similar to: [Announce] Samba 4.10.5 and 4.9.9 Security Releases Available

Release Announcements --------------------- These are security release in order to address the following defects: o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results. o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global

Release Announcements --------------------- These are security release in order to address the following defects: o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results. o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global

Release Announcements --------------------- These are a security releases in order to address the following defects: o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC ======= Details ======= o CVE-2020-10700: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a

Release Announcements --------------------- These are a security releases in order to address the following defects: o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC ======= Details ======= o CVE-2020-10700: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated ???????????????? but otherwise unprivileged users to delete this attribute from ???????????????? any object in the directory. https://www.samba.org/samba/security/CVE-2023-0225.html o CVE-2023-0922:

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated ???????????????? but otherwise unprivileged users to delete this attribute from ???????????????? any object in the directory. https://www.samba.org/samba/security/CVE-2023-0225.html o CVE-2023-0922:

Release Announcements --------------------- These are a security releases in order to address the following defects: o CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify. o CVE-2020-14323: Unprivileged user can crash winbind. o CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records. ======= Details ======= o CVE-2020-14318:

Release Announcements --------------------- These are a security releases in order to address the following defects: o CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify. o CVE-2020-14323: Unprivileged user can crash winbind. o CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records. ======= Details ======= o CVE-2020-14318:

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html o CVE-2020-25717: A user on the domain can become root on domain members.

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html o CVE-2020-25717: A user on the domain can become root on domain members.

Release Announcements --------------------- This is the latest stable release of the Samba 4.17 release series. Changes since 4.17.0 -------------------- o? Jeremy Allison <jra at samba.org> ?? * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented ???? atomically. ?? * BUG 15174: smbXsrv_connection_shutdown_send result leaked. ?? * BUG 15182: Flush on a named

Release Announcements --------------------- This is the latest stable release of the Samba 4.17 release series. Changes since 4.17.0 -------------------- o? Jeremy Allison <jra at samba.org> ?? * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented ???? atomically. ?? * BUG 15174: smbXsrv_connection_shutdown_send result leaked. ?? * BUG 15182: Flush on a named

Release Announcements --------------------- This is the latest stable release of the Samba 4.15 release series. Changes since 4.15.0 -------------------- o? Jeremy Allison <jra at samba.org> ?? * BUG 14682: vfs_shadow_copy2: core dump in make_relative_path. ?? * BUG 14685: Log clutter from filename_convert_internal. ?? * BUG 14862: MacOSX compilation fixes. o? Douglas Bagnall

Release Announcements --------------------- This is the latest stable release of the Samba 4.15 release series. Changes since 4.15.0 -------------------- o? Jeremy Allison <jra at samba.org> ?? * BUG 14682: vfs_shadow_copy2: core dump in make_relative_path. ?? * BUG 14685: Log clutter from filename_convert_internal. ?? * BUG 14862: MacOSX compilation fixes. o? Douglas Bagnall

Release Announcements --------------------- This is the latest stable release of the Samba 4.13 release series. Changes since 4.13.12 --------------------- o? Douglas Bagnall <douglas.bagnall at catalyst.net.nz> ?? * BUG 14868: rodc_rwdc test flaps. ?? * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o? Andrew Bartlett <abartlet at samba.org> ?? * BUG

Release Announcements --------------------- This is the latest stable release of the Samba 4.13 release series. Changes since 4.13.12 --------------------- o? Douglas Bagnall <douglas.bagnall at catalyst.net.nz> ?? * BUG 14868: rodc_rwdc test flaps. ?? * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o? Andrew Bartlett <abartlet at samba.org> ?? * BUG

Release Announcements --------------------- This is the latest stable release of the Samba 4.14 release series. Changes since 4.14.8 -------------------- o? Jeremy Allison <jra at samba.org> ?? * BUG 14682: vfs_shadow_copy2: core dump in make_relative_path. o? Douglas Bagnall <douglas.bagnall at catalyst.net.nz> ?? * BUG 14868: rodc_rwdc test flaps. ?? * BUG 14881: Backport

Release Announcements --------------------- This is the latest stable release of the Samba 4.14 release series. Changes since 4.14.8 -------------------- o? Jeremy Allison <jra at samba.org> ?? * BUG 14682: vfs_shadow_copy2: core dump in make_relative_path. o? Douglas Bagnall <douglas.bagnall at catalyst.net.nz> ?? * BUG 14868: rodc_rwdc test flaps. ?? * BUG 14881: Backport

Release Announcements ===================== This is the fourth release candidate of Samba 4.10. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.10 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the fourth release candidate of Samba 4.10. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.10 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES