1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Release Notes Archive</title>
11 <H2>Samba 4.0.19 Available for Download</H2>
15 ==============================
16 Release Notes for Samba 4.0.19
18 ==============================
21 This is a security release in order to address
22 CVE-2014-0244 (Denial of service - CPU loop) and
23 CVE-2014-3493 (Denial of service - Server crash/memory corruption).
26 All current released versions of Samba are vulnerable to a denial of
27 service on the nmbd NetBIOS name services daemon. A malformed packet
28 can cause the nmbd server to loop the CPU and prevent any further
31 This flaw is not exploitable beyond causing the code to loop expending
35 All current released versions of Samba are affected by a denial of service
36 crash involving overwriting memory on an authenticated connection to the
43 o Jeremy Allison <jra@samba.org>
44 * BUG 10633: CVE-2014-0244: Fix nmbd denial of service.
45 * BUG 10654: CVE-2014-3493: Fix segmentation fault in
46 smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler.