Release Announcements
=====================

Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719.


o  CVE-2011-0719:
   All current released versions of Samba are vulnerable to a denial of service caused by memory corruption.
 Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption.
 This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or
 unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the
 advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date.

 Changes ------- o Jeremy Allison * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open. ================ Download Details ================ The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA).
The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.5.7.html http://www.samba.org/samba/ftp/history/samba-3.4.12.html http://www.samba.org/samba/ftp/history/samba-3.3.15.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/

관련 링크 : http://samba.org/samba/history/security.html

'News' 카테고리의 다른 글

XE Core 1.4.5 배포  (4) 2011.04.01
Mozilla Firefox 4.0 정식 출시  (0) 2011.03.24
Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases  (0) 2011.03.01
Samba 3.4.11 release  (0) 2011.01.25
ProFTPD 1.3.4rc1, 1.3.3d release  (0) 2010.12.26
ProFTPD 1.3.3c Release  (0) 2010.12.02

+ Recent posts