Samba update closes DoS hole
The Samba developers have released a security update to the Samba Windows interoperability suite for Unix. Version 3.6.3 of Samba was published only four days after releasing the new stable version, Samba 3.6.2. The security update addresses a memory leak which consumes a small amount of memory when the smbd daemon is handling connection requests. If an attacker made repeated connection requests, this flaw could be exploited to cause a denial of service.
The flaw exists in Samba versions 3.6.0 to 3.6.2 – the fix for this flaw is the only difference in 3.6.3 compared to 3.6.2. A patch for Samba 3.6.2 has also been posted to Samba's security releases page, while the full source code for Samba 3.6.3 is available to download from the Samba download page.
The recent 3.6.2 release included a change to make Winbind receive user/group information and fixed several problems with the SMB2 implementation. There were also fixes for crashing bugs in the spooler or when browsing printers and corrections to buffer overflows and double free issues. Details of all the changes in Samba 3.6.2 are in the changelog for that release.
Samba provides many Unix and Linux systems with the ability to share files with Windows systems by implementing the SMB, SMB2 and CIFS protocols. It is published as free software under the GPLv3 licence.