diff options
author | Karolin Seeger <kseeger@samba.org> | 2010-09-09 15:57:36 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2010-09-09 15:57:36 +0200 |
commit | 60afcf886311b96ea4aa532275a57c7388f0c0fd (patch) | |
tree | 4c26bf231207fc499b1f023e19828007871eb651 | |
parent | a34c3e999bb1ea61da31c5b3e845b19663039358 (diff) | |
download | samba-60afcf886311b96ea4aa532275a57c7388f0c0fd.tar.gz |
WHATSNEW: Prepare 3.5.5 release notes.
Karolin
-rw-r--r-- | WHATSNEW.txt | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 19f8875d98a..9ab7b05e8f8 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,20 +1,33 @@ ============================= Release Notes for Samba 3.5.5 - , 2010 + September 16, 2010 ============================= -This is the latest stable release of Samba 3.5. +This is a security release in order to address CVE-2010-3069. -Major enhancements in Samba 3.5.5 include: - o +o CVE-2010-3069: + All current released versions of Samba are vulnerable to + a buffer overrun vulnerability. The sid_parse() function + (and related dom_sid_parse() function in the source4 code) + do not correctly check their input lengths when reading a + binary representation of a Windows SID (Security ID). This + allows a malicious client to send a sid that can overflow + the stack variable that is being used to store the SID in the + Samba smbd server. Changes since 3.5.4 -------------------- +-------------------- + + +o Jeremy Allison <jra@samba.org> + * BUG 7669: Fix for CVE-2010-3069. +o Andrew Bartlett <abartlet@samba.org> + * BUG 7669: Fix for CVE-2010-3069. ###################################################################### |