1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Release Notes Archive</title>
11 <H2>Samba 3.0.37 Available for Download</H2>
15 ==============================
16 Release Notes for Samba 3.0.37
18 ==============================
21 This is a security release in order to address CVE-2009-2813, CVE-2009-2948
23 Please note that Samba 3.0 is not maintained any longer. This security
24 release is shipped on a voluntary basis.
27 In all versions of Samba later than 3.0.11, connecting to the home
28 share of a user will use the root of the filesystem
29 as the home directory if this user is misconfigured to have
30 an empty home directory in /etc/passwd.
33 If mount.cifs is installed as a setuid program, a user can pass it a
34 credential or password path to which he or she does not have access and
35 then use the --verbose option to view the first line of that file.
38 Specially crafted SMB requests on authenticated SMB connections can
39 send smbd into a 100% CPU loop, causing a DoS on the Samba server.
42 ######################################################################
50 o Jeremy Allison <jra@samba.org>
51 * BUG 6763: Fix for CVE-2009-2813.
52 * BUG 6768: Fix for CVE-2009-2906.
55 o Jeff Layton <jlayton@redhat.com>
56 * Fix for CVE-2009-2948.