Release Planning for Samba 3.3: Difference between revisions

From SambaWiki
Line 73: Line 73:


== Samba 3.3.11 ==
== Samba 3.3.11 ==
:Release Notes for Samba 3.3.11
:February 26, 2010


===This is the latest bugfix release of the Samba 3.3 series.===
('''Updated 26-February-2010''')


* Friday, February 26 - Samba 3.3.11 has been released
====Major enhancements in Samba 3.3.11 include:====
'''Please note, that this will probably be the last bug fix release of the 3.3 series.'''


* "wide links" and "unix extensions" are incompatible (bug #7104).
Samba 3.3.12
* Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) (bug #7067).


('''Updated 09-March-2010''')
('''Updated 26-February-2010''')


* Monday, March 8 - Samba 3.3.12 has been released to address [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0728 CVE-2010-0728].
* Friday, February 26 - Samba 3.3.11 has been released
'''Please note, that this will probably be the last bug fix release of the 3.3 series.'''
[http://www.samba.org/samba/history/samba-3.3.11.html Release Notes Samba 3.3.11]


== Samba 3.3.10 ==
== Samba 3.3.10 ==

Revision as of 14:25, 2 May 2011

This release series is in the security fixes only mode.

Samba 3.3 turned into security fixes only mode

(Updated 01-March-2010)

Moving forward, any 3.3.x releases will be on a as needed basis for security issues only.

Samba 3.3.15

Release Notes for Samba 3.3.15
February 28, 2011


This is a security release in order to address CVE-2011-0719.

All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set.


(Updated 28-February-2011)

  • Monday, February 28 - Samba 3.3.15 has been released to address CVE-2011-0719.
 Release Notes Samba 3.3.15

Samba 3.3.14

Release Notes for Samba 3.3.14
September 14, 2010

This is a security release in order to address CVE-2010-3069.

All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server.

(Updated 14-September-2010)

  • Tuesday, September 14 - Samba 3.3.14 has been released to address CVE-2010-2069.
 Release Notes Samba 3.3.14

Samba 3.3.13

Release Notes for Samba 3.3.13
June 16, 2010

This is a security release in order to address CVE-2010-2063.

In Samba 3.3.x and below, a buffer overrun is possible in chain_reply code.


(Updated 16-June-2010)

  • Wednesday, June 16 - Samba 3.3.13 has been released to address CVE-2010-2063.
 Release Notes Samba 3.3.13

Samba 3.3.12

Release Notes for Samba 3.3.12
March 8, 2010

This is a security release in order to address CVE-2010-0728.

In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code was added to fix a problem with Linux asynchronous IO handling. This code introduced a bad security flaw on Linux platforms if the binaries were built on Linux platforms with libcap support. The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE capabilities, allowing all file system access to be allowed even when permissions should have denied access.

(Updated 09-March-2010)

  • Monday, March 8 - Samba 3.3.12 has been released to address CVE-2010-0728.
 Release Notes Samba 3.3.12

Samba 3.3.11

Release Notes for Samba 3.3.11
February 26, 2010

This is the latest bugfix release of the Samba 3.3 series.

Major enhancements in Samba 3.3.11 include:

  • "wide links" and "unix extensions" are incompatible (bug #7104).
  • Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) (bug #7067).

(Updated 26-February-2010)

  • Friday, February 26 - Samba 3.3.11 has been released

Please note, that this will probably be the last bug fix release of the 3.3 series.

Samba 3.3.10

(Updated 14-January-2010)

  • Thursday, January 14 - Samba 3.3.10 has been released
 Release Notes Samba 3.3.10

Samba 3.3.9

(Updated 15-October-2009)

  • Thursday, October 15 - Samba 3.3.9 has been released
 Release Notes Samba 3.3.9

Samba 3.3.8

(Updated 1-October-2009)

  • Thursday, October 1 - Samba 3.3.8 has been issued as Security Release to address CVE-2009-2906,

CVE-2009-2906 and CVE-2009-2813.

 Release Notes Samba 3.3.8

Samba 3.3.7

(Updated 23-June-2009)

  • Wednesday, July 29 - Samba 3.3.7 has been released
 Release Notes Samba 3.3.7

Samba 3.3.6

(Updated 23-June-2009)

  • Tuesday, June 23 2009: Samba 3.3.6 Security Release has been released to address

CVE-2009-1888 ("Uninitialized read of a data value"). For more information, please see Samba Security page.

 Security Advisory

Samba 3.3.5

(Updated 16-June-2009)

  • Tuesday, June 16 - Samba 3.3.5 has been released
 Release Notes Samba 3.3.5

Samba 3.3.4

(Updated 29-April-2009)

  • Wednesday, April 29 - Samba 3.3.4 has been released
 Release Notes Samba 3.3.4

Samba 3.3.3

(Updated 01-April-2009)

  • Wednesday, April 1 - Samba 3.3.3 has been released
 Release Notes Samba 3.3.3

Samba 3.3.2

(Updated 12-March-2009)

  • Thursday, March 12 - Samba 3.3.2 has been released
 Release Notes Samba 3.3.2

Samba 3.3.1

(Updated 24-February-2009)

  • Tuesday, February 24 - Samba 3.3.1 has been released
 Release Notes Samba 3.3.1

Samba 3.3.0

(Updated 27-January-2009)

  • Tuesday, August 26 - Samba 3.3.0pre1 has been released
  • Thursday, October 2 - Samba 3.3.0pre2 has been released
  • Thursday, November 27 - Samba 3.3.0rc1 has been released
  • Monday, December 15 - Samba 3.3.0rc2 has been released
  • Tuesday, January 27 - Samba 3.3.0 has been released
 Release Notes Samba 3.3.0