history/samba-4.6.4.html

   1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   2  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   3 <html xmlns="http://www.w3.org/1999/xhtml">
   4 <head>
   5 <title>Samba 4.6.4 - Release Notes</title>
   6 </head>
   7 <body>
   8 <H2>Samba 4.6.4 Available for Download</H2>
   9 <p>
  10 <a href="https://download.samba.org/pub/samba/stable/samba-4.6.4.tar.gz">Samba 4.6.4 (gzipped)</a><br>
  11 <a href="https://download.samba.org/pub/samba/stable/samba-4.6.4.tar.asc">Signature</a>
  12 </p>
  13 <p>
  14 <a href="https://download.samba.org/pub/samba/patches/samba-4.6.3-4.6.4.diffs.gz">Patch (gzipped) against Samba 4.6.3</a><br>
  15 <a href="https://download.samba.org/pub/samba/patches/samba-4.6.3-4.6.4.diffs.asc">Signature</a>
  16 </p>
  17 <p>
  18 <pre>
  19                    =============================
  20                    Release Notes for Samba 4.6.4
  21                             May 24, 2017
  22                    =============================
  23
  24
  25 This is a security release in order to address the following defect:
  26
  27 o  CVE-2017-7494 (Remote code execution from a writable share)
  28
  29 =======
  30 Details
  31 =======
  32
  33 o  CVE-2017-7494:
  34    All versions of Samba from 3.5.0 onwards are vulnerable to a remote
  35    code execution vulnerability, allowing a malicious client to upload a
  36    shared library to a writable share, and then cause the server to load
  37    and execute it.
  38
  39
  40 Changes since 4.6.3:
  41 ---------------------
  42
  43 o  Volker Lendecke &lt;vl@samba.org&gt;
  44    * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
  45      share.
  46
  47
  48 </pre>
  49 </p>
  50 </body>
  51 </html>