[FUG-BR] Lançado Samba 4.0.1

Quarta Janeiro 16 10:19:39 BRST 2013

Lançado Samba4: 4.0.1

http://ftp.samba.org/pub/samba/stable/samba-4.0.1.tar.gz

http://www.samba.org/samba/history/samba-4.0.1.html
Samba 4.0.1 Available for Download

                   =============================
                   Release Notes for Samba 4.0.1
                          January 15, 2013
                   =============================

This is a security release in order to address CVE-2013-0172.

o  CVE-2013-0172:
   Samba 4.0.0 as an AD DC may provide authenticated users with write access
   to LDAP directory objects.

   In AD, Access Control Entries can be assigned based on the objectClass
   of the object.  If a user or a group the user is a member of has any
   access based on the objectClass, then that user has write access to that
   object.

   Additionally, if a user has write access to any attribute on the object,
   they may have access to write to all attributes.

   An important mitigation is that anonymous access is totally disabled by
   default.  The second important mitigation is that normal users are
   typically only given the problematic per-objectClass right via the
   "pre-windows 2000 compatible access" group, and Samba 4.0.0 incorrectly
   does not make "authenticated users" part of this group.

Changes since 4.0.0:
====================

o   Andrew Bartlett <abartlet em samba.org>
    * Bug 9554 - CVE-2013-0172 - Samba 4.0 as an AD DC may provide authenticated
      users with write access to LDAP directory objects.

-- 
..............................................................................
*Com Deus todas as coisas são possíveis* :::
LinuxPro<http://www.linuxpro.com.br>

*"A qualidade nunca se obtém por acaso; ela é sempre o resultado do esforço
inteligente." (John Ruskin)
"A mente que se abre a uma nova ideia jamais volta ao seu tamanho original"
(Albert Einstein)*