1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.8.11 - Release Notes</title>
8 <H2>Samba 4.8.11 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.8.11.tar.gz">Samba 4.8.11 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.8.11.tar.asc">Signature</a>
14 <a href="https://download.samba.org/pub/samba/patches/samba-4.8.10-4.8.11.diffs.gz">Patch (gzipped) against Samba 4.8.10</a><br>
15 <a href="https://download.samba.org/pub/samba/patches/samba-4.8.10-4.8.11.diffs.asc">Signature</a>
19 ==============================
20 Release Notes for Samba 4.8.11
22 ==============================
25 This is a security release in order to address the following defect:
27 o CVE-2019-3880 (Save registry file outside share as unprivileged user)
35 Authenticated users with write permission
36 can trigger a symlink traversal to write
37 or detect files outside the Samba share.
39 For more details and workarounds, please refer to the security advisory.
45 o Jeremy Allison <jra@samba.org>
46 * BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of