Samba fixes critical remote code execution vulnerability

The Samba developers have patched a critical security vulnerability that effects all versions of the open source, cross-platform file sharing solution from Samba 3.0.x up to version 3.6.3 which was released in January. The hole allows an attacker to gain complete access to a Samba server from an unauthenticated connection. The GPLv3 licensed Samba is […]

Samba 3.6.0 Available for Download

Release Announcements ===================== This is the first release of Samba 3.6.0. Major enhancements in Samba 3.6.0 include: Changed security defaults ————————- Samba 3.6 has adopted a number of improved security defaults that will impact on existing users of Samba. client ntlmv2 auth = yes client use spnego principal = no send spnego principal = no […]

Samba 3.5.11 Available for Download

Release Announcements ===================== This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.11 include: o Fix access to Samba shares when Windows security patch KB2536276 is installed (bug #7460). o Fix DoS in Winbind and smbd with many file descriptors open (bug #7949). o Fix Winbind panics if verify_idpool() fails (bug […]

Samba 3.5.10, 3.4.14 and 3.3.16 Security Releases Available

Release Announcements ===================== Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). o CVE-2011-2522: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site request forgery. o CVE-2011-2694: The Samba Web Administration […]

Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available

Release Announcements ===================== Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719. o CVE-2011-0719: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause […]

Samba 3.4.11 Available for Download

================================================================== “Storms make trees take deeper roots.” Dolly Parton ================================================================== Release Announcements ===================== This is the latest stable release of Samba 3.4. It addresses the following issue introduced with Samba 3.4.10: o Fix connecting to port-139 only servers (bug 7881). Changes since 3.4.10 ——————– o Volker Lendecke <vl@samba.org> * BUG 7881: Fix connecting to port-139 […]

Samba 4.0.0 alpha 14 “randomdata”

We are proud to a announce another alpha release of Samba 4, alpha 14, codenamed “randomdata”. What’s new in Samba 4 alpha14 ============================= Samba 4 is the ambitious next version of the Samba suite that is being developed in parallel to the stable 3.x series. The main emphasis in this branch is support for the […]

Samba 3.5.6 Available for Download

Release Announcements ===================== This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.6 include: o Fix smbd panic on invalid NetBIOS session request (bug #7698). o Fix smbd crash caused by “%D” in “printer admin” (bug #7541). o Fix crash bug with invalid SPNEGO token (bug #7694). o Fix Winbind internal […]

Samba 3.5.5, 3.4.9 and 3.3.14 Security Releases Available

Release Announcements ===================== These are a security releases in order to address CVE-2010-3069. o CVE-2010-3069: All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID […]

Samba 3.4.8 Available for Download

Release Announcements ===================== This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.8 include: o Fix Winbind reconnection to it’s own domain (bug #7295). o Fix an uninitialized variable read in smbd (bug #7254). o Fix smbd crash with CUPS printers and no [printers] share defined (bug #7297). o Fix NULL […]

Security problem with Samba on Linux – affects 3.5.0, 3.4.6 and 3.3.11

Security problem with Samba on Linux ———————————— In Samba releases 3.5.0, 3.4.6 and 3.3.11 new code was added to fix a problem with Linux asynchronous IO handling. This code introduced a severe security flaw which was undetected until now. We are releasing new binaries and fixed source code as release numbers: 3.5.1, 3.4.7 and 3.3.12 […]

Samba 3.5.0 Available for Download

================================================================= “Perfection is attained by slow degrees; it requires the hand of time” Voltaire ================================================================= Release Announcements ===================== This is the first stable release of Samba 3.5. Major enhancements in Samba 3.5.0 include: General changes: o Add support for full Windows timestamp resolution o The Using Samba HTML book has been removed. o ‘net’, ‘smbclient’ […]

Samba 3.4.5 Available for Download

Release Announcements ===================== This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.5 include: o Fix memory in leak in smbd (bug #7020). o Fix changing of ACLs on writable files with “dos filemode=yes” (bug #5202). ###################################################################### Changes ####### Changes since 3.4.4 ——————- o Jeremy Allison <jra@samba.org> * BUG 5202: Fix […]

Samba 3.4.4 Available for Download

================================================================= “If there is no struggle, there is no progress.” Frederick Douglass ================================================================= Release Announcements ===================== This is the latest stable release of Samba 3.4. Major enhancements in Samba 3.4.4 include: o Fix interdomain trust relationships with Win2008R2 (bug #6697). o Fix Winbind crashes when queried from nss (bug #6889). o Fix Winbind crash when […]