Re: [Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available

Tue, 10 Apr 2012 10:07:17 -0700 

Further information can be found in the security advisory:
http://www.samba.org/samba/security/CVE-2012-1182

Patches for older versions are available at
http://www.samba.org/samba/history/security.html.

This defect has been tracked in the following bug report:
https://bugzilla.samba.org/show_bug.cgi?id=8815.


On Tue, Apr 10, 2012 at 05:21:19PM +0200, Karolin Seeger wrote:
> Release Announcements
> =====================
> 
> Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to
> address CVE-2012-1182.
> 
> o  CVE-2012-1182:
>    Samba 3.0.x to 3.6.3 are affected by a
>    vulnerability that allows remote code
>    execution as the "root" user.
> 
> 
> Changes:
> --------
> 
> 
> o   Stefan Metzmacher <me...@samba.org>
>     *BUG 8815: PIDL based autogenerated code allows overwriting beyond of
>      allocated array (CVE-2012-1182).
> 
> 
> ######################################################################
> Reporting bugs & Development Discussion
> #######################################
> 
> Please discuss this release on the samba-technical mailing list or by
> joining the #samba-technical IRC channel on irc.freenode.net.
> 
> If you do report problems then please try to send high quality
> feedback. If you don't provide vital information to help us track down
> the problem then you will probably be ignored.  All bug reports should
> be filed under the Samba corresponding product in the project's Bugzilla
> database (https://bugzilla.samba.org/).
> 
> 
> ======================================================================
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ======================================================================
> 
> 
> ================
> Download Details
> ================
> 
> The uncompressed tarballs and patch files have been signed
> using GnuPG (ID 6568B7EA).  The source code can be downloaded
> from:
> 
>         http://download.samba.org/samba/ftp/
> 
> The release notes are available online at:
> 
>         http://www.samba.org/samba/ftp/history/samba-3.6.4.html
>         http://www.samba.org/samba/ftp/history/samba-3.5.14.html
>         http://www.samba.org/samba/ftp/history/samba-3.4.16.html
> 
> Binary packages will be made available on a volunteer basis from
> 
>         http://download.samba.org/samba/ftp/Binary_Packages/
> 
> Our Code, Our Bugs, Our Responsibility.
> (https://bugzilla.samba.org/)
> 
>                         --Enjoy
>                         The Samba Team
> 
> 

-- 
Samba                   http://www.samba.org
SerNet                  http://www.sernet.de
sambaXP                 http://www.sambaxp.org

Reply via email to