[Samba] [Announce] Samba 4.1.6, 4.0.16 and 3.6.23 Security Releases Available

Raymond raymond at joburgtheatre.com
Wed Mar 12 00:51:55 MDT 2014 

Aaaahh! This is good news!! Just what I was waiting for! Now we can
implement samba 4.

Thank you guys
Ray




-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of Karolin Seeger
Sent: 11 March 2014 08:11 PM
To: samba-announce at samba.org; samba at samba.org; samba-technical at samba.org
Subject: [Samba] [Announce] Samba 4.1.6, 4.0.16 and 3.6.23 Security Releases
Available

Release Announcements
---------------------

Samba 4.1.6, 4.0.16 and 3.6.23 have been issued as security releases in
order to address CVE-2013-4496 (Password lockout not enforced for SAMR
password
changes) and CVE-2013-6442 (smbcacls can remove a file or directory ACL by
mistake). Please note that Samba 3.6.23 is not affected by CVE-2013-6442.

o  CVE-2013-4496:
   Samba versions 3.4.0 and above allow the administrator to implement
   locking out Samba accounts after a number of bad password attempts.

   However, all released versions of Samba did not implement this check for
   password changes, such as are available over multiple SAMR and RAP
   interfaces, allowing password guessing attacks.

   For more details, please refer to
   http://www.samba.org/samba/security/CVE-2013-4496.

o  CVE-2013-6442:
   Samba versions 4.0.0 and above have a flaw in the smbcacls command. If
   smbcacls is used with the "-C|--chown name" or "-G|--chgrp name"
   command options it will remove the existing ACL on the object being
   modified, leaving the file or directory unprotected.

   For more details, please refer to
   http://www.samba.org/samba/security/CVE-2013-6442.


Changes:
========

o   Jeremy Allison <jra at samba.org>
    * BUG 10327: CVE-2013-6442: ensure we don't lose an existing ACL when
      setting owner or group owner.


o   Andrew Bartlett <abartlet at samba.org>
    * BUG 10245: CVE-2013-4496: Enforce password lockout for SAMR password
      changes.


o   Stefan Metzmacher <metze at samba.org>
    * BUG 10245: CVE-2013-4496: Enforce password lockout for SAMR password
      changes.


#######################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality feedback. If
you don't provide vital information to help us track down the problem then
you will probably be ignored.  All bug reports should be filed under the
proper product in the project's Bugzilla database
(https://bugzilla.samba.org/).


======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================

================
Download Details
================

The uncompressed tarballs and patch files have been signed using GnuPG (ID
6568B7EA).  The source code can be downloaded
from:

        http://download.samba.org/samba/ftp/stable/

The release notes are available online at:

	http://www.samba.org/samba/history/samba-4.1.6.html
	http://www.samba.org/samba/history/samba-4.0.16.html
	http://www.samba.org/samba/history/samba-3.6.23.html

Binary packages will be made available on a volunteer basis from

        http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>email-banner</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
</br>
<a href="http://www.joburgtheatre.com"><img src="http://www.showbusiness.co.za/emailbanner/banner.jpg" width="660" height="165" />
<!-- ImageReady Slices (banner4web.jpg) --><!-- End ImageReady Slices --></a></br>


</body>

</html>

More information about the samba mailing list