[Samba] [Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available
Karolin Seeger
kseeger at samba.org
Tue Apr 10 11:06:34 MDT 2012
Further information can be found in the security advisory:
http://www.samba.org/samba/security/CVE-2012-1182
Patches for older versions are available at
http://www.samba.org/samba/history/security.html.
This defect has been tracked in the following bug report:
https://bugzilla.samba.org/show_bug.cgi?id=8815.
On Tue, Apr 10, 2012 at 05:21:19PM +0200, Karolin Seeger wrote:
> Release Announcements
> =====================
>
> Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to
> address CVE-2012-1182.
>
> o CVE-2012-1182:
> Samba 3.0.x to 3.6.3 are affected by a
> vulnerability that allows remote code
> execution as the "root" user.
>
>
> Changes:
> --------
>
>
> o Stefan Metzmacher <metze at samba.org>
> *BUG 8815: PIDL based autogenerated code allows overwriting beyond of
> allocated array (CVE-2012-1182).
>
>
> ######################################################################
> Reporting bugs & Development Discussion
> #######################################
>
> Please discuss this release on the samba-technical mailing list or by
> joining the #samba-technical IRC channel on irc.freenode.net.
>
> If you do report problems then please try to send high quality
> feedback. If you don't provide vital information to help us track down
> the problem then you will probably be ignored. All bug reports should
> be filed under the Samba corresponding product in the project's Bugzilla
> database (https://bugzilla.samba.org/).
>
>
> ======================================================================
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ======================================================================
>
>
> ================
> Download Details
> ================
>
> The uncompressed tarballs and patch files have been signed
> using GnuPG (ID 6568B7EA). The source code can be downloaded
> from:
>
> http://download.samba.org/samba/ftp/
>
> The release notes are available online at:
>
> http://www.samba.org/samba/ftp/history/samba-3.6.4.html
> http://www.samba.org/samba/ftp/history/samba-3.5.14.html
> http://www.samba.org/samba/ftp/history/samba-3.4.16.html
>
> Binary packages will be made available on a volunteer basis from
>
> http://download.samba.org/samba/ftp/Binary_Packages/
>
> Our Code, Our Bugs, Our Responsibility.
> (https://bugzilla.samba.org/)
>
> --Enjoy
> The Samba Team
>
>
--
Samba http://www.samba.org
SerNet http://www.sernet.de
sambaXP http://www.sambaxp.org
More information about the samba
mailing list