[ Thanks to Gerald
Carter for this information. ]
This is the first production release of the Samba 3.0.25 code
base and is the version that servers should be run for for all
current bug fixes. The 3.0.25 release is an upgrade release over
the 3.0.23/3.0.24 series which means that a substantial amount of
development has occurred and many new features have been added
since the last Samba production release. Major features included in
the 3.0.25 code base include:
- Significant improvements in the winbind off-line logon
support. - Support for secure DDNS updates as part of the ‘net ads join’
process. - Rewritten IdMap interface which allows for TTL based caching
and per domain backends. - New plug-in interface for the “winbind nss info”
parameter. - New file change notify subsystem which is able to make use of
inotify on Linux. - Support for passing Windows security descriptors to a VFS
plug-in allowing for multiple Unix ACL implements to running side
by side on the Same server. - Improved compatibility with Windows Vista clients including
improved read performance with Linux servers. - Man pages for IdMap and VFS plug-ins.
Security Fixes included in the Samba 3.0.25 release are:
- CVE-2007-2444 (Samba 3.0.23d – 3.0.25pre2): Local SID/Name
translation bug can result in user privilege elevation. - CVE-2007-2446 (Samba 3.0.0 – 3.0.25rc3): Multiple heap
overflows allow remote code execution. - CVE-2007-2447 (Samba 3.0.0 – 3.0.25rc3): Unescaped user input
parameters are passed as arguments to /bin/sh allowing for remote
command execution.
Complete details can be found at http://www.samba.org/.