1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Release Notes Archive</title>
11 <H2>Samba 4.0.21 Available for Download</H2>
15 ==============================
16 Release Notes for Samba 4.0.21
18 ==============================
21 This is a security release in order to address
22 CVE-2014-3560 (Remote code execution in nmbd).
25 Samba 4.0.0 to 4.1.10 are affected by a remote code execution attack on
26 unauthenticated nmbd NetBIOS name services.
28 A malicious browser can send packets that may overwrite the heap of
29 the target nmbd NetBIOS name services daemon. It may be possible to
30 use this to generate a remote code execution vulnerability as the
37 o Volker Lendecke <vl@samba.org>
38 * BUG 10735: CVE-2014-3560: Fix unstrcpy macro length.