+ ==============================
+ Release Notes for Samba 3.4.18
+ , 2012
+ ==============================
+
+
+This is a security release in order to address
+CVE-2012- ().
+
+o CVE-2012-:
+
+
+Changes since 3.4.17
+--------------------
+
+
+o Jeremy Allison <jra@samba.org>
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.4 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older versions follow:
+----------------------------------------
+
+ ==============================
+ Release Notes for Samba 3.4.17
+ April 30, 2012
+ ==============================
+
+
+This is a security release in order to address
+CVE-2012-2111 (Incorrect permission checks when granting/removing
+privileges can compromise file server security).
+
+o CVE-2012-2111:
+ Samba 3.4.x to 3.6.4 are affected by a
+ vulnerability that allows arbitrary users
+ to modify privileges on a file server.
+
+
+Changes since 3.4.16
+--------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * Fix incorrect permission checks when granting/removing
+ privileges (CVE-2012-2111).
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.4 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 3.4.16
+ April 10, 2012
+ ==============================
+
+
+This is a security release in order to address
+CVE-2012-1182 ("root" credential remote code execution).
+
+o CVE-2012-1182:
+ Samba 3.0.x to 3.6.3 are affected by a
+ vulnerability that allows remote code
+ execution as the "root" user.
+
+
+Changes since 3.4.15
+--------------------
+
+
+o Stefan Metzmacher <metze@samba.org>
+ *BUG 8815: PIDL based autogenerated code allows overwriting beyond of
+ allocated array (CVE-2012-1182).
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.4 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 3.4.15
+ August 23, 2011
+ ==============================
+
+
+This is the latest stable release of Samba 3.4.
+
+
+Changes since 3.4.14
+--------------------
+
+
+o David Disseldorp <ddiss@suse.de>
+ * BUG 7836: Make newly added printers visible to clients,
+ * BUG 7994: Make cups async printcap retrieval notify parent smbd of error status.
+ * BUG 8269: Stop spamming log with "Could not find child X -- ignoring"
+ messages.
+
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 8362: Fix build issue on old glibc systems.
+
+
+o Jim McDonough <jmcd@samba.org>
+ * BUG 6364: Pull realm from supplied username on libnet join.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 8276: Return the used number of sockets in create_listen_fdset().
+ * BUG 8347: Fix CVE-2011-2522 regression for HP-UX, AIX and OSF.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.4 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 3.4.14
+ July 26, 2011
+ ==============================
+
+
+This is a security release in order to address
+CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
+CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
+
+
+o CVE-2011-2522:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site request forgery.
+
+
+o CVE-2011-2694:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site scripting
+ vulnerability.
+
+Please note that SWAT must be enabled in order for these
+vulnerabilities to be exploitable. By default, SWAT
+is *not* enabled on a Samba install.
+
+
+Changes since 3.4.13
+--------------------
+
+
+o Kai Blin <kai@samba.org>
+ * BUG 8289: SWAT contains a cross-site scripting vulnerability.
+ * BUG 8290: CSRF vulnerability in SWAT.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.4 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 3.4.13
+ April 21, 2011
+ ==============================
+
+
+This is the latest stable release of Samba 3.4.
+
+Major enhancements in Samba 3.4.13 include:
+
+o Fix Winbind crash caused by null pointer reference (bug #8086).
+o Fix incorrect timeout handling in ncacn_ip_tcp client code (bug #8085).
+
+
+Changes since 3.4.12
+--------------------
+
+
+o Günther Deschner <gd@samba.org>
+ * BUG 8085: Fix incorrect timeout handling in ncacn_ip_tcp client code.
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 8086: Fix Winbind crash caused by null pointer reference.
+
+
+o Sergey Korsak <skif@1plus1.net>
+ * BUG 8099: setpwent() actually does endpwent() on FreeBSD.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.4 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 3.4.12
+ February 28, 2011
+ ==============================
+
+
+This is a security release in order to address CVE-2011-0719.
+
+
+o CVE-2011-0719:
+ All current released versions of Samba are vulnerable to
+ a denial of service caused by memory corruption. Range
+ checks on file descriptors being used in the FD_SET macro
+ were not present allowing stack corruption. This can cause
+ the Samba code to crash or to loop attempting to select
+ on a bad file descriptor set.
+
+
+Changes since 3.4.11
+--------------------
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.4 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
==============================
Release Notes for Samba 3.4.11
- January 12, 2011
+ January 23 2011
==============================
======================================================================
-Release notes for older versions follow:
-----------------------------------------
+----------------------------------------------------------------------
+
==============================
Release Notes for Samba 3.4.10
git.samba.org / samba.git / blobdiff