git.samba.org / samba-web.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
NEWS[4.6.6]: Samba 4.6.6, 4.5.12 and 4.4.15 Available for Download
[samba-web.git] / history / security.html
1 <!--#include virtual="/samba/header.html" --> 
2   <title>Samba - Security Updates and Information</title>
3 <!--#include virtual="header_history.html" -->
4
5 <h2>Samba Security Releases</h2>
6
7     <p>Security releases for Samba are listed below by their release
8 date. The previously affected versions of Samba are listed alongside
9 the appropriate security concern. For complete information, follow the
10 link to full release notes for each release.</p>
11
12
13     <table class="security_table">
14       <th colspan="6">Samba Security Releases</th>
15       <tr >
16         <td><em>Date Issued</em></td>
17         <td><em>Download</em></td>
18         <td><em>Known Issue(s)</em></td>
19         <td><em>Affected Releases</em></td>
20         <td><em>CVE ID #</em></td>
21         <td><em>Details</em></td>
22       </tr>
23
24     <tr>
25         <td>12 July 2017</td>
26         <td><a href="/samba/ftp/patches/security/samba-4.x.y-CVE-2017-11103.patch">
27         patch for Samba 4.x.y</a><br />
28         <td>Orpheus&apos; Lyre mutual authentication validation bypass.
29         </td>
30         <td>All versions between Samba 4.0.0 and 4.6.6/4.5.12/4.4.15</td>
31         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103">CVE-2017-11103</a>
32         </td>
33         <td><a href="/samba/security/CVE-2017-11103.html">Announcement</a>
34         </td>
35     </tr>
36
37     <tr>
38         <td>24 May 2017</td>
39         <td><a href="/samba/ftp/patches/security/samba-4.6.3-4.5.9-4.4.13-CVE-2017-7494.patch">
40         patch for Samba 4.6.3, 4.5.9, 4.4.13</a><br />
41         <td>Remote code execution from a writable share.
42         </td>
43         <td>All versions between Samba 3.5.0 and 4.6.4/4.5.10/4.4.14</td>
44         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494">CVE-2017-7494</a>
45         </td>
46         <td><a href="/samba/security/CVE-2017-7494.html">Announcement</a>
47         </td>
48     </tr>
49
50     <tr>
51         <td>23 Mar 2017</td>
52         <td><a href="/samba/ftp/patches/security/samba-4.6.0-CVE-2017-2619.patch">
53         patch for Samba 4.6.0</a><br />
54         <a href="/samba/ftp/patches/security/samba-4.5.6-CVE-2017-2619.patch">
55         patch for Samba 4.5.6</a><br />
56         <a href="/samba/ftp/patches/security/samba-4.4.11-CVE-2017-2619.patch">
57         patch for Samba 4.4.11</a><br />
58         <td>Symlink race allows access outside share definition.
59         </td>
60         <td>All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12</td>
61         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2619">CVE-2017-2619</a>
62         </td>
63         <td><a href="/samba/security/CVE-2017-2619.html">Announcement</a>
64         </td>
65     </tr>
66
67     <tr>
68         <td>19 Dec 2016</td>
69         <td><a href="/samba/ftp/patches/security/samba-4.5.2-security-20016-12-19.patch">
70         patch for Samba 4.5.2</a><br />
71         <a href="/samba/ftp/patches/security/samba-4.4.7-security-20016-12-19.patch">
72         patch for Samba 4.4.7</a><br />
73         <a href="/samba/ftp/patches/security/samba-4.3.12-security-20016-12-19.patch">
74         patch for Samba 4.3.12</a><br />
75         <td>Numerous CVEs. Please see the announcements for details.
76         </td>
77         <td>please refer to the advisories</td>
78         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2123">CVE-2016-2123</a>, 
79             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2125">CVE-2016-2125</a>, 
80             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2126">CVE-2016-2126</a>
81         </td>
82         <td><a href="/samba/security/CVE-2016-2123.html">Announcement</a>, 
83             <a href="/samba/security/CVE-2016-2125.html">Announcement</a>, 
84             <a href="/samba/security/CVE-2016-2126.html">Announcement</a>
85         </td>
86     </tr>
87
88     <tr>
89         <td>07 Jul 2016</td>
90         <td><a href="/samba/ftp/patches/security/samba-4.4.4-CVE-2016-2119.patch">
91         patch for Samba 4.4.4</a><br />
92         <a href="/samba/ftp/patches/security/samba-4.3.10-CVE-2016-2119.patch">
93         patch for Samba 4.3.10</a><br />
94         <a href="/samba/ftp/patches/security/samba-4.2.13-CVE-2016-2119.patch">
95         patch for Samba 4.2.13</a><br />
96         <td>Client side SMB2/3 required signing can be downgraded.
97         </td>
98         <td>4.0.0 - 4.4.4</td>
99         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119">CVE-2016-2119</a>
100         </td>
101         <td><a href="/samba/security/CVE-2016-2119.html">Announcement</a>
102         </td>
103     </tr>
104
105     <tr>
106         <td>12 Apr 2016</td>
107         <td><a href="/samba/ftp/patches/security/samba-4.4.0-security-2016-04-12-final.patch">
108         patch for Samba 4.4.0</a><br />
109         <a href="/samba/ftp/patches/security/samba-4.3.6-security-2016-04-12-final.patch">
110         patch for Samba 4.3.6</a><br />
111         <a href="/samba/ftp/patches/security/samba-4.2.9-security-2016-04-12-final.patch">
112         patch for Samba 4.2.9</a><br />
113         <a href="/samba/ftp/patches/security/samba-v4-0-security-2016-04-12-fileserver-only.patch.xz">
114         patch for Samba 4.0.26 (fileserver only! no client! no domain controller!)</a><br />
115         <a href="/samba/ftp/patches/security/samba-v3-6-security-2016-04-12.tar.xz">
116         patch for Samba 3.6.25 (only related CVEs)</a><br />
117         <td>Numerous CVEs. Please see the announcements for details.
118         </td>
119         <td>please refer to the advisories</td>
120         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370">CVE-2015-5370</a>, 
121             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110">CVE-2016-2110</a>, 
122             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111">CVE-2016-2111</a>, 
123             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112">CVE-2016-2112</a>, 
124             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113">CVE-2016-2113</a>, 
125             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114">CVE-2016-2114</a>, 
126             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115">CVE-2016-2115</a>, 
127             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118">CVE-2016-2118</a>
128         </td>
129         <td><a href="/samba/security/CVE-2015-5370.html">Announcement</a>
130             <a href="/samba/security/CVE-2016-2110.html">Announcement</a>
131             <a href="/samba/security/CVE-2016-2111.html">Announcement</a>
132             <a href="/samba/security/CVE-2016-2112.html">Announcement</a>
133             <a href="/samba/security/CVE-2016-2113.html">Announcement</a>
134             <a href="/samba/security/CVE-2016-2114.html">Announcement</a>
135             <a href="/samba/security/CVE-2016-2115.html">Announcement</a>
136             <a href="/samba/security/CVE-2016-2118.html">Announcement</a>
137         </td>
138     </tr>
139
140     <tr>
141         <td>08 Mar 2016</td>
142         <td><a href="/samba/ftp/patches/security/samba-4.3.5-security-2016-03-08.patch">
143         patch for Samba 4.3.5</a><br />
144         <a href="/samba/ftp/patches/security/samba-4.2.8-security-2016-03-08.patch">
145         patch for Samba 4.2.8</a><br />
146         <a href="/samba/ftp/patches/security/samba-4.1.22-security-2016-03-08.patch">
147         patch for Samba 4.1.22</a><br />
148         <td>Incorrect ACL get/set allowed on symlink path, Out-of-bounds read in internal DNS server.
149         </td>
150         <td>please refer to the advisories</td>
151         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7560">CVE-2015-7560</a>, 
152             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0771">CVE-2016-0771</a>, 
153         </td>
154         <td><a href="/samba/security/CVE-2015-7560.html">Announcement</a>
155             <a href="/samba/security/CVE-2016-0771.html">Announcement</a>
156         </td>
157     </tr>
158
159     <tr>
160         <td>16 Dec 2015</td>
161         <td><a href="/samba/ftp/patches/security/samba-4.3.2-security-2015-12-16.patch">
162         patch for Samba 4.3.2</a><br />
163         <a href="/samba/ftp/patches/security/samba-4.2.6-security-2015-12-16.patch">
164         patch for Samba 4.2.6</a><br />
165         <a href="/samba/ftp/patches/security/samba-4.1.21-security-2015-12-16.patch">
166         patch for Samba 4.1.21</a><br />
167         <a href="/samba/ftp/patches/security/samba-3.6.25-security-2015-12-16.patch">
168         patch for Samba 3.6.25</a><br />
169         <td>Numerous CVEs. Please see the announcements for details.
170         </td>
171         <td>3.0.0 to 4.3.2</td>
172         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223">CVE-2015-3223</a>, 
173             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252">CVE-2015-5252</a>, 
174             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296">CVE-2015-5296</a>, 
175             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299">CVE-2015-5299</a>, 
176             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330">CVE-2015-5330</a>, 
177             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7540">CVE-2015-7540</a>, 
178             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8467">CVE-2015-8467</a>
179         </td>
180         <td><a href="/samba/security/CVE-2015-3223.html">Announcement</a>
181             <a href="/samba/security/CVE-2015-5252.html">Announcement</a>
182             <a href="/samba/security/CVE-2015-5296.html">Announcement</a>
183             <a href="/samba/security/CVE-2015-5299.html">Announcement</a>
184             <a href="/samba/security/CVE-2015-5330.html">Announcement</a>
185             <a href="/samba/security/CVE-2015-7540.html">Announcement</a>
186             <a href="/samba/security/CVE-2015-8467.html">Announcement</a>
187         </td>
188     </tr>
189
190     <tr>
191         <td>23 Feb 2015</td>
192         <td><a href="/samba/ftp/patches/security/samba-4.1.16-CVE-2015-0240.patch">
193         patch for Samba 4.1.16</a><br />
194         <a href="/samba/ftp/patches/security/samba-4.0.24-CVE-2015-0240.patch">
195         patch for Samba 4.0.24</a><br />
196         <a href="/samba/ftp/patches/security/samba-3.6.24-CVE-2015-0240.patch">
197         patch for Samba 3.6.24</a><br />
198         <a href="/samba/ftp/patches/security/samba-3.5.22-CVE-2015-0240.patch">
199         patch for Samba 3.5.22</a><br />
200         <td>Unexpected code execution in smbd.
201         </td>
202         <td>3.5.0 - 4.2.0rc4</td>
203         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240">CVE-2015-0240</a>
204         </td>
205         <td><a href="/samba/security/CVE-2015-0240.html">Announcement</a>
206         </td>
207     </tr>
208
209     <tr>
210         <td>15 Jan 2015</td>
211         <td><a href="/samba/ftp/patches/security/samba-4.1.15-CVE-2014-8143.patch">
212         patch for Samba 4.1.15</a><br />
213         <a href="/samba/ftp/patches/security/samba-4.0.23-CVE-2014-8143.patch">
214         patch for Samba 4.0.23</a><br />
215         <td>Elevation of privilege to Active Directory Domain Controller.
216         </td>
217         <td>4.0.0 - 4.1.15</td>
218         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143">CVE-2014-8143</a>
219         </td>
220         <td><a href="/samba/security/CVE-2014-8143.html">Announcement</a>
221         </td>
222     </tr>
223
224     <tr>
225         <td>01 Aug 2014</td>
226         <td><a href="/samba/ftp/patches/security/samba-4.1.10-CVE-2014-3560.patch">
227         patch for Samba 4.1.10</a><br />
228         <a href="/samba/ftp/patches/security/samba-4.0.20-CVE-2014-3560.patch">
229         patch for Samba 4.0.20</a><br />
230         <td>Remote code execution in nmbd.
231         </td>
232         <td>4.0.0 - 4.1.10</td>
233         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560">CVE-2014-3560</a>
234         </td>
235         <td><a href="/samba/security/CVE-2014-3560.html">Announcement</a>
236         </td>
237     </tr>
238
239     <tr>
240         <td>23 Jun 2014</td>
241         <td><a href="/samba/ftp/patches/security/samba-4.1.8-CVE-2014-0244-CVE-2014-3493.patch">
242         patch for Samba 4.1.8</a><br />
243         <a href="/samba/ftp/patches/security/samba-4.0.18-CVE-2014-0244-CVE-2014-3493.patch">
244         patch for Samba 4.0.18</a><br />
245         <a href="/samba/ftp/patches/security/samba-3.6.23-CVE-2014-0244-CVE-2014-3493.patch">
246         patch for Samba 3.6.23</a><br />
247         <td>Denial of service - CPU loop, Denial of service - Server crash/memory corruption.
248         </td>
249         <td>please refer to the advisories</td>
250         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244">CVE-2014-0244</a>, 
251             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493">CVE-2014-3493</a>
252         </td>
253         <td><a href="/samba/security/CVE-2014-0244.html">Announcement</a>
254             <a href="/samba/security/CVE-2014-3493.html">Announcement</a>
255         </td>
256     </tr>
257
258     <tr>
259         <td>03 June 2014</td>
260         <td><a href="/samba/ftp/patches/security/samba-4.0.17-CVE-2014-0178-CVE-2014-0239.patch">
261         patch for Samba 4.0.17</a><br />
262         <a href="/samba/ftp/patches/security/samba-4.1.7-CVE-2014-0178-CVE-2014-0239.patch">
263         patch for Samba 4.1.7</a><br />
264         <a href="/samba/ftp/patches/security/samba-3.6.23-CVE-2014-0178.patch">
265         patch for Samba 3.6.23 (CVE-2014-0178 only)</a><br />
266         <td>Uninitialized memory exposure, Potential DOS in Samba internal DNS server.
267         </td>
268         <td>please refer to the advisories</td>
269         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178">CVE-2014-0178</a>, 
270             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0239">CVE-2014-0239</a>
271         </td>
272         <td><a href="/samba/security/CVE-2014-0178.html">Announcement</a>
273             <a href="/samba/security/CVE-2014-0239.html">Announcement</a>
274         </td>
275     </tr>
276
277     <tr>
278         <td>11 Mar 2014</td>
279         <td><a href="/samba/ftp/patches/security/samba-4.1.5-CVE-2013-4496-CVE-2013-6442.patch">
280         patch for Samba 4.1.5</a><br />
281         <a href="/samba/ftp/patches/security/samba-4.0.15-CVE-2013-4496-CVE-2013-6442.patch">
282         patch for Samba 4.0.15</a><br />
283         <a href="/samba/ftp/patches/security/samba-3.6.22-CVE-2013-4496.patch">
284         patch for Samba 3.6.22</a><br />
285         <td>Password lockout not enforced for SAMR password changes, smbcacls can remove a file
286         or directory ACL by mistake.
287         </td>
288         <td>please refer to the advisories</td>
289         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496">CVE-2013-4496</a>, 
290             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442">CVE-2013-6442</a>
291         </td>
292         <td><a href="/samba/security/CVE-2013-4496.html">Announcement</a>
293             <a href="/samba/security/CVE-2013-6442.html">Announcement</a>
294         </td>
295     </tr>
296
297     <tr>
298         <td>09 Dec 2013</td>
299         <td><a href="/samba/ftp/patches/security/samba-4.1.2-CVE-2013-4408-CVE-2012-6150.patch">
300         patch for Samba 4.1.2</a><br />
301         <a href="/samba/ftp/patches/security/samba-4.0.12-CVE-2013-4408-CVE-2012-6150.patch">
302         patch for Samba 4.0.12</a><br />
303         <a href="/samba/ftp/patches/security/samba-3.6.21-CVE-2013-4408-CVE-2012-6150.patch">
304         patch for Samba 3.6.21</a><br />
305         <a href="/samba/ftp/patches/security/samba-3.5.22-CVE-2013-4408.patch">
306         patch for Samba 3.5.22</a><br />
307         <a href="/samba/ftp/patches/security/samba-3.4.17-CVE-2013-4408.patch">
308         patch for Samba 3.4.17</a>
309         <td>DCE-RPC fragment length field is incorrectly checked, pam_winbind
310         login without require_membership_of restrictions.</td>
311         <td>please refer to the advisories</td>
312         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408">CVE-2013-4408</a>, 
313             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150">CVE-2012-6150</a>
314         </td>
315         <td><a href="/samba/security/CVE-2013-4408.html">Announcement</a>
316             <a href="/samba/security/CVE-2012-6150.html">Announcement</a>
317         </td>
318     </tr>
319
320     <tr>
321         <td>11 Nov 2013</td>
322         <td><a href="/samba/ftp/patches/security/samba-4.1.0-CVE-2013-4475-CVE-2013-4476.patch">
323         patch for Samba 4.1.0</a><br />
324         <a href="/samba/ftp/patches/security/samba-4.0.10-CVE-2013-4475-CVE-2013-4476.patch">
325         patch for Samba 4.0.10</a><br />
326         <a href="/samba/ftp/patches/security/samba-3.6.19-CVE-2013-4475.patch">
327         patch for Samba 3.6.19</a><br />
328         <td>ACLs are not checked on opening an alternate data stream on a file
329             or directory, Private key in key.pem world readable.</td>
330         <td>3.2.0 - 4.1.0, 4.0.0 - 4.0.10, 4.1.0</td>
331         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475">CVE-2013-4475</a>, 
332             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4476">CVE-2013-4476</a>
333         </td>
334         <td><a href="/samba/security/CVE-2013-4475.html">Announcement</a>
335             <a href="/samba/security/CVE-2013-4476.html">Announcement</a>
336         </td>
337     </tr>
338
339     <tr>
340         <td>05 Aug 2013</td>
341         <td><a href="/samba/ftp/patches/security/samba-4.0.7-CVE-2013-4124.patch">
342         patch for Samba 4.0.7</a><br />
343         <a href="/samba/ftp/patches/security/samba-3.6.16-CVE-2013-4124.patch">
344         patch for Samba 3.6.16</a><br />
345         <a href="/samba/ftp/patches/security/samba-3.5.21-CVE-2013-4124.patch">
346         patch for Samba 3.5.21</a><br />
347         <td>Denial of service - CPU loop and memory allocation.</td>
348         <td>3.0.x-4.0.7</td>
349         <td><a
350         href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124">CVE-2013-4124</a>
351         </td>
352         <td><a href="/samba/security/CVE-2013-4124.html">Announcement</a>
353         </td>
354     </tr>
355
356     <tr>
357         <td>02 Apr 2013</td>
358         <td><a href="/samba/ftp/patches/security/samba-3.6-CVE-2013-0454.patch">
359         patch for Samba 3.6.5</a>
360         <td>A writable configured share might get read only</td>
361         <td>3.6.0 - 3.6.5 (inclusive)</td>
362         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454">CVE-2013-0454</a>
363         </td>
364         <td><a href="/samba/security/CVE-2013-0454.html">Announcement</a>
365         </td>
366     </tr>
367
368     <tr>
369         <td>19 Mar 2013</td>
370         <td><a href="/samba/ftp/patches/security/samba-4.0.3-CVE-2013-1863.patch">
371         patch for Samba 4.0.3</a>
372         <td>World-writeable files may be created in additional shares on a Samba
373         4.0 AD DC.</td>
374         <td>4.0.0rc6-4.0.3</td>
375         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1863">CVE-2013-1863</a>
376         </td>
377         <td><a href="/samba/security/CVE-2013-1863.html">Announcement</a>
378         </td>
379     </tr>
380
381     <tr>
382         <td>30 Jan 2013</td>
383         <td><a href="/samba/ftp/patches/security/samba-4.0.1-CVE-2013-0213-CVE-2013-0214.patch">
384         patch for Samba 4.0.1</a><br />
385         <a href="/samba/ftp/patches/security/samba-3.6.11-CVE-2013-0213-CVE-2013-0214.patch">
386         patch for Samba 3.6.11</a><br />
387         <a href="/samba/ftp/patches/security/samba-3.5.20-CVE-2013-0213-CVE-2013-0214.patch">
388         patch for Samba 3.5.20</a><br />
389         <td>Clickjacking issue and potential XSRF in SWAT.</td>
390         <td>3.0.x-4.0.1</td>
391         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213">CVE-2013-0213</a>, 
392             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214">CVE-2013-0214</a>
393         </td>
394         <td><a href="/samba/security/CVE-2013-0213.html">Announcement</a>
395             <a href="/samba/security/CVE-2013-0214.html">Announcement</a>
396         </td>
397     </tr>
398
399     <tr>
400         <td>15 Jan 2013</td>
401         <td><a href="/samba/ftp/patches/security/samba-4.0.0-CVE-2013-0172.patch">
402         patch for Samba 4.0.0</a>
403         <td>Samba 4.0 as an AD DC may provide authenticated users with write
404         access to LDAP directory objects.</td>
405         <td>4.0.0</td>
406         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0172">CVE-2013-0172</a></td>
407         <td><a href="/samba/security/CVE-2013-0172.html">Announcement</a></td>
408     </tr>
409
410     <tr>
411         <td>30 Apr 2012</td>
412         <td><a href="/samba/ftp/patches/security/samba-3.4.16-CVE-2012-2111.patch">
413         patch for Samba 3.4.16</a><br />
414         <a href="/samba/ftp/patches/security/samba-3.5.14-CVE-2012-2111.patch">
415         patch for Samba 3.5.14</a><br />
416         <a href="/samba/ftp/patches/security/samba-3.6.4-CVE-2012-2111.patch">
417         patch for Samba 3.6.4</a><br />
418         <td>Incorrect permission checks when granting/removing privileges can
419         compromise file server security.</td>
420         <td>3.4.x-3.6.4</td>
421         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111">CVE-2012-2111</a></td>
422         <td><a href="/samba/security/CVE-2012-2111.html">Announcement</a></td>
423     </tr>
424
425     <tr>
426         <td>10 Apr 2012</td>
427         <td><a href="/samba/ftp/patches/security/samba-3.0.37-CVE-2012-1182.patch">
428         patch for Samba 3.0.37</a><br />
429         <a href="/samba/ftp/patches/security/samba-3.2.15-CVE-2012-1182.patch">
430         patch for Samba 3.2.15</a><br />
431         <a href="/samba/ftp/patches/security/samba-3.3.16-CVE-2012-1182.patch">
432         patch for Samba 3.3.16</a><br />
433         <a href="/samba/ftp/patches/security/samba-3.4.15-CVE-2012-1182.patch">
434         patch for Samba 3.4.15</a><br />
435         <a href="/samba/ftp/patches/security/samba-3.5.13-CVE-2012-1182.patch">
436         patch for Samba 3.5.13</a><br />
437         <a href="/samba/ftp/patches/security/samba-3.6.3-CVE-2012-1182.patch">
438         patch for Samba 3.6.3</a><br />
439         <td>"root" credential remote code execution</td>
440         <td>all current releases</td>
441         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182">CVE-2012-1182</a></td>
442         <td><a href="/samba/security/CVE-2012-1182.html">Announcement</a></td>
443     </tr>
444
445     <tr>
446         <td>23 Feb 2012</td>
447         <td><a href="/samba/ftp/patches/security/samba-3.0-CVE-2012-0870.patch">
448         patch for Samba 3.0</a><br />
449         <a href="/samba/ftp/patches/security/samba-3.2-CVE-2012-0870.patch">
450         patch for Samba 3.2</a><br />
451         <a href="/samba/ftp/patches/security/samba-3.3-CVE-2012-0870.patch">
452         patch for Samba 3.3</a><br />
453         <td>Remote code execution vulnerability in smbd</td>
454         <td>pre-3.4</td>
455         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0870">CVE-2012-0870</a></td>
456         <td><a href="/samba/security/CVE-2012-0870.html">Announcement</a></td>
457     </tr>
458
459     <tr>
460         <td>29 Jan 2012</td>
461         <td><a href="/samba/ftp/patches/security/samba-3.6.2-CVE-2012-0817.patch">
462         patch for Samba 3.6.2</a>
463         <td>Memory leak/Denial of service</td>
464         <td>3.6.0-3.6.2</td>
465         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0817">CVE-2012-0817</a></td>
466         <td><a href="/samba/security/CVE-2012-0817.html">Announcement</a></td>
467     </tr>
468
469     <tr>
470         <td>26 Jul 2011</td>
471         <td><a href="/samba/ftp/patches/security/samba-3.3.15-CVE-2011-2522.patch">
472         patch for Samba 3.3.15</a><br />
473         <a href="/samba/ftp/patches/security/samba-3.4.13-CVE-2011-2522.patch">
474         patch for Samba 3.4.13</a><br />
475         <a href="/samba/ftp/patches/security/samba-3.5.9-CVE-2011-2522.patch">
476         patch for Samba 3.5.9</a><br />
477         <td>Cross-Site Request Forgery in SWAT</td>
478         <td>all current releases</td>
479         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522">CVE-2011-2522</a></td>
480         <td><a href="/samba/security/CVE-2011-2522.html">Announcement</a></td>
481     </tr>
482
483     <tr>
484         <td>26 Jul 2011</td>
485         <td><a href="/samba/ftp/patches/security/samba-3.3.15-CVE-2011-2694.patch">
486         patch for Samba 3.3.15</a><br />
487         <a href="/samba/ftp/patches/security/samba-3.4.13-CVE-2011-2694.patch">
488         patch for Samba 3.4.13</a><br />
489         <a href="/samba/ftp/patches/security/samba-3.5.9-CVE-2011-2694.patch">
490         patch for Samba 3.5.9</a><br />
491         <td>Cross-Site Scripting vulnerability in SWAT</td>
492         <td>all current releases</td>
493         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694">CVE-2011-2694</a></td>
494         <td><a href="/samba/security/CVE-2011-2694.html">Announcement</a></td>
495     </tr>
496
497     <tr>
498         <td>18 Feb 2011</td>
499         <td><a href="/samba/ftp/patches/security/samba-3.3.14-CVE-2011-0719.patch">
500         patch for Samba 3.3.14</a><br />
501         <a href="/samba/ftp/patches/security/samba-3.4.11-CVE-2011-0719.patch">
502         patch for Samba 3.4.11</a><br />
503         <a href="/samba/ftp/patches/security/samba-3.5.6-CVE-2011-0719.patch">
504         patch for Samba 3.5.6</a><br />
505         <td>Denial of service - memory corruption</td>
506         <td>all current releases</td>
507         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719">CVE-2011-0719</a></td>
508         <td><a href="/samba/security/CVE-2011-0719.html">Announcement</a></td>
509     </tr>
510
511     <tr>
512         <td>14 Sep 2010</td>
513         <td><a href="/samba/ftp/patches/security/samba-3.3.13-CVE-2010-3069.patch">
514         patch for Samba 3.3.13</a><br />
515         <a href="/samba/ftp/patches/security/samba-3.4.8-CVE-2010-3069.patch">
516         patch for Samba 3.4.8</a><br />
517         <a href="/samba/ftp/patches/security/samba-3.5.4-CVE-2010-3069.patch">
518         patch for Samba 3.5.4</a><br />
519         <td>Buffer Overrun Vulnerability</td>
520         <td>all current releases</td>
521         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069">CVE-2010-3069</a></td>
522         <td><a href="/samba/security/CVE-2010-3069.html">Announcement</a></td>
523     </tr>
524
525     <tr>
526         <td>16 Jun 2010</td>
527         <td><a href="/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch">
528         patch for Samba 3.3.12 and 3.2.15</a><br />
529         <a href="/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch">
530         patch for Samba 3.0.37</a><br />
531         <td>Memory Corruption Vulnerability</td>
532         <td>3.0.x, 3.2.x, 3.3.0-3.3.12</td>
533         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-CVE-2010-2063">CVE-2010-2063</a></td>
534         <td><a href="/samba/security/CVE-2010-2063.html">Announcement</a></td>
535     </tr>
536
537     <tr>
538         <td>08 Mar 2010</td>
539         <td><a href="/samba/ftp/patches/security/samba-3.5.0-CVE-2010-0728.patch">
540         patch for Samba 3.5.0</a><br />
541         <a href="/samba/ftp/patches/security/samba-3.4.6-CVE-2010-0728.patch">
542         patch for Samba 3.4.6</a><br />
543         <a href="/samba/ftp/patches/security/samba-3.3.11-CVE-2010-0728.patch">
544         patch for Samba 3.3.11</a><br />
545         <td>Permission ignored</td>
546         <td>3.3.11, 3.4.6, 3.5.0</td>
547         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0728">CVE-2010-0728</a></td>
548         <td><a href="/samba/security/CVE-2010-0728.html">Announcement</a></td>
549     </tr>
550
551     <tr>
552         <td>02 Feb 2010</td>
553                   <td>not available</td>
554         <td>Change parameter "wide links" to default to "no"</td>
555         <td>pre-3.4.6</td>
556         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0926">CVE-2010-0926</a></td>
557         <td><a href="/samba/security/CVE-2010-0926.html">Announcement</a></td>
558     </tr>
559
560     <tr>
561         <td>01 Oct 2009</td>
562         <td><a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2948-1.patch">
563         patch 1 for Samba 3.4.1</a>
564         <a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2948-2.patch">
565         patch 2 for Samba 3.4.1</a>
566         <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2948-1.patch">
567         patch 1 for Samba 3.3.7</a>
568         <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2948-2.patch">
569         patch 2 for Samba 3.3.7</a>
570         <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2948-1.patch">
571         patch 1 for Samba 3.2.14</a>
572         <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2948-2.patch">
573         patch 2 for Samba 3.2.14</a>
574         <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2948-1.patch">
575         patch 1 for Samba 3.0.36</a>
576         <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2948-2.patch">
577         patch 2 for Samba 3.0.36</a>
578         <td>Information disclosure by setuid mount.cifs</td>
579         <td>all releases</td>
580         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906">CVE-2009-2948</a></td>
581         <td><a href="/samba/security/CVE-2009-2948.html">Announcement</a></td>
582     </tr>
583
584     <tr>
585         <td>01 Oct 2009</td>
586         <td><a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2906.patch">
587         patch for Samba 3.4.1</a><br />
588         <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2906.patch">
589         patch for Samba 3.3.7</a><br />
590         <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2906.patch">
591         patch for Samba 3.2.14</a><br />
592         <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2906.patch">
593         patch for Samba 3.0.36</a><br />
594         <td>Remote DoS against smbd on authenticated connections</td>
595         <td>all releases</td>
596         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906">CVE-2009-2906</a></td>
597         <td><a href="/samba/security/CVE-2009-2906.html">Announcement</a></td>
598     </tr>
599     <tr>
600
601     <tr>
602         <td>01 Oct 2009</td>
603         <td><a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2813.patch">
604         patch for Samba 3.4.1</a><br />
605         <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2813.patch">
606         patch for Samba 3.3.7</a><br />
607         <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2813.patch">
608         patch for Samba 3.2.14</a><br />
609         <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2813.patch">
610         patch for Samba 3.0.36</a><br />
611         <td>Misconfigured /etc/passwd file may share folders unexpectedly</td>
612         <td>&gt; 3.0.11</td>
613         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813">CVE-2009-2813</a></td>
614         <td><a href="/samba/security/CVE-2009-2813.html">Announcement</a></td>
615     </tr>
616     <tr>
617
618     <tr>
619         <td>23 Jun 2009</td>
620         <td><a href="/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch">
621         patch for Samba 3.3.5</a><br />
622         <a href="/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch">
623         patch for Samba 3.2.12</a><br />
624         <a href="/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch">
625         patch for Samba 3.0.34</a><br />
626         <td>Uninitialized read of a data value</td>
627         <td>Samba 3.0.31 - 3.3.5</td>
628         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888">CVE-2009-1888</a></td>
629         <td><a href="/samba/security/CVE-2009-1888.html">Announcement</a></td>
630     </tr>
631     <tr>
632
633     <tr>
634         <td>23 Jun 2009</td>
635         <td><a href="/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch">
636         patch for Samba 3.2.12</a>
637         <td>Formatstring vulnerability in smbclient</td>
638         <td>Samba 3.2.0 - 3.2.12</td>
639         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886">CVE-2009-1886</a></td>
640         <td><a href="/samba/security/CVE-2009-1886.html">Announcement</a></td>
641     </tr>
642     <tr>
643
644     <tr>
645         <td>05 Jan 2009</td>
646         <td><a href="/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch">
647         patch for Samba 3.2.6</a>
648         <td>Potential access to "/" in setups with registry shares enabled</td>
649         <td>Samba 3.2.0 - 3.2.6</td>
650         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022">CVE-2009-0022</a></td>
651         <td><a href="/samba/security/CVE-2009-0022.html">Announcement</a></td>
652     </tr>
653     <tr>
654         <td>27 Nov 2008</td>
655         <td><a href="/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch">
656         patch for Samba 3.0.32</a>
657         <a href="/samba/ftp/patches/security/samba-3.2.4-CVE-2008-4314.patch">
658         patch for Samba 3.2.4</a></td>
659         <td>Potential leak of arbitrary memory contents</td>
660         <td>Samba 3.0.29 - 3.2.4</td>
661         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314">CVE-2008-4314</a></td>
662         <td><a href="/samba/security/CVE-2008-4314.html">Announcement</a></td>
663     </tr>
664
665     <tr>
666         <td>27 Aug 2008</td>
667         <td><a href="/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-1.patch">
668         patch 1 for Samba 3.2.2</a> 
669         <a href="/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-2.patch">
670         patch 2 for Samba 3.2.2</a></td>
671         <td>Wrong permissions of group_mapping.ldb</td>
672         <td>Samba 3.2.0 - 3.2.2</td>
673         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3789">CVE-2008-3789</a></td>
674         <td><a href="/samba/security/CVE-2008-3789.html">Announcement</a></td>
675     </tr>
676
677     <tr>
678         <td>29 May 2008</td>
679         <td><a href="/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch">patch for Samba 3.0.29</a></td>
680         <td>Boundary failure when parsing SMB responses</td>
681         <td>Samba 3.0.0 - 3.0.29</td>
682         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105">CVE-2008-1105</a></td>
683         <td><a href="/samba/security/CVE-2008-1105.html">Announcement</a></td>
684     </tr>
685
686     <tr>
687         <td>10 Dec 2007</td>
688         <td><a href="/samba/ftp/patches/security/samba-3.0.27a-CVE-2007-6015.patch">patch for Samba 3.0.27a</a></td>
689         <td>Remote Code Execution in Samba's nmbd (send_mailslot())</td>
690         <td>Samba 3.0.0 - 3.0.27a</td>
691         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015">CVE-2007-6015</a></td>
692         <td><a href="/samba/security/CVE-2007-6015.html">Announcement</a></td>
693     </tr>
694
695     <tr>
696         <td>15 Nov 2007</td>
697         <td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-5398.patch">patch for Samba 3.0.26a</a></td>
698         <td>Remote Code Execution in Samba's nmbd</td>
699         <td>Samba 3.0.0 - 3.0.26a</td>
700         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398">CVE-2007-5398</a></td>
701         <td><a href="/samba/security/CVE-2007-5398.html">Announcement</a></td>
702     </tr>
703
704     <tr>
705         <td>15 Nov 2007</td>
706         <td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-4572.patch">patch for Samba 3.0.26a</a></td>
707         <td>GETDC mailslot processing buffer overrun in nmbd</td>
708         <td>Samba 3.0.0 - 3.0.26a</td>
709         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572">CVE-2007-4572</a></td>
710         <td><a href="/samba/security/CVE-2007-4572.html">Announcement</a></td>
711     </tr>
712
713     <tr>
714         <td>11 Sep 2007</td>
715         <td><a href="/samba/ftp/patches/security/samba-3.0.25-CVE-2007-4138.patch">patch for Samba 3.0.25</a></td>
716         <td>Incorrect primary group assignment for users using the rfc2307 or sfu nss info plugin.</td>
717         <td>Samba 3.0.25 - 3.0.25c</td>
718         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138">CVE-2007-4138</a></td>
719         <td><a href="/samba/security/CVE-2007-4138.html">Announcement</a></td>
720     </tr>
721
722     <tr>
723         <td>14 May 2007</td>
724         <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2447_v2.patch">patch for Samba 3.0.24</a></td>
725         <td>Remote Command Injection Vulnerability (Updated June 5 to include missing &quot;c&quot; character from INCLUDE list).</td>
726         <td>Samba 3.0.0 - 3.0.25rc3</td>
727         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447">CVE-2007-2447</a></td>
728         <td><a href="/samba/security/CVE-2007-2447.html">Announcement</a></td>
729     </tr>
730
731     <tr>
732         <td>14 May 2007</td>
733         <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2446_v2.patch">patch for Samba 3.0.24</a></td>
734         <td>Multiple Heap Overflows Allow Remote Code Execution (Updated May 25 to fix regression in Samba domain controller logon code).</td>
735         <td>Samba 3.0.0 - 3.0.25rc3</td>
736         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446">CVE-2007-2446</a></td>
737         <td><a href="/samba/security/CVE-2007-2446.html">Announcement</a></td>
738     </tr>
739
740     <tr>
741         <td>14 May 2007</td>
742         <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2444_v2.patch">patch for Samba 3.0.24</a></td>
743         <td>Local SID/Name translation bug can result in user privilege elevation (Updated May 25 to fix regression in the &quot;force group&quot; parameter).</td>
744         <td>Samba 3.0.23d - 3.0.25pre2</td>
745         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444">CVE-2007-2444</a></td>
746         <td><a href="/samba/security/CVE-2007-2444.html">Announcement</a></td>
747     </tr>
748
749     <tr>
750         <td>5 Feb 2007</td>
751         <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0452.patch">patch for Samba 3.0.23d</a></td>
752         <td>Potential Denial of Service bug in smbd</td>
753         <td>Samba 3.0.6 - 3.0.23d</td>
754         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452">CVE-2007-0452</a></td>
755         <td><a href="/samba/security/CVE-2007-0452.html">Announcement</a></td>
756     </tr>
757
758     <tr>
759         <td>5 Feb 2007</td>
760         <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0453.patch">patch for Samba 3.0.23d</a></td>
761         <td>Buffer overrun in NSS host lookup Winbind library on Solaris</td>
762         <td>Samba 3.0.21 - 3.0.23d</td>
763         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453">CVE-2007-0453</a></td>
764         <td><a href="/samba/security/CVE-2007-0453.html">Announcement</a></td>
765     </tr>
766
767     <tr>
768         <td>5 Feb 2007</td>
769         <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0454.patch">patch for Samba 3.0.23d</a></td>
770         <td>Format string bug in afsacl.so VFS plugin</td>
771         <td>Samba 3.0.6 - 3.0.23d</td>
772         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454">CVE-2007-0454</a></td>
773         <td><a href="/samba/security/CVE-2007-0454.html">Announcement</a></td>
774     </tr>
775
776     <tr>
777         <td>10 July 2006</td>
778         <td><a href="/samba/ftp/patches/security/samba-3.0-CVE-2006-3403.patch">patch for Samba 3.0.1 - 3.0.22</a></td>
779         <td>Memory exhaustion DoS against smbd</td>
780         <td>Samba 3.0.1 - 3.0.22</td>
781         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403">CVE-2006-3403</a></td>
782         <td><a href="/samba/security/CVE-2006-3403.html">Announcement</a></td>
783     </tr>
784
785     <tr>
786     <tr>
787         <td>30 March 2006</td>
788         <td><a href="/samba/ftp/patches/security/samba-3.0.21-CVE-2006-1059.patch">patch for Samba 3.0.21[a-c]</a></td>
789         <td>Exposure of machine account credentials in winbind log files</td>
790         <td>Samba 3.0.21 - 3.0.21c</td>
791         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1059">CVE-2006-1059</a></td>
792         <td><a href="/samba/security/CVE-2006-1059.html">Announcement</a></td>
793     </tr>
794
795     <tr>
796         <td>16 December 2004</td>
797         <td><a href="/samba/ftp/patches/security/samba-3.0.9-CVE-2004-1154.patch">patch for Samba 3.0.9</a></td>
798         <td>Integer Overflow in security descriptor parsing</td>
799         <td>Samba 2.x, 3.0.x &lt;&#61; 3.0.9</td>
800         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1154">CVE-2004-1154</a></td>
801         <td><a href="/samba/security/CVE-2004-1154.html">Announcement</a></td>
802     </tr>    
803
804     <tr>
805     <tr>
806         <td>15 November 2004</td>
807         <td><a href="/samba/ftp/patches/security/samba-3.0.7-CVE-2004-0882.patch">patch for &lt;&#61;Samba 3.0.7</a></td>
808         <td>Buffer Overrun in smbd</td>
809         <td>Samba 3.0.x &lt;&#61; 3.0.7</td>
810         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0882">CVE-2004-0882</a></td>
811         <td><a href="/samba/security/CVE-2004-0882.html">Announcement</a></td>
812     </tr>    
813
814     <tr>
815         <td>8 November 2004</td>
816         <td><a href="/samba/ftp/patches/security/samba-3.0.7-CVE-2004-0930.patch">patch for &lt;&#61;Samba 3.0.7</a></td>
817         <td>Remote DoS</td>
818         <td>Samba 3.0.x &lt;&#61; 3.0.7</td>
819         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0930">CVE-2004-0930</a></td>
820         <td><a href="/samba/security/CVE-2004-0930.html">Announcement</a></td>
821     </tr>    
822
823     <tr>
824         <td>30 September 2004</td>
825         <td><a href="/samba/ftp/stable/samba-2.2.12.tar.gz">Samba 2.2.12</a> and/or  <a href="/samba/ftp/patches/security/samba-3.0.2a-reduce_name.patch">patch for &lt;&#61;Samba 3.0.2a</a></td>
826         <td>Potential arbitrary file access</td>
827         <td>Samba 2.2.x &lt;&#61;2.2.11 and Samba 3.0.x &lt;&#61;3.0.2a</td>
828         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815">CVE-2004-0815</a></td>
829         <td><a href="/samba/security/CVE-2004-0815.html">Announcement</a></td>
830     </tr>    
831         
832       
833       <tr>
834         <td>13 Sept 2004</td>
835         <td><a href="/samba/ftp/patches/security/samba-3.0.5-DoS.patch">3.0.5 patch</a></td>
836         <td>Two DoS bugs; one affecting smbd, the other nmbd.</td>
837         <td>3.0.x &lt;= 3.0.6</td>
838         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0807">CVE-2004-0807</a>, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0808">CVE-2004-0808</a></td>
839         <td><a href="/samba/security/CVE-2004-0807_CVE-2004-0808.html">Announcement</a></td>
840       </tr>
841       
842       <tr>
843         <td>22 Jul 2004</td>
844         <td><a href="/samba/ftp/stable/samba-3.0.5.tar.gz">3.0.5</a></td>
845         <td>Two potential buffer overruns</td>
846         <td>>=3.0.2</td>
847         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0600">CVE-2004-0600</a>, 
848             <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a>
849         </td>
850         <td><a href="/samba/security/CVE-2004-0600.html">CVE-2004-0600 Announcement</a>
851             <a href="/samba/security/CVE-2004-0686.html">CVE-2004-0686 Announcement</a></td>
852       </tr>
853       
854       <tr>
855         <td>22 Jul 2004</td>
856         <td><a href="/samba/ftp/stable/samba-2.2.10.tar.gz">2.2.10</a></td>
857         <td>Buffer overrun in hash mangling method</td>
858         <td>all 2.2 releases</td>
859         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a>
860         </td>
861         <td><a href="/samba/history/samba-2.2.10.html">release notes</a></td>
862       </tr>
863       
864       <tr>
865         <td>9 Feb 2004</td>
866         <td><a href="/samba/ftp/old-versions/samba-3.0.2a.tar.gz">3.0.2a</a></td>
867         <td align="left">Password initialization bug that could grant
868         an attacker unauthorized
869         access to a user account created by the mksmbpasswd.sh shell script.</td>
870         <td>>=3.0.0</td>
871         <td><a
872         href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0082">CVE-2004-0082</a></td>
873         <td><a href="/samba/security/CVE-2004-0082.html">Announcement</a></td>
874       </tr>
875       
876       <tr>
877         <td>7 Apr 2003</td>
878         <td><a href="/samba/ftp/old-versions/samba-2.2.8a.tar.gz">2.2.8a</a></td>
879         <td>Buffer overrun condition in the SMB/CIFS packet fragment
880         re-assembly code.</td>
881         <td>all 2.0 releases and <= 2.2.8</td>
882         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0196">CVE-2003-0196</a>,
883         <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0201">CVE-2003-0201</a></td>
884         <td><a href="/samba/history/samba-2.2.8a.html">release notes</a></td>
885       </tr>
886       
887       <tr>
888         <td>10 Dec 2002</td>
889         <td><a href="/samba/ftp/old-versions/samba-2.2.7a.tar.gz">2.2.7a</a></td>
890         <td>Bug in the length checking for encrypted password change
891         requests from clients.</td>
892         <td>2.2.2 - 2.2.6</td>
893         <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0085">CVE-2003-0085</a></td>
894         <td><a href="/samba/history/samba-2.2.7a.html">release notes</a></td>
895       </tr>
896       
897       <tr>
898         <td>23 Jun 2001</td>
899         <td><a href="/samba/ftp/old-versions/samba-2.2.0a.tar.gz">2.2.0a</a></td>
900         <td>Bug in expansion of certain smb.conf variables such as 
901         %m that could grant an attacker the capability to overwrite arbitrary 
902         files on the server.  Bug that causes smbd not to honor the hosts allow 
903         and deny smb.conf directives.</td>
904         <td>2.2.0</td>
905         <td>&nbsp</td>
906         <td><a href="/samba/history/samba-2.2.0a.html">release notes</a></td>
907       </tr>
908       
909       <tr>
910         <td>23 Jun 2001</td>
911         <td><a href="/samba/ftp/old-versions/samba-2.0.10.tar.gz">2.0.10</a></td>
912         <td>Bug in the handling of temporary files that allows local 
913         users to destroy data on local devices.</td>
914         <td>>= 2.0.0</td>
915         <td>&nbsp</td>
916         <td><a href="/samba/history/samba-2.0.10.html">release notes</a></td>
917       </tr>
918                 
919     </table>
920     
921     <p><em>If you suspect you have discovered a serious security hole in a
922 Samba release, please send an email to <a
923 href="mailto:security@samba.org">security@samba.org</a>.</em></p>
924
925 <!--#include virtual="footer_history.html" -->
Samba Website Repository