1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Release Notes Archive</title>
11 <H2>Samba 3.4.2 Available for Download</H2>
15 =============================
16 Release Notes for Samba 3.4.2
18 =============================
21 This is a security release in order to address CVE-2009-2813, CVE-2009-2948
25 In all versions of Samba later than 3.0.11, connecting to the home
26 share of a user will use the root of the filesystem
27 as the home directory if this user is misconfigured to have
28 an empty home directory in /etc/passwd.
31 If mount.cifs is installed as a setuid program, a user can pass it a
32 credential or password path to which he or she does not have access and
33 then use the --verbose option to view the first line of that file.
34 All known Samba versions are affected.
37 Specially crafted SMB requests on authenticated SMB connections can
38 send smbd into a 100% CPU loop, causing a DoS on the Samba server.
41 ######################################################################
49 o Jeremy Allison <jra@samba.org>
50 * BUG 6763: Fix for CVE-2009-2813.
51 * BUG 6768: Fix for CVE-2009-2906.
54 o Jeff Layton <jlayton@redhat.com>
55 * Fix for CVE-2009-2948.