Release Planning for Samba 3.3: Difference between revisions

From SambaWiki
No edit summary
 
(11 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Samba 3.3 discontinued ==
This release series is in the '''security fixes only''' mode.
('''Updated 09-August-2011''')

With the release of Samba 3.6.0, Samba 3.3 has been marked '''discontinued'''.


== Samba 3.3 turned into security fixes only mode ==
== Samba 3.3 turned into security fixes only mode ==

('''Updated 01-March-2010''')
('''Updated 01-March-2010''')


Line 8: Line 10:
for '''security issues only'''.
for '''security issues only'''.


== Samba 3.3.15 ==
== Samba 3.3.16 ==
('''Updated 26-July-2011''')
:Release Notes for Samba 3.3.15
:February 28, 2011


===This is a security release in order to address CVE-2011-0719.===


* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719 CVE-2011-0719 CVE-2011-0719]:
: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set.

----


* Tuesday, July 26 - Samba 3.3.16 has been released to address [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522 CVE-2011-2522] and [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694 CVE-2011-2694].
[http://www.samba.org/samba/history/samba-3.3.16.html Release Notes Samba 3.3.16]


== Samba 3.3.15 ==
('''Updated 28-February-2011''')
('''Updated 28-February-2011''')


Line 28: Line 23:


== Samba 3.3.14 ==
== Samba 3.3.14 ==
:Release Notes for Samba 3.3.14
:September 14, 2010

===This is a security release in order to address CVE-2010-3069.===


* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2069 CVE-2010-2069 CVE-2010-3069]:
: All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server.

('''Updated 14-September-2010''')
('''Updated 14-September-2010''')


Line 43: Line 29:


== Samba 3.3.13 ==
== Samba 3.3.13 ==
:Release Notes for Samba 3.3.13
:June 16, 2010

===This is a security release in order to address CVE-2010-2063.===


* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2063 CVE-2010-2063 CVE-2010-2063]:
: In Samba 3.3.x and below, a buffer overrun is possible in chain_reply code.


('''Updated 16-June-2010''')
('''Updated 16-June-2010''')


Line 59: Line 35:


== Samba 3.3.12 ==
== Samba 3.3.12 ==
:Release Notes for Samba 3.3.12
:March 8, 2010

===This is a security release in order to address CVE-2010-0728.===

* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0728 CVE-2010-0728 CVE-2010-0728]:
: In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code was added to fix a problem with Linux asynchronous IO handling. This code introduced a bad security flaw on Linux platforms if the binaries were built on Linux platforms with libcap support. The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE capabilities, allowing all file system access to be allowed even when permissions should have denied access.

('''Updated 09-March-2010''')
('''Updated 09-March-2010''')


Line 73: Line 41:


== Samba 3.3.11 ==
== Samba 3.3.11 ==
:Release Notes for Samba 3.3.11
:February 26, 2010

===This is the latest bugfix release of the Samba 3.3 series.===

====Major enhancements in Samba 3.3.11 include:====

* "wide links" and "unix extensions" are incompatible [https://bugzilla.samba.org/show_bug.cgi?id=7104 bug #7104].
* Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) [https://bugzilla.samba.org/show_bug.cgi?id=7067 bug #7067].

('''Updated 26-February-2010''')
('''Updated 26-February-2010''')


Line 89: Line 47:


== Samba 3.3.10 ==
== Samba 3.3.10 ==
:Release Notes for Samba 3.3.10
:January 14, 2010

===This is the latest bugfix release of the Samba 3.3 series.===

====Major enhancements in Samba 3.3.10 include:====

* Fix changing of ACLs on writable file with "dos filemode=yes" [https://bugzilla.samba.org/show_bug.cgi?id=5202 bug #5202].
* Fix smbd crashes in dns_register_smbd_reply [https://bugzilla.samba.org/show_bug.cgi?id=6696 bug #6696].
* Fix Winbind crashes when queried from nss [https://bugzilla.samba.org/show_bug.cgi?id=6889 bug #6889].
* Fix Winbind crash when retrieving empty group members [https://bugzilla.samba.org/show_bug.cgi?id=7014 bug #7014].
* Fix interdomain trusts with Win2008R2 [https://bugzilla.samba.org/show_bug.cgi?id=6697 bug #6697].
('''Updated 14-January-2010''')
('''Updated 14-January-2010''')


Line 107: Line 53:


== Samba 3.3.9 ==
== Samba 3.3.9 ==
:Release Notes for Samba 3.3.9
:October, 15 2009

===This is the latest bugfix release of the Samba 3.3 series.===

====Major enhancements in Samba 3.3.9 include:====

* Fix trust relationships to windows 2008 (2008 r2) [https://bugzilla.samba.org/show_bug.cgi?id=6711 bug #6711].
* Fix file corruption using smbclient with NT4 server [https://bugzilla.samba.org/show_bug.cgi?id=6606 bug #6606].
* Fix Windows 7 share access (which defaults to NTLMv2) [https://bugzilla.samba.org/show_bug.cgi?id=6680 bug #6680].
* Fix SAMR server for Winbind access [https://bugzilla.samba.org/show_bug.cgi?id=6504 bug #6504].
('''Updated 15-October-2009''')
('''Updated 15-October-2009''')


Line 124: Line 59:


== Samba 3.3.8 ==
== Samba 3.3.8 ==
:Release Notes for Samba 3.3.8
:October, 1 2009

===This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906.===

* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813 CVE-2009-2813]:
: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.

* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948 CVE-2009-2948]:
: If mount.cifs is installed as a setuid program, a user can pass it a credential or password path to which he or she does not have access and then use the --verbose option to view the first line of that file. All known Samba versions are affected.

* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888 CVE-2009-2906]:
: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server.

('''Updated 1-October-2009''')
('''Updated 1-October-2009''')


Line 146: Line 67:


== Samba 3.3.7 ==
== Samba 3.3.7 ==
:Release Notes for Samba 3.3.7
:July, 29 2009

===This is the latest bugfix release of the Samba 3.3 series.===

('''Updated 23-June-2009''')
('''Updated 23-June-2009''')


Line 157: Line 73:


== Samba 3.3.6 ==
== Samba 3.3.6 ==
:Release Notes for Samba 3.3.6
:June, 23 2009

This is a security release in order to address CVE-2009-1888.

* [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888 CVE-2009-1888] ("Uninitialized read of a data value"):
: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes".


('''Updated 23-June-2009''')
('''Updated 23-June-2009''')


Line 175: Line 82:


== Samba 3.3.5 ==
== Samba 3.3.5 ==
:Release Notes for Samba 3.3.5
:June, 16 2009

===This is the latest bugfix release of the Samba 3.3 series.===

====Major enhancements in Samba 3.3.5 include:====

* Fix SAMR and LSA checks [https://bugzilla.samba.org/show_bug.cgi?id=6089 bug #60689], [https://bugzilla.samba.org/show_bug.cgi?id=6289 bug #6289]
* Fix posix acls when setting an ACL without explicit ACE for the owner [https://bugzilla.samba.org/show_bug.cgi?id=2346 bug #2346].
* Fix joining of Win7 into Samba domain [https://bugzilla.samba.org/show_bug.cgi?id=6099 bug #6099].
* Fix joining of Win2000 SP4 clients [https://bugzilla.samba.org/show_bug.cgi?id=6301 bug #6301].
('''Updated 16-June-2009''')
('''Updated 16-June-2009''')


Line 192: Line 88:


== Samba 3.3.4 ==
== Samba 3.3.4 ==
:Release Notes for Samba 3.3.4
:April, 29 2009

===This is the latest bugfix release of the Samba 3.3 series.===

====Major enhancements in Samba 3.3.4 include:====

* Fix domain logins for WinXP clients pre SP3 [https://bugzilla.samba.org/show_bug.cgi?id=6263 bug #6263].
* Fix samr_OpenDomain access checks [https://bugzilla.samba.org/show_bug.cgi?id=6089 bug #6089].
* Fix usrmgr.exe creating a user [https://bugzilla.samba.org/show_bug.cgi?id=6243 bug #6243].
('''Updated 29-April-2009''')
('''Updated 29-April-2009''')


Line 208: Line 94:


== Samba 3.3.3 ==
== Samba 3.3.3 ==
:Release Notes for Samba 3.3.3
:April, 1 2009

===This is the latest bugfix release release of the Samba 3.3 series.===

====Major enhancements in Samba 3.3.3 include:====

* Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb correctly [https://bugzilla.samba.org/show_bug.cgi?id=6195 bug #6195].
* Fix serving of files with colons to CIFS/VFS client [https://bugzilla.samba.org/show_bug.cgi?id=6196 bug #6196].
* Fix "map readonly" [https://bugzilla.samba.org/show_bug.cgi?id=6186 bug #6186].
('''Updated 01-April-2009''')
('''Updated 01-April-2009''')



Latest revision as of 19:06, 9 August 2011

Samba 3.3 discontinued

(Updated 09-August-2011)

With the release of Samba 3.6.0, Samba 3.3 has been marked discontinued.

Samba 3.3 turned into security fixes only mode

(Updated 01-March-2010)

Moving forward, any 3.3.x releases will be on a as needed basis for security issues only.

Samba 3.3.16

(Updated 26-July-2011)

 Release Notes Samba 3.3.16

Samba 3.3.15

(Updated 28-February-2011)

  • Monday, February 28 - Samba 3.3.15 has been released to address CVE-2011-0719.
 Release Notes Samba 3.3.15

Samba 3.3.14

(Updated 14-September-2010)

  • Tuesday, September 14 - Samba 3.3.14 has been released to address CVE-2010-2069.
 Release Notes Samba 3.3.14

Samba 3.3.13

(Updated 16-June-2010)

  • Wednesday, June 16 - Samba 3.3.13 has been released to address CVE-2010-2063.
 Release Notes Samba 3.3.13

Samba 3.3.12

(Updated 09-March-2010)

  • Monday, March 8 - Samba 3.3.12 has been released to address CVE-2010-0728.
 Release Notes Samba 3.3.12

Samba 3.3.11

(Updated 26-February-2010)

  • Friday, February 26 - Samba 3.3.11 has been released

Please note, that this will probably be the last bug fix release of the 3.3 series.

Samba 3.3.10

(Updated 14-January-2010)

  • Thursday, January 14 - Samba 3.3.10 has been released
 Release Notes Samba 3.3.10

Samba 3.3.9

(Updated 15-October-2009)

  • Thursday, October 15 - Samba 3.3.9 has been released
 Release Notes Samba 3.3.9

Samba 3.3.8

(Updated 1-October-2009)

  • Thursday, October 1 - Samba 3.3.8 has been issued as Security Release to address CVE-2009-2906,

CVE-2009-2906 and CVE-2009-2813.

 Release Notes Samba 3.3.8

Samba 3.3.7

(Updated 23-June-2009)

  • Wednesday, July 29 - Samba 3.3.7 has been released
 Release Notes Samba 3.3.7

Samba 3.3.6

(Updated 23-June-2009)

  • Tuesday, June 23 2009: Samba 3.3.6 Security Release has been released to address

CVE-2009-1888 ("Uninitialized read of a data value"). For more information, please see Samba Security page.

 Security Advisory
 Release Notes Samba 3.3.6

Samba 3.3.5

(Updated 16-June-2009)

  • Tuesday, June 16 - Samba 3.3.5 has been released
 Release Notes Samba 3.3.5

Samba 3.3.4

(Updated 29-April-2009)

  • Wednesday, April 29 - Samba 3.3.4 has been released
 Release Notes Samba 3.3.4

Samba 3.3.3

(Updated 01-April-2009)

  • Wednesday, April 1 - Samba 3.3.3 has been released
 Release Notes Samba 3.3.3

Samba 3.3.2

(Updated 12-March-2009)

  • Thursday, March 12 - Samba 3.3.2 has been released
 Release Notes Samba 3.3.2

Samba 3.3.1

(Updated 24-February-2009)

  • Tuesday, February 24 - Samba 3.3.1 has been released
 Release Notes Samba 3.3.1

Samba 3.3.0

(Updated 27-January-2009)

  • Tuesday, August 26 - Samba 3.3.0pre1 has been released
  • Thursday, October 2 - Samba 3.3.0pre2 has been released
  • Thursday, November 27 - Samba 3.3.0rc1 has been released
  • Monday, December 15 - Samba 3.3.0rc2 has been released
  • Tuesday, January 27 - Samba 3.3.0 has been released
 Release Notes Samba 3.3.0