Samba 4.0.21 Available for Download

                   Release Notes for Samba 4.0.21
                           August 1, 2014

This is a security release in order to address
CVE-2014-3560 (Remote code execution in nmbd).

o  CVE-2014-3560:
   Samba 4.0.0 to 4.1.10 are affected by a remote code execution attack on
   unauthenticated nmbd NetBIOS name services.

   A malicious browser can send packets that may overwrite the heap of
   the target nmbd NetBIOS name services daemon. It may be possible to
   use this to generate a remote code execution vulnerability as the
   superuser (root).

Changes since 4.1.20:

o   Volker Lendecke <>
    * BUG 10735: CVE-2014-3560: Fix unstrcpy macro length.