==============================
- Release Notes for Samba 3.2.2
- August, 18 2008
+ Release Notes for Samba 3.2.3
+ August, 27 2008
==============================
-This is a bug fix release of the Samba 3.2 series.
+This is a security release in order to address CVE-2008-3789 ("Wrong
+permissions of group_mapping.ldb").
-Major bug fixes included in Samba 3.2.2 are:
+ o CVE-2008-3789
+ The file group_mapping.ldb is created with
+ the permissions 0666. That means everyone
+ is able to edit this file and might map any
+ SID to root.
- o Fix removal of dead records in tdb files. This can lead to very large
- tdb files and to overflowing partitions as a consequence on systems
- running an nmbd daemon.
- o Fix freezing Windows Explorer on WinXP while browsing Samba shares.
- This one led to timeouts during printing as well.
- o Fix assigning of primary group memberships when authenticating via
- Winbind.
+The original security announcement for this and past advisories can
+be found http://www.samba.org/samba/security/
######################################################################
Changes
#######
-Changes since 3.2.1
+Changes since 3.2.2
-------------------
-
-o Michael Adam <obnox@samba.org>
- * Fix replacement of random seed generator.
- * Fix a race condition in idmap_tdb2_allocate_id().
- * Fix unix_convert() for "*" after changing map_nt_error_from_unix().
- * Make sure to always set errno on error path in OpenDir.
-
-
-o Jeremy Allison <jra@samba.org>
- * BUG 5675: Fix smbspool program assuming Kerberos authentication by
- mistake.
- * BUG 5686: Fix segfaults in libsmbclient.
- * BUG 5692: Fix coredump in full_audit.so.
- * Fix coverity ID 594 (resource leak on error path).
- * Fix assigning of primary group memberships when authenticating via
- Winbind.
- * Several build fixes.
-
-
-o Bartosz Antosik <antosik@gmail.com>
- * BUG #5617: Fix freezing Windows Explorer on WinXP while browsing
- Samba shares.
-
-
-o Andrew Bartlett <abartlet@samba.org>
- * Include stdlib.h to get a prototype for free().
-
-
-o Yannick Bergeron <yaberger@ca.ibm.com>
- * Solve an IBM XL C/C++ compiler error encountered in get_exit_code()
- auth_errors array initialization in client/smbspool.c.
- * Use NGROUPS_MAX instead of 32 for the max group value in
- rep_initgroups().
-
-
-o Günther Deschner <gd@samba.org>
- * Fix build warning.
- * Add add c++ guard to netapi.
-
-
-o SATOH Fumiyasu <fumiyas@osstech.co.jp>
- * BUG 5688: Fix orphaned LPQ processes if socket address is invalid.
-
-
-o Volker Lendecke <vl@samba.org>
- * BUG 5684: Fix removal of dead records in tdb files.
- * Fix smb_len calculation for chained requests.
-
-
-o Herb Lewis <herb@samba.org>
- * Fix output of test status.
-
-
-o Jim McDonough <jmcd@samba.org>
- * Fix smbclient connections to older servers.
-
-
o Andrew Tridgell <tridge@samba.org>
- * Fix a fd leak when trying to regain contact to a domain controller
- in Winbind.
- * Fix permissions on ctdb databases.
- * Fix passing back success when a function had in fact failed in two
- places.
+ * Fix for CVE-2008-3789.
######################################################################
git.samba.org / samba.git / blobdiff