[Pkg-samba-maint] (forw) (forw) [Samba] [Announce] Samba 3.5.10, 3.4.14 and 3.3.16 Security Releases Available

Christian PERRIER bubulle at debian.org
Tue Jul 26 18:56:02 UTC 2011 

Sorry, I forgot to CC the pkg maintenance list.


----- Forwarded message from Christian PERRIER <bubulle at debian.org> -----

Date: Tue, 26 Jul 2011 20:55:20 +0200
From: Christian PERRIER <bubulle at debian.org>
To: team at security.debian.org
Subject: (forw) [Samba] [Announce] Samba 3.5.10, 3.4.14 and 3.3.16 Security Releases Available

I should be taking care of this in the upcoming days. First for
stable, then unstable. Oldstable is probably vulnerable too as SWAT
hasn't been touched upstream for ages.

----- Forwarded message from Karolin Seeger <kseeger at samba.org> -----

Date: Tue, 26 Jul 2011 20:17:17 +0200
From: Karolin Seeger <kseeger at samba.org>
To: samba-announce at samba.org, samba at samba.org, samba-technical at samba.org
Subject: [Samba] [Announce] Samba 3.5.10, 3.4.14 and 3.3.16 Security Releases Available
Organization: SerNet GmbH, Goettingen, Germany
X-CRM114-Status: Good  ( pR: 37.6074 )

Release Announcements
=====================

Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to
address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).


o  CVE-2011-2522:
   The Samba Web Administration Tool (SWAT) in Samba versions
   3.0.x to 3.5.9 are affected by a cross-site request forgery.


o  CVE-2011-2694:
   The Samba Web Administration Tool (SWAT) in Samba versions
   3.0.x to 3.5.9 are affected by a cross-site scripting
   vulnerability.

Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.


Changes
-------


o   Kai Blin <kai at samba.org>
    * BUG 8289: SWAT contains a cross-site scripting vulnerability.
    * BUG 8290: CSRF vulnerability in SWAT.



================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

        http://download.samba.org/samba/ftp/stable

The release notes are available online at:

        http://www.samba.org/samba/history/samba-3.5.10.html
        http://www.samba.org/samba/history/samba-3.4.14.html
        http://www.samba.org/samba/history/samba-3.3.16.html

Binary packages will be made available on a volunteer basis from

        http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


----- End forwarded message -----

-- 





----- End forwarded message -----

-- 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20110726/60dad1a7/attachment.pgp>

More information about the Pkg-samba-maint mailing list