samba - Oct 2022 - [Announce] Samba 4.17.2, 4.16.6 and 4.15.11 Security Releases Available for Download

Release Announcements
---------------------

This are security releases in order to address the following defects:

o CVE-2022-3437:? There is a limited write heap buffer overflow in the 
GSSAPI
 ????????????????? unwrap_des() and unwrap_des3() routines of Heimdal 
(included
 ????????????????? in Samba).
https://www.samba.org/samba/security/CVE-2022-3437.html

o CVE-2022-3592:? A malicious client can use a symlink to escape the 
exported
 ????????????????? directory. (4.17 only)
https://www.samba.org/samba/security/CVE-2022-3592.html

Changes
-------

o? Volker Lendecke <vl at samba.org>
 ?? * BUG 15207: CVE-2022-3592.

o? Joseph Sutton <josephsutton at catalyst.net.nz>
 ?? * BUG 15134: CVE-2022-3437.


#######################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical:matrix.org matrix room, or
#samba-technical IRC channel on irc.libera.chat.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.? All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).


======================================================================= Our
Code, Our Bugs, Our Responsibility.
== The Samba Team
=====================================================================


===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID AA99442FB680B620).? The source code can be downloaded
from:

 ??????? https://download.samba.org/pub/samba/stable/

The release notes are available online at:

 ??????? https://www.samba.org/samba/history/samba-4.17.2.html
 ??????? https://www.samba.org/samba/history/samba-4.16.6.html
 ??????? https://www.samba.org/samba/history/samba-4.15.11.html

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

 ??????????????????????? --Enjoy
 ??????????????????????? The Samba Team

I never got my problem with my Samba AD DC Resolved.

Months and months ago, I had an issue where I had a single DC that could 
not Authenticate users due to this error:

$ wbinfo -S S-1-5-21-
failed to call wbcSidToUid: WBC_ERR_UNKNOWN_FAILURE
Could not convert sid S-1-5-21- to uid

or use smbclient and cause this error

session setup failed: NT_STATUS_INVALID_SID

I tried endlessly for months to try and fix it with people on the 
mailing list not really helping me, after much debugging I gave up, and 
just sort of "Lived with the problem."

LDAP and Kerberos still worked and the problem was isolated to just one 
Domain Controller of the three I have. So I just sorta "lived with"
the
problem because LDAP and Kerberos still worked. I'd like to try and 
actually fix the problem. I've posted debugging logs to the mailing list 
to death. Would anyone be willing to work with me?