[Pkg-samba-maint] [samba] 04/06: WHATSNEW: Add release notes for Samba 4.1.9.
Ivo De Decker
ivodd at moszumanska.debian.org
Mon Jun 23 16:46:10 UTC 2014
This is an automated email from the git hooks/post-receive script.
ivodd pushed a commit to branch upstream_4.1
in repository samba.
commit 9842dc834299e4e487369dd3917c91c9ba91fde6
Author: Karolin Seeger <kseeger at samba.org>
Date: Sun Jun 22 16:39:29 2014 +0200
WHATSNEW: Add release notes for Samba 4.1.9.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10633
CVE-2014-0244: nmbd denial of service
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10654
CVE-2014-3493: Segmentation fault in smbd_marshall_dir_entry()'s
SMB_FIND_FILE_UNIX handler because push_ascii() has returned(uint32_t)-1
via srvstr_push(), incrementing p by 4GB
Signed-off-by: Karolin Seeger <kseeger at samba.org>
---
WHATSNEW.txt | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 59 insertions(+), 2 deletions(-)
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index fc93ef5..7ae1ce9 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,61 @@
=============================
+ Release Notes for Samba 4.1.9
+ June 23, 2014
+ =============================
+
+
+This is a security release in order to address
+CVE-2014-0244 (Denial of service - CPU loop) and
+CVE-2014-3493 (Denial of service - Server crash/memory corruption).
+
+o CVE-2014-0244:
+ All current released versions of Samba are vulnerable to a denial of
+ service on the nmbd NetBIOS name services daemon. A malformed packet
+ can cause the nmbd server to loop the CPU and prevent any further
+ NetBIOS name service.
+
+ This flaw is not exploitable beyond causing the code to loop expending
+ CPU resources.
+
+o CVE-2014-3493:
+ All current released versions of Samba are affected by a denial of service
+ crash involving overwriting memory on an authenticated connection to the
+ smbd file server.
+
+
+Changes since 4.1.8:
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 10633: CVE-2014-0244: Fix nmbd denial of service.
+ * BUG 10654: CVE-2014-3493: Fix segmentation fault in
+ smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
Release Notes for Samba 4.1.8
June 3, 2014
=============================
@@ -112,8 +169,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.1.7
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git
More information about the Pkg-samba-maint
mailing list