Release Announcements
=====================

Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719.


o  CVE-2011-0719:
   All current released versions of Samba are vulnerable to a denial of service caused by memory corruption.
 Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption.
 This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or
 unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the
 advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date.

 Changes ------- o Jeremy Allison * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open. ================ Download Details ================ The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA).
The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.5.7.html http://www.samba.org/samba/ftp/history/samba-3.4.12.html http://www.samba.org/samba/ftp/history/samba-3.3.15.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/

관련 링크 : http://samba.org/samba/history/security.html

'News' 카테고리의 다른 글

XE Core 1.4.5 배포  (4) 2011.04.01
Mozilla Firefox 4.0 정식 출시  (0) 2011.03.24
Samba 3.4.11 release  (0) 2011.01.25
ProFTPD 1.3.4rc1, 1.3.3d release  (0) 2010.12.26
ProFTPD 1.3.3c Release  (0) 2010.12.02

+ Recent posts