diff options
author | Karolin Seeger <kseeger@samba.org> | 2010-09-15 20:55:30 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2010-09-15 20:55:30 +0200 |
commit | ead6726c5d1923c3ad309e6e3e0f84d32a263d42 (patch) | |
tree | bf649574ab9009c75eab9c0f0db42bae3ca2a04e | |
parent | bb3dc1edc91e5fb5c9404ba49b0405a23b4ecb74 (diff) | |
download | samba-ead6726c5d1923c3ad309e6e3e0f84d32a263d42.tar.gz |
WHATSNEW: Prepare 3.4.9 release notes.
Karolin
-rw-r--r-- | WHATSNEW.txt | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 385731f42b0..5b25be32e14 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,19 +1,33 @@ ============================= Release Notes for Samba 3.4.9 - , 2010 + September 14, 2010 ============================= -This is the latest stable release of Samba 3.4. +This is a security release in order to address CVE-2010-3069. + -Major enhancements in Samba 3.4.9 include: +o CVE-2010-3069: + All current released versions of Samba are vulnerable to + a buffer overrun vulnerability. The sid_parse() function + (and related dom_sid_parse() function in the source4 code) + do not correctly check their input lengths when reading a + binary representation of a Windows SID (Security ID). This + allows a malicious client to send a sid that can overflow + the stack variable that is being used to store the SID in the + Samba smbd server. - o Changes since 3.4.8 ------------------- +o Jeremy Allison <jra@samba.org> + * BUG 7669: Fix for CVE-2010-3069. + + +o Andrew Bartlett <abartlet@samba.org> + * BUG 7669: Fix for CVE-2010-3069. ###################################################################### |