1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Release Notes Archive</title>
11 <H2>Samba 3.4.9 Available for Download</H2>
15 =============================
16 Release Notes for Samba 3.4.9
18 =============================
21 This is a security release in order to address CVE-2010-3069.
25 All current released versions of Samba are vulnerable to
26 a buffer overrun vulnerability. The sid_parse() function
27 (and related dom_sid_parse() function in the source4 code)
28 do not correctly check their input lengths when reading a
29 binary representation of a Windows SID (Security ID). This
30 allows a malicious client to send a sid that can overflow
31 the stack variable that is being used to store the SID in the
39 o Jeremy Allison <jra@samba.org>
40 * BUG 7669: Fix for CVE-2010-3069.
43 o Andrew Bartlett <abartlet@samba.org>
44 * BUG 7669: Fix for CVE-2010-3069.