1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Release Notes Archive</title>
11 <H2>Samba 3.4.7 Available for Download</H2>
15 =============================
16 Release Notes for Samba 3.4.7
18 =============================
21 This is a security release in order to address CVE-2010-0728.
25 In Samba releases 3.5.0, 3.4.6 and 3.3.11, new code
26 was added to fix a problem with Linux asynchronous IO handling.
27 This code introduced a bad security flaw on Linux platforms if the
28 binaries were built on Linux platforms with libcap support.
29 The flaw caused all smbd processes to inherit CAP_DAC_OVERRIDE
30 capabilities, allowing all file system access to be allowed
31 even when permissions should have denied access.
38 o Jeremy Allison <jra@samba.org>
39 * BUG 7222: Fix for CVE-2010-0728.