Samba - Release Notes Archive

Samba 4.0.21 Available for Download

                   ==============================
                   Release Notes for Samba 4.0.21
                           August 1, 2014
                   ==============================


This is a security release in order to address
CVE-2014-3560 (Remote code execution in nmbd).

o  CVE-2014-3560:
   Samba 4.0.0 to 4.1.10 are affected by a remote code execution attack on
   unauthenticated nmbd NetBIOS name services.

   A malicious browser can send packets that may overwrite the heap of
   the target nmbd NetBIOS name services daemon. It may be possible to
   use this to generate a remote code execution vulnerability as the
   superuser (root).


Changes since 4.1.20:
---------------------

o   Volker Lendecke <vl@samba.org>
    * BUG 10735: CVE-2014-3560: Fix unstrcpy macro length.