Samba - Release Notes Archive

Samba 3.4.9 Available for Download

                   =============================
                   Release Notes for Samba 3.4.9
			 September 14, 2010
                   =============================


This is a security release in order to address CVE-2010-3069.


o  CVE-2010-3069:
   All current released versions of Samba are vulnerable to
   a buffer overrun vulnerability. The sid_parse() function
   (and related dom_sid_parse() function in the source4 code)
   do not correctly check their input lengths when reading a
   binary representation of a Windows SID (Security ID). This
   allows a malicious client to send a sid that can overflow
   the stack variable that is being used to store the SID in the
   Samba smbd server.


Changes since 3.4.8
-------------------


o   Jeremy Allison <jra@samba.org>
    * BUG 7669: Fix for CVE-2010-3069.


o   Andrew Bartlett <abartlet@samba.org>
    * BUG 7669: Fix for CVE-2010-3069.