From 370b3dd84435e0bb4d337c53f0ff134594bdc524 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 11 Apr 2016 09:07:39 +0200 Subject: [PATCH] WHATSNEW: Add release notes for Samba 4.4.2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11744 Signed-off-by: Stefan Metzmacher Reviewed-by: Michael Adam --- WHATSNEW.txt | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a5ca7489e59..cea44928945 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,25 @@ ============================= + Release Notes for Samba 4.4.2 + April 12, 2016 + ============================= + +This is a security release containing one additional +regression fix for the security release 4.4.1. + +This fixes a regression that prevents things like 'net ads join' +from working against a Windows 2003 domain. + +Changes since 4.4.1: +==================== + +o Stefan Metzmacher + * Bug 11804 - prerequisite backports for the security release on + April 12th, 2016 + +Release notes for the original 4.4.1 release follows: +----------------------------------------------------- + + ============================= Release Notes for Samba 4.4.1 April 12, 2016 ============================= @@ -45,6 +66,11 @@ o CVE-2015-5370 errors in validation of the DCE-RPC packets can lead to a downgrade of a secure connection to an insecure one. + While we think it is unlikely, there's a nonzero chance for + a remote code execution attack against the client components, + which are used by smbd, winbindd and tools like net, rpcclient and + others. This may gain root access to the attacker. + The above applies all possible server roles Samba can operate in. Note that versions before 3.6.0 had completely different marshalling @@ -451,7 +477,7 @@ o Tools like "samba-tool", "ldbsearch", "ldbedit" and more obey the server. Changes since 4.4.0: --------------------- +==================== o Jeremy Allison * Bug 11344 - CVE-2015-5370: Multiple errors in DCE-RPC code. -- 2.11.4.GIT