Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available

Release Announcements
=====================

Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to
address CVE-2011-0719.

o CVE-2011-0719:
All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.

A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).

Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.

Changes
——-

o Jeremy Allison <jra at samba.org>
* BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.

######################################################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don’t provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba corresponding product in the project’s Bugzilla
database (https://bugzilla.samba.org/).


======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================

================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:

http://download.samba.org/samba/ftp/

The release notes are available online at:

http://www.samba.org/samba/ftp/history/samba-3.5.7.html
http://www.samba.org/samba/ftp/history/samba-3.4.12.html
http://www.samba.org/samba/ftp/history/samba-3.3.15.html

Binary packages will be made available on a volunteer basis from

http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

–Enjoy
The Samba Team

Comments are closed.