Release Announcements
=====================
Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to address CVE-2011-2522
(Cross-Site Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a
cross-site request forgery.
o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a
cross-site scripting vulnerability.
Please note that SWAT must be enabled in order for these vulnerabilities to be exploitable. By default,
SWAT is *not* enabled on a Samba install.
Changes
-------
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.
================
Download Details
================
The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA).
The source code can be downloaded from:
http://download.samba.org/samba/ftp/stable
The release notes are available online at:
http://www.samba.org/samba/history/samba-3.5.10.html
http://www.samba.org/samba/history/samba-3.4.14.html
http://www.samba.org/samba/history/samba-3.3.16.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Samba 3.6.0rc3 Available for Download
Release Announcements
---------------------
This is the third release candidate of Samba 3.6.0. This is *not* intended for production environments and
is designed for testing purposes only. Please report any defects via the Samba bug reporting system at
https://bugzilla.samba.org/.
Major enhancements in Samba 3.6.0 include:
Changed security defaults
-------------------------
Samba 3.6 has adopted a number of improved security defaults that will impact on existing users of Samba.
client ntlmv2 auth = yes
client use spnego principal = no
send spnego principal = no
.
.
.
.
.
SMB2 support
------------
Internal Winbind passdb changes
-------------------------------
Winbind has been changed to use the internal samr and lsa rpc pipe to get
local user and group information instead of calling passdb functions. The
reason is to use more of our infrastructure and test this infrastructure by
using it. With this approach more code in Winbind is shared.
New Spoolss code
----------------
ID Mapping Changes
------------------
Endpoint Mapper
---------------
Internal restructuring
----------------------
SMB Traffic Analyzer
--------------------
NFS quota backend on Linux
--------------------------
#######
Changes
#######
smb.conf changes
----------------
Parameter Name Description Default
-------------- ----------- -------
async smb echo handler New No
client ntlmv2 auth Changed Default Yes
client use spnego principal New No
ctdb locktime warn threshold New 0
idmap alloc backend Removed
log writeable files on exit New No
multicast dns register New Yes
ncalrpc dir New
send spnego principal New No
smb2 max credits New 128
smb2 max read New 1048576
smb2 max trans New 1048576
smb2 max write New 1048576
username map cache time New 0
winbind max clients New 200
The variable substitutions for %i and %I no longer use IPv4 addresses mapped to IPv6, e.g.
'::ffff:192.168.0.1', if the host has IPv6 enabled. Now %i and %I contain just '192.168.0.1'.
* Fix a valgrind error.
좀더 자세한 내용은 링크를 참고하세요.