thr3ads.net - samba announce - [Announce] Samba 4.1.16 and 4.0.24 Security Releases Available [Jan 2015]

If this information is useful, please help other people find it:
Share via:

Karolin Seeger

2015-Jan-15 11:08 UTC

[Announce] Samba 4.1.16 and 4.0.24 Security Releases Available

Release Announcements
---------------------

Samba 4.1.16 and 4.0.24 have been issued as security releases in order
to address CVE-2014-8143 (Elevation of privilege to Active Directory Domain
Controller). For the sake of completeness, Samba 4.2.0rc4 including a fix for
this defect will follow soon, but it won't be a dedicated security release
and will therefore address other bug fixes also.

For more details, please see
  http://www.samba.org/samba/history/security.html


o  CVE-2014-8143:
   Samba's AD DC allows the administrator to delegate
   creation of user or computer accounts to specific users or groups.

   However, all released versions of Samba's AD DC did not implement the
   additional required check on the UF_SERVER_TRUST_ACCOUNT bit in the
   userAccountControl attributes.


Changes:
=======
o   Andrew Bartlett <abartlet at samba.org>
    * BUG 10993: CVE-2014-8143: dsdb-samldb: Check for extended access
      rights before we allow changes to userAccountControl.


#######################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba correct product in the project's Bugzilla
database (https://bugzilla.samba.org/).


======================================================================= Our
Code, Our Bugs, Our Responsibility.
== The Samba Team
=====================================================================
===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA).  The source code can be downloaded
from:

        http://download.samba.org/samba/ftp/stable/

The release notes are available online at:

	http://www.samba.org/samba/history/samba-4.1.16.html
	http://www.samba.org/samba/history/samba-4.0.24.html

Binary packages will be made available on a volunteer basis from

        http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team

Maybe Matching Threads

Search for more reasonably related threads

samba announce - Jan 2015 - [Announce] Samba 4.1.16 and 4.0.24 Security Releases Available

[Announce] Samba 4.1.16 and 4.0.24 Security Releases Available

Maybe Matching Threads

Wisdom of the Ancients