTjtoHvxR96E2USGTvextiaYACbBi5B
gZ3kARTXUHzjbtDE6j3cFxE=
=fxIu
-----END PGP SIGNATURE-----


More information about the samba mailing list