2011年7月28日

[installer 2890] samba-3.5.10, 3.4.14, 3.3.16

samba-3.5.10, 3.4.14, 3.3.16 出ています。

SWAT の CSRF と XSS の修正版です。
http://samba.org/samba/security/CVE-2011-2522
http://samba.org/samba/security/CVE-2011-2694
参照のこと。

☆ samba-3.5.10

http://samba.org/
http://www.samba.org/samba/ftp/samba-3.5.10.tar.gz
ftp://ftp.samba.org/pub/samba/samba-3.5.10.tar.gz
ftp://ftp.samba.gr.jp/pub/samba/samba-3.5.10.tar.gz

==============================
Release Notes for Samba 3.5.10
July 26, 2011
==============================


This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).


o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.


o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.

Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.


Changes since 3.5.9:
--------------------


o Kai Blin <kai@xxxxx>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.


☆ samba-3.4.14
http://samba.org/
http://www.samba.org/samba/ftp/samba-3.4.14.tar.gz
ftp://ftp.samba.org/pub/samba/samba-3.4.14.tar.gz
ftp://ftp.samba.gr.jp/pub/samba/samba-3.4.14.tar.gz

==============================
Release Notes for Samba 3.4.14
July 26, 2011
==============================


This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).


o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.


o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.

Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.


Changes since 3.4.13
--------------------


o Kai Blin <kai@xxxxx>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.


☆ samba-3.3.16
http://samba.org/
http://www.samba.org/samba/ftp/samba-3.3.16.tar.gz
ftp://ftp.samba.org/pub/samba/samba-3.3.16.tar.gz
ftp://ftp.samba.gr.jp/pub/samba/samba-3.3.16.tar.gz

==============================
Release Notes for Samba 3.3.16
July 26, 2011
==============================


This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).


o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.


o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.

Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.


Changes since 3.3.15
--------------------


o Kai Blin <kai@xxxxx>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.

----
こがよういちろう


投稿者 xml-rpc : 2011年7月28日 09:19
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/105169
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。