diff options
author | Karolin Seeger <kseeger@samba.org> | 2014-03-10 17:35:05 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2014-03-11 11:17:34 +0100 |
commit | d053eed91cb8a6d33bc6b79caec3c839209cf407 (patch) | |
tree | fb959499269f57aa877926704e333ead2fc2f82f | |
parent | 906bf7fd50da8acd7720589fe0fe8b7ebde81a5a (diff) | |
download | samba-d053eed91cb8a6d33bc6b79caec3c839209cf407.tar.gz |
WHATSNEW: Add release notes for Samba 3.6.23.samba-3.6.23
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
CVE-2013-4496: Password lockout not enforced for SAMR password
changes
Signed-off-by: Karolin Seeger <kseeger@samba.org>
-rw-r--r-- | WHATSNEW.txt | 58 |
1 files changed, 56 insertions, 2 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 652feab3ffe..717b7ce3d8e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,58 @@ ============================== + Release Notes for Samba 3.6.23 + March 11, 2014 + ============================== + + +This is a security release in order to address +CVE-2013-4496 (Password lockout not enforced for SAMR password changes). + +o CVE-2013-4496: + Samba versions 3.4.0 and above allow the administrator to implement + locking out Samba accounts after a number of bad password attempts. + + However, all released versions of Samba did not implement this check for + password changes, such as are available over multiple SAMR and RAP + interfaces, allowing password guessing attacks. + + +Changes since 3.6.22: +--------------------- + +o Andrew Bartlett <abartlet@samba.org> + * BUG 10245: CVE-2013-4496: Enforce password lockout for SAMR password + changes. + + +o Stefan Metzmacher <metze@samba.org> + * BUG 10245: CVE-2013-4496: Enforce password lockout for SAMR password + changes. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.6 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + ============================== Release Notes for Samba 3.6.22 December 9, 2013 ============================== @@ -88,8 +142,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================== Release Notes for Samba 3.6.21 |