Changeset 467


Ignore:
Timestamp:
Jun 17, 2010, 8:59:42 AM (10 years ago)
Author:
Herwig Bauernfeind
Message:

Update Samba 3.3 to 3.3.13 (security update)

Location:
branches/samba-3.3.x
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • branches/samba-3.3.x/WHATSNEW.txt

    r423 r467  
     1                   ==============================
     2                   Release Notes for Samba 3.3.13
     3                            June 16, 2010
     4                   ==============================
     5
     6
     7This is a security release in order to address CVE-2010-2063.
     8
     9
     10o  CVE-2010-2063:
     11   In Samba 3.3.x and below, a buffer overrun is possible in chain_reply code.
     12
     13
     14Changes since 3.3.12
     15--------------------
     16
     17
     18o   Jeremy Allison <jra@samba.org>
     19    * BUG 7494: Fix for CVE-2010-2063.
     20
     21
     22######################################################################
     23Reporting bugs & Development Discussion
     24#######################################
     25
     26Please discuss this release on the samba-technical mailing list or by
     27joining the #samba-technical IRC channel on irc.freenode.net.
     28
     29If you do report problems then please try to send high quality
     30feedback. If you don't provide vital information to help us track down
     31the problem then you will probably be ignored.  All bug reports should
     32be filed under the Samba 3.3 product in the project's Bugzilla
     33database (https://bugzilla.samba.org/).
     34
     35
     36======================================================================
     37== Our Code, Our Bugs, Our Responsibility.
     38== The Samba Team
     39======================================================================
     40
     41
     42Release notes for older releases follow:
     43----------------------------------------
     44
    145                   ==============================
    246                   Release Notes for Samba 3.3.12
     
    1862
    1963
    20 Changes since 3.5.0
    21 -------------------
     64Changes since 3.3.11
     65--------------------
    2266
    2367
     
    4690
    4791
    48 Release notes for older releases follow:
    49 ----------------------------------------
     92----------------------------------------------------------------------
     93
    5094
    5195                   ==============================
  • branches/samba-3.3.x/packaging/RHEL-CTDB/samba.spec

    r423 r467  
    66Packager: Samba Team <samba@samba.org>
    77Name:         samba
    8 Version:      3.3.12
     8Version:      3.3.13
    99Release:      ctdb.1
    1010Epoch:        0
  • branches/samba-3.3.x/packaging/RHEL/makerpms.sh

    r423 r467  
    2121USERID=`id -u`
    2222GRPID=`id -g`
    23 VERSION='3.3.12'
     23VERSION='3.3.13'
    2424REVISION=''
    2525SPECFILE="samba.spec"
  • branches/samba-3.3.x/packaging/RHEL/samba.spec

    r423 r467  
    66Packager: Samba Team <samba@samba.org>
    77Name:         samba
    8 Version:      3.3.12
     8Version:      3.3.13
    99Release:      1
    1010Epoch:        0
  • branches/samba-3.3.x/source/VERSION

    r423 r467  
    2626SAMBA_VERSION_MAJOR=3
    2727SAMBA_VERSION_MINOR=3
    28 SAMBA_VERSION_RELEASE=12
     28SAMBA_VERSION_RELEASE=13
    2929
    3030########################################################
  • branches/samba-3.3.x/source/smbd/process.c

    r338 r467  
    16461646{
    16471647        static char *orig_inbuf;
     1648        static int orig_size;
    16481649
    16491650        /*
     
    16801681                /* this is the first part of the chain */
    16811682                orig_inbuf = inbuf;
    1682         }
    1683 
     1683                orig_size = size;
     1684        }
     1685
     1686        /* Validate smb_off2 */
     1687        if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) {
     1688                exit_server_cleanly("Bad chained packet");
     1689                return;
     1690        }
    16841691        /*
    16851692         * We need to save the output the caller added to the chain so that we
    16861693         * can splice it into the final output buffer later.
    16871694         */
     1695
     1696        if (outsize <= smb_wct) {
     1697                exit_server_cleanly("Bad chained packet");
     1698                return;
     1699        }
    16881700
    16891701        caller_outputlen = outsize - smb_wct;
Note: See TracChangeset for help on using the changeset viewer.