Samba 3.5.10, 3.4.14 and 3.3.16 Security Releases Available

Release Announcements
=====================

Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to
address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).

o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.

o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.

Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.

Changes
——-

o Kai Blin <kai@samba.org>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.

================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:

http://download.samba.org/samba/ftp/stable

The release notes are available online at:

http://www.samba.org/samba/history/samba-3.5.10.html
http://www.samba.org/samba/history/samba-3.4.14.html
http://www.samba.org/samba/history/samba-3.3.16.html

Binary packages will be made available on a volunteer basis from

http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

–Enjoy
The Samba Team

Comments are closed.