Samba 3.5.11 has been released that fixes a problem with windows clients no longer being able to connect to samba shares after Windows Patch KB2536276 is installed Reproducible: Always
3.5.11 is not particularly important, but 3.5.10 is a security release: Samba 3.5.10 Available for Download ============================== Release Notes for Samba 3.5.10 July 26, 2011 ============================== This is a security release in order to address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). o CVE-2011-2522: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site request forgery. o CVE-2011-2694: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site scripting vulnerability. Please note that SWAT must be enabled in order for these vulnerabilities to be exploitable. By default, SWAT is *not* enabled on a Samba install. Changes since 3.5.9: -------------------- o Kai Blin <kai@samba.org> * BUG 8289: SWAT contains a cross-site scripting vulnerability. * BUG 8290: CSRF vulnerability in SWAT.
+*samba-3.5.11 (07 Aug 2011) + + 07 Aug 2011; Lars Wendler <polynomial-c@gentoo.org> files/3.4/samba.confd, + +samba-3.5.11.ebuild, files/3.5/samba.confd, samba-3.6.0_rc3-r1.ebuild, + files/3.6/samba.confd: + Non-maintaner commit: 3.5.11 version bump (bug #377909), removed --oknodo + from confd files (see bug #377843 as reference), install pam_winbind.conf + when "pam" and "winbind" USE flags are enabled (bug #376853). +
All vulnerable versions have been dropped, except the current stable @security : please proceed with stabilizing samba-3.5.11 , target: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86
Arches please test and mark stable net-fs/samba-3.5.11 According to Victor target keywords are: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86
arches, Please test and stabilize also: =dev-db/ctdb-1.0.114_p1 is a depend.
I cant'give ok because fails to compile as I've reported.
amd64: fails emerge. bug 318285 with this version as well.
(In reply to comment #5) > arches, > > Please test and stabilize also: =dev-db/ctdb-1.0.114_p1 > > is a depend. You don't have the point out the painly obvious every time, thanks.
painfully*
Stable for HPPA.
bug #318285 have been fixed.
(In reply to comment #11) > bug #318285 have been fixed. works now, amd64 ok
+ 16 Aug 2011; Tony Vroon <chainsaw@gentoo.org> ctdb-1.0.114_p1.ebuild: + Marked stable on AMD64 as a dependency of net-fs/samba-3.5.11; based on arch + testing by Agostino "ago" Sarubbo in bug #377909. + 16 Aug 2011; Tony Vroon <chainsaw@gentoo.org> samba-3.5.11.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo in bug + #377909.
amd64; all ok
x86 stable
ppc/ppc64 stable
arm stable
alpha/ia64/s390/sh/sparc stable
Thanks, folks. GLSA Vote: No (xss and csrf)
CVE-2011-2522 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2522): Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
Vote: no, closing noglsa.
actually closing
