Navigation:
Browse pkgsrc
(this page)| 2011-08-02 16:06:20 by Takahiro Kambe | Files touched by this commit (2) |
Log message: Add workaround for NetBSD 5.99.54 as samba35. |
| 2011-07-27 02:53:37 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
Update samba33 package to 3.3.16; security fix for swat.
==============================
Release Notes for Samba 3.3.16
July 26, 2011
==============================
This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.
o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.
Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.
Changes since 3.3.15
--------------------
o Kai Blin <kai@samba.org>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.
|
| 2011-04-22 15:45:23 by OBATA Akio | Files touched by this commit (2234) |
Log message: recursive bump from gettext-lib shlib bump. |
| 2011-02-28 15:34:09 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update samba33 pacakge to 3.3.15.
Release Announcements
=====================
Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to
address CVE-2011-0719.
o CVE-2011-0719:
All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.
A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).
Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.
Changes
-------
o Jeremy Allison <jra at samba.org>
* BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
|
| 2010-12-04 00:43:15 by Jared D. McNeill | Files touched by this commit (3) |
Log message: add ads, ldap, pam, and winbind to default pkg options bump pkg revision |
| 2010-09-14 15:08:23 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update samba33 package to 3.3.14.
==============================
Release Notes for Samba 3.3.14
September 14, 2010
==============================
This is a security release in order to address CVE-2010-3069.
o CVE-2010-3069:
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.
|
| 2010-06-16 16:34:35 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update samba33 package to 3.3.13.
Changes since 3.3.12
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 7494: Fix for CVE-2010-2063.
|
| 2010-04-15 11:38:09 by Stephen Borrill | Files touched by this commit (2) |
Log message: Bump PKGREVISION due to removing -B flag from winbindd rc.d script |
| 2010-04-14 16:51:01 by Stephen Borrill | Files touched by this commit (2) |
Log message: Add openssl bl3.mk file so that we play nicely with PREFER_PKGSRC+=openssl |
| 2010-03-09 02:33:26 by Takahiro Kambe | Files touched by this commit (1) |
Log message: Reset PKGREVISION while updating to 3.3.12. |
New packages: