git.samba.org / metze / test / web / .git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
caasd
[metze/test/web/.git] / history / security.html
1 <!--#include virtual="/samba/header.html" --> 
2   <title>Samba - Security Updates and Information</title>
3 <!--#include virtual="header_history.html" -->
4
5 <h2>Samba Security Releases</h2>
6
7     <p>Security releases for Samba are listed below by their release
8 date. The previously affected versions of Samba are listed alongside
9 the appropriate security concern. For complete information, follow the
10 link to full release notes for each release.</p>
11
12
13     <table class="real">
14       <th colspan="6">Samba Security Releases</th>
15       <tr >
16         <td><em>Date Issued</em></td>
17         <td><em>Download</em></td>
18         <td><em>Known Issue(s)</em></td>
19         <td><em>Affected Releases</em></td>
20         <td><em>CVE ID #</em></td>
21         <td><em>Details</em></td>
22       </tr>
23
24     <tr>
25         <td>16 Jun 2010</td>
26         <td><a href="/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch">
27         patch for Samba 3.3.12 and 3.2.15</a>
28         <a href="/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch">
29         patch for Samba 3.0.37</a>
30         <td>Memory Corruption Vulnerability</td>
31         <td>3.0.x, 3.2.x, 3.3.0-3.3.12</td>
32         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-CVE-2010-2063">CVE-2010-2063</a></td>
33         <td><a href="/samba/security/CVE-2010-2063.html">Announcement</a></td>
34     </tr>
35
36     <tr>
37         <td>08 Mar 2010</td>
38         <td><a href="/samba/ftp/patches/security/samba-3.5.0-CVE-2010-0728.patch">
39         patch for Samba 3.5.0</a>
40         <a href="/samba/ftp/patches/security/samba-3.4.6-CVE-2010-0728.patch">
41         patch for Samba 3.4.6</a>
42         <a href="/samba/ftp/patches/security/samba-3.3.11-CVE-2010-0728.patch">
43         patch for Samba 3.3.11</a>
44         <td>Permission ignored</td>
45         <td>3.3.11, 3.4.6, 3.5.0</td>
46         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0728">CVE-2010-0728</a></td>
47         <td><a href="/samba/security/CVE-2010-0728.html">Announcement</a></td>
48     </tr>
49
50     <tr>
51         <td>01 Oct 2009</td>
52         <td><a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2948-1.patch">
53         patch 1 for Samba 3.4.1</a>
54         <a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2948-2.patch">
55         patch 2 for Samba 3.4.1</a>
56         <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2948-1.patch">
57         patch 1 for Samba 3.3.7</a>
58         <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2948-2.patch">
59         patch 2 for Samba 3.3.7</a>
60         <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2948-1.patch">
61         patch 1 for Samba 3.2.14</a>
62         <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2948-2.patch">
63         patch 2 for Samba 3.2.14</a>
64         <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2948-1.patch">
65         patch 1 for Samba 3.0.36</a>
66         <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2948-2.patch">
67         patch 2 for Samba 3.0.36</a>
68         <td>Information disclosure by setuid mount.cifs</td>
69         <td>all releases</td>
70         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906">CVE-2009-2948</a></td>
71         <td><a href="/samba/security/CVE-2009-2948.html">Announcement</a></td>
72     </tr>
73
74     <tr>
75         <td>01 Oct 2009</td>
76         <td><a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2906.patch">
77         patch for Samba 3.4.1</a>
78         <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2906.patch">
79         patch for Samba 3.3.7</a>
80         <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2906.patch">
81         patch for Samba 3.2.14</a>
82         <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2906.patch">
83         patch for Samba 3.0.36</a>
84         <td>Remote DoS against smbd on authenticated connections</td>
85         <td>all releases</td>
86         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906">CVE-2009-2906</a></td>
87         <td><a href="/samba/security/CVE-2009-2906.html">Announcement</a></td>
88     </tr>
89     <tr>
90
91     <tr>
92         <td>01 Oct 2009</td>
93         <td><a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2813.patch">
94         patch for Samba 3.4.1</a>
95         <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2813.patch">
96         patch for Samba 3.3.7</a>
97         <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2813.patch">
98         patch for Samba 3.2.14</a>
99         <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2813.patch">
100         patch for Samba 3.0.36</a>
101         <td>Misconfigured /etc/passwd file may share folders unexpectedly</td>
102         <td>&gt; 3.0.11</td>
103         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813">CVE-2009-2813</a></td>
104         <td><a href="/samba/security/CVE-2009-2813.html">Announcement</a></td>
105     </tr>
106     <tr>
107
108     <tr>
109         <td>23 Jun 2009</td>
110         <td><a href="/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch">
111         patch for Samba 3.3.5</a>
112         <a href="/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch">
113         patch for Samba 3.2.12</a>
114         <a href="/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch">
115         patch for Samba 3.0.34</a>
116         <td>Uninitialized read of a data value</td>
117         <td>Samba 3.0.31 - 3.3.5</td>
118         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888">CVE-2009-1888</a></td>
119         <td><a href="/samba/security/CVE-2009-1888.html">Announcement</a></td>
120     </tr>
121     <tr>
122
123     <tr>
124         <td>23 Jun 2009</td>
125         <td><a href="/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch">
126         patch for Samba 3.2.12</a>
127         <td>Formatstring vulnerability in smbclient</td>
128         <td>Samba 3.2.0 - 3.2.12</td>
129         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886">CVE-2009-1886</a></td>
130         <td><a href="/samba/security/CVE-2009-1886.html">Announcement</a></td>
131     </tr>
132     <tr>
133
134     <tr>
135         <td>05 Jan 2009</td>
136         <td><a href="/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch">
137         patch for Samba 3.2.6</a>
138         <td>Potential access to "/" in setups with registry shares enabled</td>
139         <td>Samba 3.2.0 - 3.2.6</td>
140         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022">CVE-2009-0022</a></td>
141         <td><a href="/samba/security/CVE-2009-0022.html">Announcement</a></td>
142     </tr>
143     <tr>
144         <td>27 Nov 2008</td>
145         <td><a href="/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch">
146         patch for Samba 3.0.32</a>
147         <a href="/samba/ftp/patches/security/samba-3.2.4-CVE-2008-4314.patch">
148         patch for Samba 3.2.4</a></td>
149         <td>Potential leak of arbitrary memory contents</td>
150         <td>Samba 3.0.29 - 3.2.4</td>
151         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314">CVE-2008-4314</a></td>
152         <td><a href="/samba/security/CVE-2008-4314.html">Announcement</a></td>
153     </tr>
154
155     <tr>
156         <td>27 Aug 2008</td>
157         <td><a href="/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-1.patch">
158         patch 1 for Samba 3.2.2</a> 
159         <a href="/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-2.patch">
160         patch 2 for Samba 3.2.2</a></td>
161         <td>Wrong permissions of group_mapping.ldb</td>
162         <td>Samba 3.2.0 - 3.2.2</td>
163         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3789">CVE-2008-3789</a></td>
164         <td><a href="/samba/security/CVE-2008-3789.html">Announcement</a></td>
165     </tr>
166
167     <tr>
168         <td>29 May 2008</td>
169         <td><a href="/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch">patch for Samba 3.0.29</a></td>
170         <td>Boundary failure when parsing SMB responses</td>
171         <td>Samba 3.0.0 - 3.0.29</td>
172         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105">CVE-2008-1105</a></td>
173         <td><a href="/samba/security/CVE-2008-1105.html">Announcement</a></td>
174     </tr>
175
176     <tr>
177         <td>10 Dec 2007</td>
178         <td><a href="/samba/ftp/patches/security/samba-3.0.27a-CVE-2007-6015.patch">patch for Samba 3.0.27a</a></td>
179         <td>Remote Code Execution in Samba's nmbd (send_mailslot())</td>
180         <td>Samba 3.0.0 - 3.0.27a</td>
181         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015">CVE-2007-6015</a></td>
182         <td><a href="/samba/security/CVE-2007-6015.html">Announcement</a></td>
183     </tr>
184
185     <tr>
186         <td>15 Nov 2007</td>
187         <td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-5398.patch">patch for Samba 3.0.26a</a></td>
188         <td>Remote Code Execution in Samba's nmbd</td>
189         <td>Samba 3.0.0 - 3.0.26a</td>
190         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398">CVE-2007-5398</a></td>
191         <td><a href="/samba/security/CVE-2007-5398.html">Announcement</a></td>
192     </tr>
193
194     <tr>
195         <td>15 Nov 2007</td>
196         <td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-4572.patch">patch for Samba 3.0.26a</a></td>
197         <td>GETDC mailslot processing buffer overrun in nmbd</td>
198         <td>Samba 3.0.0 - 3.0.26a</td>
199         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572">CVE-2007-4572</a></td>
200         <td><a href="/samba/security/CVE-2007-4572.html">Announcement</a></td>
201     </tr>
202
203     <tr>
204         <td>11 Sep 2007</td>
205         <td><a href="/samba/ftp/patches/security/samba-3.0.25-CVE-2007-4138.patch">patch for Samba 3.0.25</a></td>
206         <td>Incorrect primary group assignment for users using the rfc2307 or sfu nss info plugin.</td>
207         <td>Samba 3.0.25 - 3.0.25c</td>
208         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138">CVE-2007-4138</a></td>
209         <td><a href="/samba/security/CVE-2007-4138.html">Announcement</a></td>
210     </tr>
211
212     <tr>
213         <td>14 May 2007</td>
214         <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2447_v2.patch">patch for Samba 3.0.24</a></td>
215         <td>Remote Command Injection Vulnerability (Updated June 5 to include missing &quot;c&quot; character from INCLUDE list).</td>
216         <td>Samba 3.0.0 - 3.0.25rc3</td>
217         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447">CVE-2007-2447</a></td>
218         <td><a href="/samba/security/CVE-2007-2447.html">Announcement</a></td>
219     </tr>
220
221     <tr>
222         <td>14 May 2007</td>
223         <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2446_v2.patch">patch for Samba 3.0.24</a></td>
224         <td>Multiple Heap Overflows Allow Remote Code Execution (Updated May 25 to fix regression in Samba domain controller logon code).</td>
225         <td>Samba 3.0.0 - 3.0.25rc3</td>
226         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446">CVE-2007-2446</a></td>
227         <td><a href="/samba/security/CVE-2007-2446.html">Announcement</a></td>
228     </tr>
229
230     <tr>
231         <td>14 May 2007</td>
232         <td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2444_v2.patch">patch for Samba 3.0.24</a></td>
233         <td>Local SID/Name translation bug can result in user privilege elevation (Updated May 25 to fix regression in the &quot;force group&quot; parameter).</td>
234         <td>Samba 3.0.23d - 3.0.25pre2</td>
235         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444">CVE-2007-2444</a></td>
236         <td><a href="/samba/security/CVE-2007-2444.html">Announcement</a></td>
237     </tr>
238
239     <tr>
240         <td>5 Feb 2007</td>
241         <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0452.patch">patch for Samba 3.0.23d</a></td>
242         <td>Potential Denial of Service bug in smbd</td>
243         <td>Samba 3.0.6 - 3.0.23d</td>
244         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452">CVE-2007-0452</a></td>
245         <td><a href="/samba/security/CVE-2007-0452.html">Announcement</a></td>
246     </tr>
247
248     <tr>
249         <td>5 Feb 2007</td>
250         <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0453.patch">patch for Samba 3.0.23d</a></td>
251         <td>Buffer overrun in NSS host lookup Winbind library on Solaris</td>
252         <td>Samba 3.0.21 - 3.0.23d</td>
253         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453">CVE-2007-0453</a></td>
254         <td><a href="/samba/security/CVE-2007-0453.html">Announcement</a></td>
255     </tr>
256
257     <tr>
258         <td>5 Feb 2007</td>
259         <td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0454.patch">patch for Samba 3.0.23d</a></td>
260         <td>Format string bug in afsacl.so VFS plugin</td>
261         <td>Samba 3.0.6 - 3.0.23d</td>
262         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454">CVE-2007-0454</a></td>
263         <td><a href="/samba/security/CVE-2007-0454.html">Announcement</a></td>
264     </tr>
265
266     <tr>
267         <td>10 July 2006</td>
268         <td><a href="/samba/ftp/patches/security/samba-3.0-CVE-2006-3403.patch">patch for Samba 3.0.1 - 3.0.22</a></td>
269         <td>Memory exhaustion DoS against smbd</td>
270         <td>Samba 3.0.1 - 3.0.22</td>
271         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403">CVE-2006-3403</a></td>
272         <td><a href="/samba/security/CVE-2006-3403.html">Announcement</a></td>
273     </tr>
274
275     <tr>
276     <tr>
277         <td>30 March 2006</td>
278         <td><a href="/samba/ftp/patches/security/samba-3.0.21-CVE-2006-1059.patch">patch for Samba 3.0.21[a-c]</a></td>
279         <td>Exposure of machine account credentials in winbind log files</td>
280         <td>Samba 3.0.21 - 3.0.21c</td>
281         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1059">CVE-2006-1059</a></td>
282         <td><a href="/samba/security/CVE-2006-1059.html">Announcement</a></td>
283     </tr>
284
285     <tr>
286         <td>16 December 2004</td>
287         <td><a href="/samba/ftp/patches/security/samba-3.0.9-CVE-2004-1154.patch">patch for Samba 3.0.9</a></td>
288         <td>Integer Overflow in security descriptor parsing</td>
289         <td>Samba 2.x, 3.0.x &lt;&#61; 3.0.9</td>
290         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1154">CVE-2004-1154</a></td>
291         <td><a href="/samba/security/CVE-2004-1154.html">Announcement</a></td>
292     </tr>    
293
294     <tr>
295     <tr>
296         <td>15 November 2004</td>
297         <td><a href="/samba/ftp/patches/security/samba-3.0.7-CVE-2004-0882.patch">patch for &lt;&#61;Samba 3.0.7</a></td>
298         <td>Buffer Overrun in smbd</td>
299         <td>Samba 3.0.x &lt;&#61; 3.0.7</td>
300         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0882">CVE-2004-0882</a></td>
301         <td><a href="/samba/security/CVE-2004-0882.html">Announcement</a></td>
302     </tr>    
303
304     <tr>
305         <td>8 November 2004</td>
306         <td><a href="/samba/ftp/patches/security/samba-3.0.7-CVE-2004-0930.patch">patch for &lt;&#61;Samba 3.0.7</a></td>
307         <td>Remote DoS</td>
308         <td>Samba 3.0.x &lt;&#61; 3.0.7</td>
309         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0930">CVE-2004-0930</a></td>
310         <td><a href="/samba/security/CVE-2004-0930.html">Announcement</a></td>
311     </tr>    
312
313     <tr>
314         <td>30 September 2004</td>
315         <td><a href="/samba/ftp/stable/samba-2.2.12.tar.gz">Samba 2.2.12</a> and/or  <a href="/samba/ftp/patches/security/samba-3.0.2a-reduce_name.patch">patch for &lt;&#61;Samba 3.0.2a</a></td>
316         <td>Potential arbitrary file access</td>
317         <td>Samba 2.2.x &lt;&#61;2.2.11 and Samba 3.0.x &lt;&#61;3.0.2a</td>
318         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815">CVE-2004-0815</a></td>
319         <td><a href="/samba/security/CVE-2004-0815.html">Announcement</a></td>
320     </tr>    
321         
322       
323       <tr>
324         <td>13 Sept 2004</td>
325         <td><a href="/samba/ftp/patches/security/samba-3.0.5-DoS.patch">3.0.5 patch</a></td>
326         <td>Two DoS bugs; one affecting smbd, the other nmbd.</td>
327         <td>3.0.x &lt;= 3.0.6</td>
328         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0807">CVE-2004-0807</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0808">CVE-2004-0808</a></td>
329         <td><a href="/samba/security/CVE-2004-0807_CVE-2004-0808.html">Announcement</a></td>
330       </tr>
331       
332       <tr>
333         <td>22 Jul 2004</td>
334         <td><a href="/samba/ftp/stable/samba-3.0.5.tar.gz">3.0.5</a></td>
335         <td>Two potential buffer overruns</td>
336         <td>>=3.0.2</td>
337         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0600">CVE-2004-0600</a>, 
338             <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a>
339         </td>
340         <td><a href="/samba/security/CVE-2004-0600.html">CVE-2004-0600 Announcement</a>
341             <a href="/samba/security/CVE-2004-0686.html">CVE-2004-0686 Announcement</a></td>
342       </tr>
343       
344       <tr>
345         <td>22 Jul 2004</td>
346         <td><a href="/samba/ftp/stable/samba-2.2.10.tar.gz">2.2.10</a></td>
347         <td>Buffer overrun in hash mangling method</td>
348         <td>all 2.2 releases</td>
349         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a>
350         </td>
351         <td><a href="/samba/history/samba-2.2.10.html">release notes</a></td>
352       </tr>
353       
354       <tr>
355         <td>9 Feb 2004</td>
356         <td><a href="/samba/ftp/old-versions/samba-3.0.2a.tar.gz">3.0.2a</a></td>
357         <td align="left">Password initialization bug that could grant
358         an attacker unauthorized
359         access to a user account created by the mksmbpasswd.sh shell script.</td>
360         <td>>=3.0.0</td>
361         <td><a
362         href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0082">CVE-2004-0082</a></td>
363         <td><a href="/samba/security/CVE-2004-0082.html">Announcement</a></td>
364       </tr>
365       
366       <tr>
367         <td>7 Apr 2003</td>
368         <td><a href="/samba/ftp/old-versions/samba-2.2.8a.tar.gz">2.2.8a</a></td>
369         <td>Buffer overrun condition in the SMB/CIFS packet fragment
370         re-assembly code.</td>
371         <td>all 2.0 releases and <= 2.2.8</td>
372         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0196">CVE-2003-0196</a>,
373         <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0201">CVE-2003-0201</a></td>
374         <td><a href="/samba/history/samba-2.2.8a.html">release notes</a></td>
375       </tr>
376       
377       <tr>
378         <td>10 Dec 2002</td>
379         <td><a href="/samba/ftp/old-versions/samba-2.2.7a.tar.gz">2.2.7a</a></td>
380         <td>Bug in the length checking for encrypted password change
381         requests from clients.</td>
382         <td>2.2.2 - 2.2.6</td>
383         <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0085">CVE-2003-0085</a></td>
384         <td><a href="/samba/history/samba-2.2.7a.html">release notes</a></td>
385       </tr>
386       
387       <tr>
388         <td>23 Jun 2001</td>
389         <td><a href="/samba/ftp/old-versions/samba-2.2.0a.tar.gz">2.2.0a</a></td>
390         <td>Bug in expansion of certain smb.conf variables such as 
391         %m that could grant an attacker the capability to overwrite arbitrary 
392         files on the server.  Bug that causes smbd not to honor the hosts allow 
393         and deny smb.conf directives.</td>
394         <td>2.2.0</td>
395         <td>&nbsp</td>
396         <td><a href="/samba/history/samba-2.2.0a.html">release notes</a></td>
397       </tr>
398       
399       <tr>
400         <td>23 Jun 2001</td>
401         <td><a href="/samba/ftp/old-versions/samba-2.0.10.tar.gz">2.0.10</a></td>
402         <td>Bug in the handling of temporary files that allows local 
403         users to destroy data on local devices.</td>
404         <td>>= 2.0.0</td>
405         <td>&nbsp</td>
406         <td><a href="/samba/history/samba-2.0.10.html">release notes</a></td>
407       </tr>
408                 
409     </table>
410     
411     <p><em>If you suspect you have discovered a serious security hole in a
412 Samba release, please send an email to <a
413 href="mailto:security@samba.org">security@samba.org</a>.</em></p>
414
415 <!--#include virtual="footer_history.html" -->