1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Release Notes Archive</title>
11 <H2>Samba 4.0.25 Available for Download</H2>
15 ==============================
16 Release Notes for Samba 4.0.25
18 ==============================
21 This is a security release in order to address CVE-2015-0240 (Unexpected
22 code execution in smbd).
25 All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
26 unexpected code execution vulnerability in the smbd file server
29 A malicious client could send packets that may set up the stack in
30 such a way that the freeing of memory in a subsequent anonymous
31 netlogon packet could allow execution of arbitrary code. This code
32 would execute with root privileges.
38 o Jeremy Allison <jra@samba.org>
39 * BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer
40 in netlogon server could lead to security vulnerability.
43 o Andreas Schneider <asn@samba.org>
44 * BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference
45 a NULL pointer./auth: Make sure that creds_out is initialized with NULL.