Release Planning for Samba 3.3: Difference between revisions
From SambaWiki
No edit summary |
|||
| (23 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
== Samba 3.3 discontinued == |
|||
| ⚫ | |||
('''Updated 09-August-2011''') |
|||
With the release of Samba 3.6.0, Samba 3.3 has been marked '''discontinued'''. |
|||
== Samba 3.3 turned into security fixes only mode == |
|||
| ⚫ | |||
('''Updated 01-March-2010''') |
('''Updated 01-March-2010''') |
||
| Line 8: | Line 10: | ||
for '''security issues only'''. |
for '''security issues only'''. |
||
== Samba 3.3. |
== Samba 3.3.16 == |
||
('''Updated 26-July-2011''') |
|||
:Release Notes for Samba 3.3.15 |
|||
:February 28, 2011 |
|||
===This is a security release in order to address CVE-2011-0719.=== |
|||
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719 CVE-2011-0719 CVE-2011-0719]: |
|||
: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. |
|||
---- |
|||
* Tuesday, July 26 - Samba 3.3.16 has been released to address [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522 CVE-2011-2522] and [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694 CVE-2011-2694]. |
|||
[http://www.samba.org/samba/history/samba-3.3.16.html Release Notes Samba 3.3.16] |
|||
== Samba 3.3.15 == |
|||
('''Updated 28-February-2011''') |
('''Updated 28-February-2011''') |
||
| Line 28: | Line 23: | ||
== Samba 3.3.14 == |
== Samba 3.3.14 == |
||
:Release Notes for Samba 3.3.14 |
|||
:September 14, 2010 |
|||
===This is a security release in order to address CVE-2010-3069.=== |
|||
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2069 CVE-2010-2069 CVE-2010-3069]: |
|||
: All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. |
|||
('''Updated 14-September-2010''') |
('''Updated 14-September-2010''') |
||
| Line 43: | Line 29: | ||
== Samba 3.3.13 == |
== Samba 3.3.13 == |
||
:Release Notes for Samba 3.3.13 |
|||
:June 16, 2010 |
|||
===This is a security release in order to address CVE-2010-2063.=== |
|||
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2063 CVE-2010-2063 CVE-2010-2063]: |
|||
: In Samba 3.3.x and below, a buffer overrun is possible in chain_reply code. |
|||
('''Updated 16-June-2010''') |
('''Updated 16-June-2010''') |
||
| Line 59: | Line 35: | ||
== Samba 3.3.12 == |
== Samba 3.3.12 == |
||
:Release Notes for Samba 3.3.12 |
|||
:March 8, 2010 |
|||
===This is a security release in order to address CVE-2010-0728.=== |
|||
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0728 CVE-2010-0728 CVE-2010-0728]: |
|||
: In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code was added to fix a problem with Linux asynchronous IO handling. This code introduced a bad security flaw on Linux platforms if the binaries were built on Linux platforms with libcap support. The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE capabilities, allowing all file system access to be allowed even when permissions should have denied access. |
|||
('''Updated 09-March-2010''') |
('''Updated 09-March-2010''') |
||
| Line 73: | Line 41: | ||
== Samba 3.3.11 == |
== Samba 3.3.11 == |
||
:Release Notes for Samba 3.3.11 |
|||
:February 26, 2010 |
|||
===This is the latest bugfix release of the Samba 3.3 series.=== |
|||
====Major enhancements in Samba 3.3.11 include:==== |
|||
* "wide links" and "unix extensions" are incompatible (bug #7104). |
|||
* Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) (bug #7067). |
|||
('''Updated 26-February-2010''') |
('''Updated 26-February-2010''') |
||
| Line 89: | Line 47: | ||
== Samba 3.3.10 == |
== Samba 3.3.10 == |
||
('''Updated 14-January-2010''') |
('''Updated 14-January-2010''') |
||
| Line 96: | Line 53: | ||
== Samba 3.3.9 == |
== Samba 3.3.9 == |
||
('''Updated 15-October-2009''') |
('''Updated 15-October-2009''') |
||
| Line 103: | Line 59: | ||
== Samba 3.3.8 == |
== Samba 3.3.8 == |
||
('''Updated 1-October-2009''') |
('''Updated 1-October-2009''') |
||
| Line 124: | Line 79: | ||
For more information, please see [http://samba.org/samba/history/security.html Samba Security page]. |
For more information, please see [http://samba.org/samba/history/security.html Samba Security page]. |
||
[http://samba.org/samba/security/CVE-2009-1888.html Security Advisory] |
[http://samba.org/samba/security/CVE-2009-1888.html Security Advisory] |
||
[http://www.samba.org/samba/history/samba-3.3.6.html Release Notes Samba 3.3.6] |
|||
== Samba 3.3.5 == |
== Samba 3.3.5 == |
||
Latest revision as of 19:06, 9 August 2011
Samba 3.3 discontinued
(Updated 09-August-2011)
With the release of Samba 3.6.0, Samba 3.3 has been marked discontinued.
Samba 3.3 turned into security fixes only mode
(Updated 01-March-2010)
Moving forward, any 3.3.x releases will be on a as needed basis for security issues only.
Samba 3.3.16
(Updated 26-July-2011)
- Tuesday, July 26 - Samba 3.3.16 has been released to address CVE-2011-2522 and CVE-2011-2694.
Release Notes Samba 3.3.16
Samba 3.3.15
(Updated 28-February-2011)
- Monday, February 28 - Samba 3.3.15 has been released to address CVE-2011-0719.
Release Notes Samba 3.3.15
Samba 3.3.14
(Updated 14-September-2010)
- Tuesday, September 14 - Samba 3.3.14 has been released to address CVE-2010-2069.
Release Notes Samba 3.3.14
Samba 3.3.13
(Updated 16-June-2010)
- Wednesday, June 16 - Samba 3.3.13 has been released to address CVE-2010-2063.
Release Notes Samba 3.3.13
Samba 3.3.12
(Updated 09-March-2010)
- Monday, March 8 - Samba 3.3.12 has been released to address CVE-2010-0728.
Release Notes Samba 3.3.12
Samba 3.3.11
(Updated 26-February-2010)
- Friday, February 26 - Samba 3.3.11 has been released
Please note, that this will probably be the last bug fix release of the 3.3 series.
Samba 3.3.10
(Updated 14-January-2010)
- Thursday, January 14 - Samba 3.3.10 has been released
Release Notes Samba 3.3.10
Samba 3.3.9
(Updated 15-October-2009)
- Thursday, October 15 - Samba 3.3.9 has been released
Release Notes Samba 3.3.9
Samba 3.3.8
(Updated 1-October-2009)
- Thursday, October 1 - Samba 3.3.8 has been issued as Security Release to address CVE-2009-2906,
CVE-2009-2906 and CVE-2009-2813.
Release Notes Samba 3.3.8
Samba 3.3.7
(Updated 23-June-2009)
- Wednesday, July 29 - Samba 3.3.7 has been released
Release Notes Samba 3.3.7
Samba 3.3.6
(Updated 23-June-2009)
- Tuesday, June 23 2009: Samba 3.3.6 Security Release has been released to address
CVE-2009-1888 ("Uninitialized read of a data value"). For more information, please see Samba Security page.
Security Advisory Release Notes Samba 3.3.6
Samba 3.3.5
(Updated 16-June-2009)
- Tuesday, June 16 - Samba 3.3.5 has been released
Release Notes Samba 3.3.5
Samba 3.3.4
(Updated 29-April-2009)
- Wednesday, April 29 - Samba 3.3.4 has been released
Release Notes Samba 3.3.4
Samba 3.3.3
(Updated 01-April-2009)
- Wednesday, April 1 - Samba 3.3.3 has been released
Release Notes Samba 3.3.3
Samba 3.3.2
(Updated 12-March-2009)
- Thursday, March 12 - Samba 3.3.2 has been released
Release Notes Samba 3.3.2
Samba 3.3.1
(Updated 24-February-2009)
- Tuesday, February 24 - Samba 3.3.1 has been released
Release Notes Samba 3.3.1
Samba 3.3.0
(Updated 27-January-2009)
- Tuesday, August 26 - Samba 3.3.0pre1 has been released
- Thursday, October 2 - Samba 3.3.0pre2 has been released
- Thursday, November 27 - Samba 3.3.0rc1 has been released
- Monday, December 15 - Samba 3.3.0rc2 has been released
- Tuesday, January 27 - Samba 3.3.0 has been released
Release Notes Samba 3.3.0