Release Planning for Samba 3.3
This release series is in the security fixes only mode.
Samba 3.3 turned into security fixes only mode
(Updated 01-March-2010)
Moving forward, any 3.3.x releases will be on a as needed basis for security issues only.
Samba 3.3.15
- Release Notes for Samba 3.3.15
- February 28, 2011
This is a security release in order to address CVE-2011-0719.
- All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set.
(Updated 28-February-2011)
- Monday, February 28 - Samba 3.3.15 has been released to address CVE-2011-0719.
Release Notes Samba 3.3.15
Samba 3.3.14
- Release Notes for Samba 3.3.14
- September 14, 2010
This is a security release in order to address CVE-2010-3069.
- All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server.
(Updated 14-September-2010)
- Tuesday, September 14 - Samba 3.3.14 has been released to address CVE-2010-2069.
Release Notes Samba 3.3.14
Samba 3.3.13
- Release Notes for Samba 3.3.13
- June 16, 2010
This is a security release in order to address CVE-2010-2063.
- In Samba 3.3.x and below, a buffer overrun is possible in chain_reply code.
(Updated 16-June-2010)
- Wednesday, June 16 - Samba 3.3.13 has been released to address CVE-2010-2063.
Release Notes Samba 3.3.13
Samba 3.3.12
- Release Notes for Samba 3.3.12
- March 8, 2010
This is a security release in order to address CVE-2010-0728.
- In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code was added to fix a problem with Linux asynchronous IO handling. This code introduced a bad security flaw on Linux platforms if the binaries were built on Linux platforms with libcap support. The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE capabilities, allowing all file system access to be allowed even when permissions should have denied access.
(Updated 09-March-2010)
- Monday, March 8 - Samba 3.3.12 has been released to address CVE-2010-0728.
Release Notes Samba 3.3.12
Samba 3.3.11
- Release Notes for Samba 3.3.11
- February 26, 2010
This is the latest bugfix release of the Samba 3.3 series.
Major enhancements in Samba 3.3.11 include:
- "wide links" and "unix extensions" are incompatible bug #7104.
- Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) bug #7067.
(Updated 26-February-2010)
- Friday, February 26 - Samba 3.3.11 has been released
Please note, that this will probably be the last bug fix release of the 3.3 series.
Samba 3.3.10
- Release Notes for Samba 3.3.10
- January 14, 2010
This is the latest bugfix release of the Samba 3.3 series.
Major enhancements in Samba 3.3.10 include:
- Fix changing of ACLs on writable file with "dos filemode=yes" bug #5202.
- Fix smbd crashes in dns_register_smbd_reply bug #6696.
- Fix Winbind crashes when queried from nss bug #6889.
- Fix Winbind crash when retrieving empty group members bug #7014.
- Fix interdomain trusts with Win2008R2 bug #6697.
(Updated 14-January-2010)
- Thursday, January 14 - Samba 3.3.10 has been released
Release Notes Samba 3.3.10
Samba 3.3.9
- Release Notes for Samba 3.3.9
- October, 15 2009
This is the latest bugfix release of the Samba 3.3 series.
Major enhancements in Samba 3.3.9 include:
- Fix trust relationships to windows 2008 (2008 r2) bug #6711.
- Fix file corruption using smbclient with NT4 server bug #6606.
- Fix Windows 7 share access (which defaults to NTLMv2) bug #6680.
- Fix SAMR server for Winbind access bug #6504.
(Updated 15-October-2009)
- Thursday, October 15 - Samba 3.3.9 has been released
Release Notes Samba 3.3.9
Samba 3.3.8
- Release Notes for Samba 3.3.8
- October, 1 2009
This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906.
- In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.
- If mount.cifs is installed as a setuid program, a user can pass it a credential or password path to which he or she does not have access and then use the --verbose option to view the first line of that file. All known Samba versions are affected.
- Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server.
(Updated 1-October-2009)
- Thursday, October 1 - Samba 3.3.8 has been issued as Security Release to address CVE-2009-2906,
CVE-2009-2906 and CVE-2009-2813.
Release Notes Samba 3.3.8
Samba 3.3.7
- Release Notes for Samba 3.3.7
- July, 29 2009
This is the latest bugfix release of the Samba 3.3 series.
(Updated 23-June-2009)
- Wednesday, July 29 - Samba 3.3.7 has been released
Release Notes Samba 3.3.7
Samba 3.3.6
- Release Notes for Samba 3.3.6
- June, 23 2009
This is a security release in order to address CVE-2009-1888.
- CVE-2009-1888 ("Uninitialized read of a data value"):
- In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes".
(Updated 23-June-2009)
- Tuesday, June 23 2009: Samba 3.3.6 Security Release has been released to address
CVE-2009-1888 ("Uninitialized read of a data value"). For more information, please see Samba Security page.
Security Advisory Release Notes Samba 3.3.6
Samba 3.3.5
(Updated 16-June-2009)
- Tuesday, June 16 - Samba 3.3.5 has been released
Release Notes Samba 3.3.5
Samba 3.3.4
(Updated 29-April-2009)
- Wednesday, April 29 - Samba 3.3.4 has been released
Release Notes Samba 3.3.4
Samba 3.3.3
(Updated 01-April-2009)
- Wednesday, April 1 - Samba 3.3.3 has been released
Release Notes Samba 3.3.3
Samba 3.3.2
(Updated 12-March-2009)
- Thursday, March 12 - Samba 3.3.2 has been released
Release Notes Samba 3.3.2
Samba 3.3.1
(Updated 24-February-2009)
- Tuesday, February 24 - Samba 3.3.1 has been released
Release Notes Samba 3.3.1
Samba 3.3.0
(Updated 27-January-2009)
- Tuesday, August 26 - Samba 3.3.0pre1 has been released
- Thursday, October 2 - Samba 3.3.0pre2 has been released
- Thursday, November 27 - Samba 3.3.0rc1 has been released
- Monday, December 15 - Samba 3.3.0rc2 has been released
- Tuesday, January 27 - Samba 3.3.0 has been released
Release Notes Samba 3.3.0