1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Release Notes Archive</title>
11 <H2>Samba 3.3.16 Available for Download</H2>
15 ==============================
16 Release Notes for Samba 3.3.16
18 ==============================
21 This is a security release in order to address
22 CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
23 CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
27 The Samba Web Administration Tool (SWAT) in Samba versions
28 3.0.x to 3.5.9 are affected by a cross-site request forgery.
32 The Samba Web Administration Tool (SWAT) in Samba versions
33 3.0.x to 3.5.9 are affected by a cross-site scripting
36 Please note that SWAT must be enabled in order for these
37 vulnerabilities to be exploitable. By default, SWAT
38 is *not* enabled on a Samba install.
45 o Kai Blin <kai@samba.org>
46 * BUG 8289: SWAT contains a cross-site scripting vulnerability.
47 * BUG 8290: CSRF vulnerability in SWAT.