Karolin Seeger
2019-May-14 06:31 UTC
[Announce] Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available
Release Announcements --------------------- These are a security releases in order to address the following defect: o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) ======Details ====== o CVE-2018-16860: The checksum validation in the S4U2Self handler in the embedded Heimdal KDC did not first confirm that the checksum was keyed, allowing replacement of the requested target (client) principal. For more details and workarounds, please refer to the security advisory. Changes: -------- o Isaac Boukris <iboukris at gmail.com> * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/). ======================================================================= Our Code, Our Bugs, Our Responsibility. == The Samba Team ===================================================================== ===============Download Details =============== The uncompressed tarballs and patch files have been signed using GnuPG (ID 6F33915B6568B7EA). The source code can be downloaded from: https://download.samba.org/pub/samba/stable/ The release notes are available online at: https://www.samba.org/samba/history/samba-4.10.3.html https://www.samba.org/samba/history/samba-4.9.8.html https://www.samba.org/samba/history/samba-4.8.12.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba-announce/attachments/20190514/11c91102/signature.sig>
Apparently Analagous Threads
- [Announce] Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available
- [Announce] Samba 4.15.1 Available for Download
- [Announce] Samba 4.15.1 Available for Download
- [Announce] Samba 4.13.13 Available for Download
- [Announce] Samba 4.13.13 Available for Download