Andrea Venturoli
2023-Nov-27 16:13 UTC
[Samba] [Announce] Samba 4.19.3 Available for Download
On 11/27/23 13:27, Jule Anger via samba wrote: Hello.> All versions of Samba from 4.0.0 onwards are vulnerable to an > ... > When a domain was provisioned with an unpatched Samba version,> ...> The patched Samba does NOT protect existing domains! > > The administrator needs to run the following commandJust a check to see if I understand correctly: _ Samba 4.19.3 is needed to correctly provision new domains; _ old domains must be corrected with the given command; _ that command only works in 4.19.3; it won't fix the problem if launched on an older version (at least it did nothing when I tried it on 4.17.12). If so, are updated 4.17.x and 4.18.x releases planned for those who can't or don't want to move to 4.19? Or is there another (perhaps more manual) way to check if a domain is affected and fix it? Thanks in advance av.
Rowland Penny
2023-Nov-27 16:50 UTC
[Samba] [Announce] Samba 4.19.3 Available for Download
On Mon, 27 Nov 2023 17:13:18 +0100 Andrea Venturoli via samba <samba at lists.samba.org> wrote:> On 11/27/23 13:27, Jule Anger via samba wrote: > > Hello. > > > > > All versions of Samba from 4.0.0 onwards are vulnerable to an > > ... > > When a domain was provisioned with an unpatched Samba version, > > ... > > The patched Samba does NOT protect existing domains! > > > > The administrator needs to run the following command > > Just a check to see if I understand correctly: > _ Samba 4.19.3 is needed to correctly provision new domains; > _ old domains must be corrected with the given command; > _ that command only works in 4.19.3; it won't fix the problem if > launched on an older version (at least it did nothing when I tried it > on 4.17.12). > > If so, are updated 4.17.x and 4.18.x releases planned for those who > can't or don't want to move to 4.19? > > Or is there another (perhaps more manual) way to check if a domain is > affected and fix it? > > Thanks in advance > av. >If you can follow the trail: https://www.samba.org/samba/security/CVE-2018-14628.html Then: https://bugzilla.samba.org/show_bug.cgi?id=13595 You would find this at comment 20 from Jule Anger: Pushed to autobuild-v4-{19,18}-test. I will add the section to the release notes and I will include the bug for the next 4.17 security release. 4.18.8 is due on Wednesday Not sure when or if there will be a next 4.17 security release. Rowland