pidl: Samba3/ClientNDR - Correctly copy arrays, if r.out.size < r.in.size.

[samba.git] / WHATSNEW.txt

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 385731f42b06e3f427efef033083ddcdd786e957..5b25be32e1493ffee2be49b1d01a0711c12d9a81 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,19 +1,33 @@
                    =============================
                    Release Notes for Samba 3.4.9
-                          , 2010
+                        September 14, 2010
                    =============================
 
 
-This is the latest stable release of Samba 3.4.
+This is a security release in order to address CVE-2010-3069.
+
 
-Major enhancements in Samba 3.4.9 include:
+o  CVE-2010-3069:
+   All current released versions of Samba are vulnerable to
+   a buffer overrun vulnerability. The sid_parse() function
+   (and related dom_sid_parse() function in the source4 code)
+   do not correctly check their input lengths when reading a
+   binary representation of a Windows SID (Security ID). This
+   allows a malicious client to send a sid that can overflow
+   the stack variable that is being used to store the SID in the
+   Samba smbd server.
 
-   o 
 
 Changes since 3.4.8
 -------------------
 
 
+o   Jeremy Allison <jra@samba.org>
+    * BUG 7669: Fix for CVE-2010-3069.
+
+
+o   Andrew Bartlett <abartlet@samba.org>
+    * BUG 7669: Fix for CVE-2010-3069.
 
 
 ######################################################################