From 61b22f4009e7519214ef867e88a0e29c9fa87d5a Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Wed, 30 Sep 2009 13:55:06 +0200 Subject: [PATCH] WHATSNEW: Update release notes. Karolin (cherry picked from commit 7fbee9050d08335c6a3dbf6e267c823b33e928c4) --- WHATSNEW.txt | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 7a8784eb32e..0d9aaac67eb 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,10 +1,11 @@ ============================= Release Notes for Samba 3.3.8 - September, 29 2009 + October, 1 2009 ============================= -This is a security release in order to address CVE-2009-2813 and CVE-2009-2948. +This is a security release in order to address CVE-2009-2813, CVE-2009-2948 +and CVE-2009-2906. o CVE-2009-2813: In all versions of Samba later than 3.0.11, connecting to the home @@ -18,6 +19,10 @@ This is a security release in order to address CVE-2009-2813 and CVE-2009-2948. then use the --verbose option to view the first line of that file. All known Samba versions are affected. + o CVE-2009-2906: + Specially crafted SMB requests on authenticated SMB connections can + send smbd into a 100% CPU loop, causing a DoS on the Samba server. + ###################################################################### Changes @@ -29,6 +34,7 @@ Changes since 3.3.7 o Jeremy Allison * BUG 6763: Fix for CVE-2009-2813. + * BUG 6768: Fix for CVE-2009-2906. o Jeff Layton -- 2.11.4.GIT