similar to: [Announce] Samba 4.3.6, 4.2.9, 4.1.23 and 4.4.0rc4 Security Releases Available for Download

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server) o CVE-2015-3223 (Denial of service in Samba Active Directory server) o CVE-2015-5252 (Insufficient symlink verification in smbd) o CVE-2015-5299 (Missing access control check in shadow copy code) o CVE-2015-5296 (Samba

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server) o CVE-2015-3223 (Denial of service in Samba Active Directory server) o CVE-2015-5252 (Insufficient symlink verification in smbd) o CVE-2015-5299 (Missing access control check in shadow copy code) o CVE-2015-5296 (Samba

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2018-1139 (Weak authentication protocol allowed.) o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.) o CVE-2018-10858 (Insufficient input validation on client directory listing in libsmbclient.) o CVE-2018-10918 (Denial of Service Attack on AD DC

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2018-1139 (Weak authentication protocol allowed.) o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.) o CVE-2018-10858 (Insufficient input validation on client directory listing in libsmbclient.) o CVE-2018-10918 (Denial of Service Attack on AD DC

Is there a place I can read about the improvements to the DNS service? Thanks. On 3/16/2016 6:03 AM, Karolin Seeger wrote: > Release Announcements > ===================== > > This is the fifth release candidate of Samba 4.4. This is *not* > intended for production environments and is designed for testing > purposes only. Please report any defects via the Samba bug reporting

Release Announcements --------------------- These are a security releases in order to address the following defects: o CVE-2017-14746 (Use-after-free vulnerability.) o CVE-2017-15275 (Server heap memory information leak.) ======= Details ======= o CVE-2017-14746: All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request

Release Announcements --------------------- These are a security releases in order to address the following defects: o CVE-2017-14746 (Use-after-free vulnerability.) o CVE-2017-15275 (Server heap memory information leak.) ======= Details ======= o CVE-2017-14746: All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request

====================================================== "In politics stupidity is not a handicap." Napoleon Bonaparte ====================================================== Release Announcements ===================== This is the first stable release of the Samba 4.4 release series. UPGRADING ========= Nothing special. NEW FEATURES/CHANGES ====================

====================================================== "In politics stupidity is not a handicap." Napoleon Bonaparte ====================================================== Release Announcements ===================== This is the first stable release of the Samba 4.4 release series. UPGRADING ========= Nothing special. NEW FEATURES/CHANGES ====================

Release Announcements --------------------- These are a security releases in order to address the following defect: o CVE-2017-2619 (Symlink race allows access outside share definition) ======= Details ======= o CVE-2017-2619: All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file

Release Announcements --------------------- These are a security releases in order to address the following defect: o CVE-2017-2619 (Symlink race allows access outside share definition) ======= Details ======= o CVE-2017-2619: All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file

Release Announcements ===================== This is the fifth release candidate of Samba 4.4. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.4 will be the next version of the Samba suite. UPGRADING ========= Nothing special. NEW

Release Announcements ===================== This is the fifth release candidate of Samba 4.4. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.4 will be the next version of the Samba suite. UPGRADING ========= Nothing special. NEW

Release Announcements --------------------- This is a security release in order to address the following defects: o CVE-2021-43566:? mkdir race condition allows share escape in Samba 4.x. https://www.samba.org/samba/security/CVE-2021-43566.html ======= Details ======= o? CVE-2021-43566: ?? All versions of Samba prior to 4.13.16 are vulnerable to a malicious ?? client using an SMB1 or NFS

Release Announcements --------------------- This is a security release in order to address the following defects: o CVE-2021-43566:? mkdir race condition allows share escape in Samba 4.x. https://www.samba.org/samba/security/CVE-2021-43566.html ======= Details ======= o? CVE-2021-43566: ?? All versions of Samba prior to 4.13.16 are vulnerable to a malicious ?? client using an SMB1 or NFS

====================================================== "It kills me sometimes, how people die." Markus Zusak, The Book Thief ====================================================== Release Announcements --------------------- This is the latest stable release of Samba 4.3. Changes since 4.3.4: -------------------- o Jeremy Allison <jra at samba.org> *

====================================================== "It kills me sometimes, how people die." Markus Zusak, The Book Thief ====================================================== Release Announcements --------------------- This is the latest stable release of Samba 4.3. Changes since 4.3.4: -------------------- o Jeremy Allison <jra at samba.org> *

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2015-5370 (Multiple errors in DCE-RPC code) o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP) o CVE-2016-2111 (NETLOGON Spoofing Vulnerability) o CVE-2016-2112 (LDAP client and server don't enforce integrity) o CVE-2016-2113 (Missing TLS certificate

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2015-5370 (Multiple errors in DCE-RPC code) o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP) o CVE-2016-2111 (NETLOGON Spoofing Vulnerability) o CVE-2016-2112 (LDAP client and server don't enforce integrity) o CVE-2016-2113 (Missing TLS certificate

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2022-3437:? There is a limited write heap buffer overflow in the GSSAPI ????????????????? unwrap_des() and unwrap_des3() routines of Heimdal (included ????????????????? in Samba). https://www.samba.org/samba/security/CVE-2022-3437.html o CVE-2022-3592:? A malicious client