From: Stefan Metzmacher Date: Mon, 11 Apr 2016 07:16:44 +0000 (+0200) Subject: WHATSNEW: Add release notes for Samba 4.2.11. X-Git-Tag: samba-4.2.11~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aada3ea25fca8cc6367ba67c34acdb04e1b6727e;p=thirdparty%2Fsamba.git WHATSNEW: Add release notes for Samba 4.2.11. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11744 Signed-off-by: Stefan Metzmacher Reviewed-by: Michael Adam --- diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 413f1c14264..ecb5fe6e2c3 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,24 @@ + ============================== + Release Notes for Samba 4.2.11 + April 12, 2016 + ============================== + +This is a security release containing one additional +regression fix for the security release 4.2.10. + +This fixes a regression that prevents things like 'net ads join' +from working against a Windows 2003 domain. + +Changes since 4.2.10: +===================== + +o Stefan Metzmacher + * Bug 11804 - prerequisite backports for the security release on + April 12th, 2016 + +Release notes for the original 4.2.10 release follows: +------------------------------------------------------ + ============================== Release Notes for Samba 4.2.10 April 12, 2016 @@ -45,6 +66,11 @@ o CVE-2015-5370 errors in validation of the DCE-RPC packets can lead to a downgrade of a secure connection to an insecure one. + While we think it is unlikely, there's a nonzero chance for + a remote code execution attack against the client components, + which are used by smbd, winbindd and tools like net, rpcclient and + others. This may gain root access to the attacker. + The above applies all possible server roles Samba can operate in. Note that versions before 3.6.0 had completely different marshalling @@ -451,7 +477,7 @@ o Tools like "samba-tool", "ldbsearch", "ldbedit" and more obey the server. Changes since 4.2.9: --------------------- +==================== o Jeremy Allison * Bug 11344 - CVE-2015-5370: Multiple errors in DCE-RPC code.