diff options
| author | Karolin Seeger <kseeger@samba.org> | 2009-09-28 13:21:07 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2009-09-28 13:21:07 +0200 |
| commit | 53ba0b36d0d3bb2fb4b2fc5335920487060ed284 (patch) | |
| tree | c409419dcd398aa0acffe30a20f70355021ac8b8 | |
| parent | d805592d6fb1fa841a74c547945226a916494a2d (diff) | |
| download | samba-53ba0b36d0d3bb2fb4b2fc5335920487060ed284.tar.gz | |
WHATSNEW: Prepare release notes for 3.4.2.
Karolin
| -rw-r--r-- | WHATSNEW.txt | 64 |
1 files changed, 61 insertions, 3 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c066e4bcc49..02db3c82b49 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,64 @@ ============================= + Release Notes for Samba 3.4.2 + September 28, 2009 + ============================= + + +This is a security release in order to address CVE-2009-2813 and CVE-2009-2948. + + o CVE-2009-2813: + In all versions of Samba later than 3.0.11, connecting to the home + share of a user will use the root of the filesystem + as the home directory if this user is misconfigured to have + an empty home directory in /etc/passwd. + + o CVE-2009-2948: + If mount.cifs is installed as a setuid program, a user can pass it a + credential or password path to which he or she does not have access and + then use the --verbose option to view the first line of that file. + All known Samba versions are affected. + + +###################################################################### +Changes +####### + +Changes since 3.4.1 +------------------- + + +o Jeremy Allison <jra@samba.org> + * BUG 6763: Fix for CVE-2009-2813. + + +o Jeff Layton <jlayton@redhat.com> + * Fix for CVE-2009-2948. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.4 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older versions follow: +---------------------------------------- + + ============================= Release Notes for Samba 3.4.1 September 9, 2009 ============================= @@ -134,9 +194,7 @@ database (https://bugzilla.samba.org/). == The Samba Team ====================================================================== - -Release notes for older versions follow: ----------------------------------------- +---------------------------------------------------------------------- ============================= Release Notes for Samba 3.4.0 |