1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.6.4 - Release Notes</title>
8 <H2>Samba 4.6.4 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.6.4.tar.gz">Samba 4.6.4 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.6.4.tar.asc">Signature</a>
14 <a href="https://download.samba.org/pub/samba/patches/samba-4.6.3-4.6.4.diffs.gz">Patch (gzipped) against Samba 4.6.3</a><br>
15 <a href="https://download.samba.org/pub/samba/patches/samba-4.6.3-4.6.4.diffs.asc">Signature</a>
19 =============================
20 Release Notes for Samba 4.6.4
22 =============================
25 This is a security release in order to address the following defect:
27 o CVE-2017-7494 (Remote code execution from a writable share)
34 All versions of Samba from 3.5.0 onwards are vulnerable to a remote
35 code execution vulnerability, allowing a malicious client to upload a
36 shared library to a writable share, and then cause the server to load
43 o Volker Lendecke <vl@samba.org>
44 * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable