samba - Nov 2022 - accidentally upgraded DC to 4.17.3 ... didn't work

On Tue, 2022-11-22 at 09:53 +0100, Stefan G. Weichinger via samba
wrote:
> Am 22.11.22 um 09:43 schrieb Stefan G. Weichinger via samba:
> 
> > but I don't have it OK yet:
> 
> Update: seems OK now
> 
> I wonder if to stay at 4.16.2 on ADC2 and 4.16.6 on ADC1 for now.
> 
> Vacation starts on thursday ...
It really comes down to how much you trust your users. ?Remember that
each of them is domain admin in Samba 4.16.2

https://www.samba.org/samba/security/CVE-2022-32744.html
-- 
Andrew Bartlett (he/him)        https://samba.org/~abartlet/
Samba Team Member (since 2001)  https://samba.org
Samba Developer, Catalyst IT    https://catalyst.net.nz/services/samba

Op 22-11-2022 om 10:00 schreef Andrew Bartlett via
samba:
> On Tue, 2022-11-22 at 09:53 +0100, Stefan G. Weichinger via samba
> wrote:
>> Am 22.11.22 um 09:43 schrieb Stefan G. Weichinger via samba:
>>
>>> but I don't have it OK yet:
>> Update: seems OK now
>>
>> I wonder if to stay at 4.16.2 on ADC2 and 4.16.6 on ADC1 for now.
>>
>> Vacation starts on thursday ...
> It really comes down to how much you trust your users. ?Remember that
> each of them is domain admin in Samba 4.16.2
>
> https://www.samba.org/samba/security/CVE-2022-32744.html
Technically there is no issue, but then there is Andrew's point...

Am 22.11.22 um 10:00 schrieb Andrew Bartlett:
> On Tue, 2022-11-22 at 09:53 +0100, Stefan G. Weichinger via samba
> wrote:
>> Am 22.11.22 um 09:43 schrieb Stefan G. Weichinger via samba:
>>
>>> but I don't have it OK yet:
>>
>> Update: seems OK now
>>
>> I wonder if to stay at 4.16.2 on ADC2 and 4.16.6 on ADC1 for now.
>>
>> Vacation starts on thursday ...
> 
> It really comes down to how much you trust your users. ?Remember that
> each of them is domain admin in Samba 4.16.2
Hmm, yes, that sounds scary. Although the users there should be trustworthy.

I check that DNS/resolved-issue again and retry the upgrade to 4.17.3 soon.

thanks