similar to: [Announce] Samba 4.10.5 and 4.9.9 Security Releases Available

Release Announcements --------------------- These are security release in order to address the following defects: o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results. o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global

Release Announcements --------------------- These are security release in order to address the following defects: o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results. o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global

Release Announcements --------------------- These are a security releases in order to address the following defects: o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC ======= Details ======= o CVE-2020-10700: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a

Release Announcements --------------------- These are a security releases in order to address the following defects: o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC ======= Details ======= o CVE-2020-10700: A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated ???????????????? but otherwise unprivileged users to delete this attribute from ???????????????? any object in the directory. https://www.samba.org/samba/security/CVE-2023-0225.html o CVE-2023-0922:

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated ???????????????? but otherwise unprivileged users to delete this attribute from ???????????????? any object in the directory. https://www.samba.org/samba/security/CVE-2023-0225.html o CVE-2023-0922:

Release Announcements --------------------- These are a security releases in order to address the following defects: o CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify. o CVE-2020-14323: Unprivileged user can crash winbind. o CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records. ======= Details ======= o CVE-2020-14318:

Release Announcements --------------------- These are a security releases in order to address the following defects: o CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify. o CVE-2020-14323: Unprivileged user can crash winbind. o CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records. ======= Details ======= o CVE-2020-14318:

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html o CVE-2020-25717: A user on the domain can become root on domain members.

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html o CVE-2020-25717: A user on the domain can become root on domain members.

So, without doing a fresh install on the system the join succeeded with 4.14.9. What does it mean? In the end I want to end up with a much later version which is still getting security fixes. I went through the readme of CVE-2020-25717 as mentioned but did not really understand how this impacts the join procedure. Up to now I was using DOMAIN\administrator or its kerberos ticket for the join.

Hi Douglas, Thanks for this suggestion. I'll try that. Additionally, after reading the not on samba.tranquil.it about 'dependencies to sssd' (whatever it means) I will try to use a completely fresh installation of RHEL9. For my testlab I have just used a clone of some VM which was previously joined to domain and was using sssd. I will report back with my findings in a while. Thanks

Release Announcements ===================== This is the fourth release candidate of Samba 4.10. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.10 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the fourth release candidate of Samba 4.10. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.10 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements --------------------- This is the latest stable release of the Samba 4.17 release series. Changes since 4.17.0 -------------------- o? Jeremy Allison <jra at samba.org> ?? * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented ???? atomically. ?? * BUG 15174: smbXsrv_connection_shutdown_send result leaked. ?? * BUG 15182: Flush on a named

Release Announcements --------------------- This is the latest stable release of the Samba 4.17 release series. Changes since 4.17.0 -------------------- o? Jeremy Allison <jra at samba.org> ?? * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented ???? atomically. ?? * BUG 15174: smbXsrv_connection_shutdown_send result leaked. ?? * BUG 15182: Flush on a named

Release Announcements --------------------- This is the latest stable release of the Samba 4.15 release series. Changes since 4.15.0 -------------------- o? Jeremy Allison <jra at samba.org> ?? * BUG 14682: vfs_shadow_copy2: core dump in make_relative_path. ?? * BUG 14685: Log clutter from filename_convert_internal. ?? * BUG 14862: MacOSX compilation fixes. o? Douglas Bagnall

Release Announcements --------------------- This is the latest stable release of the Samba 4.15 release series. Changes since 4.15.0 -------------------- o? Jeremy Allison <jra at samba.org> ?? * BUG 14682: vfs_shadow_copy2: core dump in make_relative_path. ?? * BUG 14685: Log clutter from filename_convert_internal. ?? * BUG 14862: MacOSX compilation fixes. o? Douglas Bagnall

Release Announcements --------------------- This is the latest stable release of the Samba 4.13 release series. Changes since 4.13.12 --------------------- o? Douglas Bagnall <douglas.bagnall at catalyst.net.nz> ?? * BUG 14868: rodc_rwdc test flaps. ?? * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o? Andrew Bartlett <abartlet at samba.org> ?? * BUG

Release Announcements --------------------- This is the latest stable release of the Samba 4.13 release series. Changes since 4.13.12 --------------------- o? Douglas Bagnall <douglas.bagnall at catalyst.net.nz> ?? * BUG 14868: rodc_rwdc test flaps. ?? * BUG 14881: Backport bronze bit fixes, tests, and selftest improvements. o? Andrew Bartlett <abartlet at samba.org> ?? * BUG