Release Announcements ===================== This is a security release in order to address CVE-2009-1886 and CVE-2009-1888.
o CVE-2009-1886:
In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing
with file names treat user input as a format string to asprintf.
With a maliciously crafted file name smbclient can be made
to execute code triggered by the server.
o CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data
value can potentially affect access control when "dos filemode"
is set to "yes".
######################################################################
Changes
#######
Changes since 3.2.12
--------------------
o Jeremy Allison <[email protected]>
* Fix for CVE-2009-1886.
* Fix for CVE-2009-1888.
================
Download Details
================
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/
The release notes are available online at:
http://www.samba.org/samba/ftp/history/samba-3.2.13.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
pgpvSVzurU273.pgp
Description: PGP signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
