+ ==============================
+ Release Notes for Samba 4.2.11
+ April 12, 2016
+ ==============================
+
+This is a security release containing one additional
+regression fix for the security release 4.2.10.
+
+This fixes a regression that prevents things like 'net ads join'
+from working against a Windows 2003 domain.
+
+Changes since 4.2.10:
+=====================
+
+o Stefan Metzmacher <metze@samba.org>
+ * Bug 11804 - prerequisite backports for the security release on
+ April 12th, 2016
+
+Release notes for the original 4.2.10 release follows:
+------------------------------------------------------
+
==============================
Release Notes for Samba 4.2.10
April 12, 2016
errors in validation of the DCE-RPC packets can lead to a downgrade
of a secure connection to an insecure one.
+ While we think it is unlikely, there's a nonzero chance for
+ a remote code execution attack against the client components,
+ which are used by smbd, winbindd and tools like net, rpcclient and
+ others. This may gain root access to the attacker.
+
The above applies all possible server roles Samba can operate in.
Note that versions before 3.6.0 had completely different marshalling
server.
Changes since 4.2.9:
---------------------
+====================
o Jeremy Allison <jra@samba.org>
* Bug 11344 - CVE-2015-5370: Multiple errors in DCE-RPC code.
git.samba.org / samba.git / commitdiff