history/samba-4.8.11.html

   1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   2  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   3 <html xmlns="http://www.w3.org/1999/xhtml">
   4 <head>
   5 <title>Samba 4.8.11 - Release Notes</title>
   6 </head>
   7 <body>
   8 <H2>Samba 4.8.11 Available for Download</H2>
   9 <p>
  10 <a href="https://download.samba.org/pub/samba/stable/samba-4.8.11.tar.gz">Samba 4.8.11 (gzipped)</a><br>
  11 <a href="https://download.samba.org/pub/samba/stable/samba-4.8.11.tar.asc">Signature</a>
  12 </p>
  13 <p>
  14 <a href="https://download.samba.org/pub/samba/patches/samba-4.8.10-4.8.11.diffs.gz">Patch (gzipped) against Samba 4.8.10</a><br>
  15 <a href="https://download.samba.org/pub/samba/patches/samba-4.8.10-4.8.11.diffs.asc">Signature</a>
  16 </p>
  17 <p>
  18 <pre>
  19                    ==============================
  20                    Release Notes for Samba 4.8.11
  21                            April 8, 2019
  22                    ==============================
  23
  24
  25 This is a security release in order to address the following defect:
  26
  27 o  CVE-2019-3880 (Save registry file outside share as unprivileged user)
  28
  29
  30 =======
  31 Details
  32 =======
  33
  34 o  CVE-2018-14629:
  35    Authenticated users with write permission
  36    can trigger a symlink traversal to write
  37    or detect files outside the Samba share.
  38
  39 For more details and workarounds, please refer to the security advisory.
  40
  41
  42 Changes since 4.8.10:
  43 ---------------------
  44
  45 o  Jeremy Allison &lt;jra@samba.org&gt;
  46    * BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of
  47      SaveKey/RestoreKey.
  48
  49
  50 </pre>
  51 </p>
  52 </body>
  53 </html>