similar to: [Announce] Samba 3.6.4, 3.5.14 and 3.4.16 Security Releases Available

Hi, We are using Samba 3.4.2 on Oracle Solaris 10 UNIX server. I am looking at the samba site for patches for the CVE-2012-1182 vulnerability, but the closest patch versions I see are for samba 3.4.15 & 3.4.16. Is there a specific patch to fix samba 3.4.2? Also, since we are patching, is there a cluster of patches available specifically for samba 3.4.2? Can you please point me to the links

Release Announcements ===================== This is the first preview release of Samba 3.4. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.4.0 include: ------------------------------------------ General changes: o Samba4 and

Release Announcements ===================== This is the first preview release of Samba 3.4. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.4.0 include: ------------------------------------------ General changes: o Samba4 and

=================================================================== "Birthdays are nature's way of telling us to eat more cake." Source Unknown ================================================================== Release Announcements ===================== This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.11 include: o Fix access to

=================================================================== "Birthdays are nature's way of telling us to eat more cake." Source Unknown ================================================================== Release Announcements ===================== This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.11 include: o Fix access to

================================================================= "Always keep an open mind and a compassionate heart." Phil Jackson ================================================================= Release Announcements ===================== This is the first stable release of Samba 3.4. Major enhancements in Samba 3.4.0 include:

================================================================= "Always keep an open mind and a compassionate heart." Phil Jackson ================================================================= Release Announcements ===================== This is the first stable release of Samba 3.4. Major enhancements in Samba 3.4.0 include:

Release Announcements --------------------- Samba 4.1.6, 4.0.16 and 3.6.23 have been issued as security releases in order to address CVE-2013-4496 (Password lockout not enforced for SAMR password changes) and CVE-2013-6442 (smbcacls can remove a file or directory ACL by mistake). Please note that Samba 3.6.23 is not affected by CVE-2013-6442. o CVE-2013-4496: Samba versions 3.4.0 and above

Release Announcements --------------------- Samba 4.1.6, 4.0.16 and 3.6.23 have been issued as security releases in order to address CVE-2013-4496 (Password lockout not enforced for SAMR password changes) and CVE-2013-6442 (smbcacls can remove a file or directory ACL by mistake). Please note that Samba 3.6.23 is not affected by CVE-2013-6442. o CVE-2013-4496: Samba versions 3.4.0 and above

Release Announcements ===================== This is the first release candidate of Samba 3.4. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.4.0 include: ------------------------------------------ Configuration changes: o

Release Announcements ===================== This is the first release candidate of Samba 3.4. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.4.0 include: ------------------------------------------ Configuration changes: o

Release Announcements --------------------- This is the latest stable release of the Samba 4.18 release series. Changes since 4.18.3 -------------------- o? Douglas Bagnall <douglas.bagnall at catalyst.net.nz> ?? * BUG 15404: Backport --pidl-developer fixes. o? Samuel Cabrero <scabrero at samba.org> ?? * BUG 14030: Named crashes on DLZ zone update. o? Bj?rn Jacke <bj at

Release Announcements --------------------- This is the latest stable release of the Samba 4.18 release series. Changes since 4.18.3 -------------------- o? Douglas Bagnall <douglas.bagnall at catalyst.net.nz> ?? * BUG 15404: Backport --pidl-developer fixes. o? Samuel Cabrero <scabrero at samba.org> ?? * BUG 14030: Named crashes on DLZ zone update. o? Bj?rn Jacke <bj at

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html o CVE-2020-25717: A user on the domain can become root on domain members.

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html o CVE-2020-25717: A user on the domain can become root on domain members.

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2022-2127:? When winbind is used for NTLM authentication, a maliciously ????????????????? crafted request can trigger an out-of-bounds read in winbind ????????????????? and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html o CVE-2023-3347:? SMB2

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2022-2127:? When winbind is used for NTLM authentication, a maliciously ????????????????? crafted request can trigger an out-of-bounds read in winbind ????????????????? and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html o CVE-2023-3347:? SMB2

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos ????????????????? RC4-HMAC Elevation of Privilege Vulnerability ????????????????? disclosed by Microsoft on Nov 8 2022. ????????????????? A Samba Active Directory DC will issue weak rc4-hmac ?????????????????

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos ????????????????? RC4-HMAC Elevation of Privilege Vulnerability ????????????????? disclosed by Microsoft on Nov 8 2022. ????????????????? A Samba Active Directory DC will issue weak rc4-hmac ?????????????????

Hi Team, Workaround for CVE-2017-12151 :- client max protocol = NT1 and CVE-2017-12163 :- server min protocol = SMB2_02 are contradicting to each other. CVE-2017-12151 impacts on SMB3 protocol but workaound suggst to use NT1. I have below queries regarding this. Is SMB2 protocol also impacted by CVE-2017-12151 ? Can i use client max protocol = SMB2 so that it does not contradict with