Release Planning for Samba 3.4: Difference between revisions
From SambaWiki
Line 173: | Line 173: | ||
== Samba 3.4.2 == |
== Samba 3.4.2 == |
||
:Release Notes for Samba 3.4.2 |
|||
:October 1, 2009 |
|||
===This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906.=== |
|||
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813 CVE-2009-2813]: |
|||
: In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd. |
|||
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948 CVE-2009-2948]: |
|||
: If mount.cifs is installed as a setuid program, a user can pass it a credential or password path to which he or she does not have access and then use the --verbose option to view the first line of that file. All known Samba versions are affected. |
|||
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888 CVE-2009-2906]: |
|||
: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server. |
|||
('''Updated 1-October-2009''') |
('''Updated 1-October-2009''') |
||
Revision as of 13:47, 4 May 2011
Samba 3.4 is in the maintenance mode, which means there will be bug fix and security releases for this series.
Samba 3.4.13
- Release Notes for Samba 3.4.13
- April 21, 2011
This is the latest stable release of Samba 3.4.
Major enhancements in Samba 3.4.13 include:
- Fix Winbind crash caused by null pointer reference bug #8086.
- Fix incorrect timeout handling in ncacn_ip_tcp client code bug #8085.
(Updated 21-April-2011)
- Thursday, April 21 - Samba 3.4.13 has been released
Release Notes Samba 3.4.13
Samba 3.4.12
- Release Notes for Samba 3.4.12
- February 28, 2011
This is a security release in order to address CVE-2011-0719.
- All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set.
(Updated 28-February-2011)
- Monday, February 28 - Samba 3.4.12 has been released to address CVE-2011-0719.
Release Notes Samba 3.4.12
Samba 3.4.11
- Release Notes for Samba 3.4.11
- January 23 2011
This is the latest stable release of Samba 3.4. It addresses the issue introduced with Samba 3.4.10:
- Fix connecting to port-139 only servers bug #7881.
(Updated 23-January-2011)
- Sunday, January 23 - Samba 3.4.11 has been released to fix connections to port-139 only servers (broken in Samba 3.4.10, please see bug #7881 for details)
Release Notes Samba 3.4.11
Samba 3.4.10
- Release Notes for Samba 3.4.10
- January 22, 2011
This is the latest stable release of Samba 3.4.
Major enhancements in Samba 3.4.10:
- Fix smbd coredump bug #7617.
- Fix Winbind internal error bug #7636.
- Fix flaky Winbind against w2k8 bug #7881.
(Updated 22-January-2011)
- Saturday, January 22 - Samba 3.4.10 has been released
Release Notes Samba 3.4.10
Samba 3.4.9
- Release Notes for Samba 3.4.9
- September 14, 2010
This is a security release in order to address CVE-2010-3069.
- All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server.
(Updated 14-September-2010)
- Tuesday, September 14 - Samba 3.4.9 has been released to address CVE-2010-3069.
Release Notes Samba 3.4.9
Samba 3.4.8
- Release Notes for Samba 3.4.8
- May 11, 2010
This is the latest stable release of Samba 3.4.
Major enhancements in Samba 3.4.8 include:
- Fix Winbind reconnection to it's own domain bug #7295.
- Fix an uninitialized variable read in smbd bug #7254.
- Fix smbd crash with CUPS printers and no [printers] share defined bug #7297.
- Fix NULL pointer dereference in smbd bug #7229.
(Updated 11-March-2010)
- Tuesday, May 11 - Samba 3.4.8 has been released
Release Notes Samba 3.4.8
Samba 3.4.7
- Release Notes for Samba 3.4.7
- March 8, 2010
This is a security release in order to address CVE-2010-0728.
- In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code was added to fix a problem with Linux asynchronous IO handling. This code introduced a bad security flaw on Linux platforms if the binaries were built on Linux platforms with libcap support. The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE capabilities, allowing all file system access to be allowed even when permissions should have denied access.
(Updated 09-March-2010)
- Monday, March 8 - Samba 3.4.7 has been released to address CVE-2010-0728.
Release Notes Samba 3.4.7
Samba 3.4.6
- Release Notes for Samba 3.4.6
- February 24, 2010
This is the latest stable release of Samba 3.4.
Major enhancements in Samba 3.4.6 include:
- "wide links" and "unix extensions" are incompatible bug #7104.
- Fix printing with 64 bit clients bug #6888.
- Fix core dump on Ubuntu 8.04 64 bit bug #7063.
- Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) bug #7067.
- Fix string buffer overflow causing heap corruption in smbd bug #7096.
(Updated 24-February-2010)
- Wednesday, February 24 - Samba 3.4.6 has been released
Release Notes Samba 3.4.6
Samba 3.4.5
- Release Notes for Samba 3.4.5
- January 19, 2010
This is the latest stable release of Samba 3.4.
Major enhancements in Samba 3.4.5 include:
- Fix memory leak in smbd bug #7020.
- Fix changing of ACLs on writable files with "dos filemode=yes" bug #5202.
(Updated 19-January-2010)
- Tuesday, January 19 - Samba 3.4.5 has been released
Release Notes Samba 3.4.5
Samba 3.4.4
- Release Notes for Samba 3.4.4
- January 7, 2010
This is the latest stable release of Samba 3.4.
Major enhancements in Samba 3.4.4 include:
- Fix interdomain trust relationships with Win2008R2 (bug #6697).
- Fix Winbind crashes when queried from nss (bug #6889).
- Fix Winbind crash when retrieving empty group members (bug #7014).
- Fix "UID range full" error in Winbind (bug #6901).
- Fix multiple LDAP servers in "idmap backend" and "idmap alloc backend" (bug #6910).
(Updated 07-January-2010)
- Thursday, January 7 - Samba 3.4.4 has been released
Release Notes Samba 3.4.4
Samba 3.4.3
- Release Notes for Samba 3.4.3
- October 29, 2009
This is the latest stable release of Samba 3.4.
Major enhancements in Samba 3.4.3 include:
- Fix trust relationships to windows 2008 (2008 r2) bug #6711.
- Fix file corruption using smbclient with NT4 server bug #6606.
- Fix Windows 7 share access (which defaults to NTLMv2) bug #6680.
(Updated 29-October-2009)
- Thursday, October 29 - Samba 3.4.3 has been released
Release Notes Samba 3.4.3
Samba 3.4.2
- Release Notes for Samba 3.4.2
- October 1, 2009
This is a security release in order to address CVE-2009-2813, CVE-2009-2948 and CVE-2009-2906.
- In all versions of Samba later than 3.0.11, connecting to the home share of a user will use the root of the filesystem as the home directory if this user is misconfigured to have an empty home directory in /etc/passwd.
- If mount.cifs is installed as a setuid program, a user can pass it a credential or password path to which he or she does not have access and then use the --verbose option to view the first line of that file. All known Samba versions are affected.
- Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server.
(Updated 1-October-2009)
- Thursday, October 1 - Samba 3.4.2 has been issued as Security Release to address CVE-2009-2906,
CVE-2009-2906 and CVE-2009-2813.
Release Notes Samba 3.4.2
Samba 3.4.1
(Updated 9-September-2009)
- Wednesday, September 9 - Samba 3.4.1 has been released
Release Notes Samba 3.4.1
Samba 3.4.0
(Updated 3-July-2009)
- Tuesday, June 2 - Samba 3.4.0pre2 has been released
- Thursday, April 30 - Samba 3.4.0pre1 has been released
- Friday, June 19 - Samba 3.4.0rc1 has been released
- Friday, July 3 - Samba 3.4.0 has been released
Release Notes Samba 3.4.0