similar to: [Announce] Samba 4.10.8 and 4.9.13 Security Releases Available

Release Announcements ===================== This is the third release candidate of Samba 4.11. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.11 will be the next version of the Samba suite. UPGRADING ========= AD Database compatibility

Release Announcements ===================== This is the third release candidate of Samba 4.11. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.11 will be the next version of the Samba suite. UPGRADING ========= AD Database compatibility

======================================================== "Moonlight is sculpture." Nathaniel Hawthorne ======================================================== Release Announcements --------------------- This is the first stable release of the Samba 4.11 release series. Please read the release notes carefully before upgrading. UPGRADING ========= AD Database

======================================================== "Moonlight is sculpture." Nathaniel Hawthorne ======================================================== Release Announcements --------------------- This is the first stable release of the Samba 4.11 release series. Please read the release notes carefully before upgrading. UPGRADING ========= AD Database

Release Announcements ===================== This is the fourth release candidate of Samba 4.11. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.11 will be the next version of the Samba suite. UPGRADING ========= AD Database compatibility

Release Announcements ===================== This is the fourth release candidate of Samba 4.11. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.11 will be the next version of the Samba suite. UPGRADING ========= AD Database compatibility

Release Announcements --------------------- These are security releases in order to address the following defect: o CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon"). The following applies to Samba used as domain controller only (most seriously the Active Directory DC, but also the classic/NT4-style DC). Installations running Samba as a file server only are

Release Announcements --------------------- These are security releases in order to address the following defect: o CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon"). The following applies to Samba used as domain controller only (most seriously the Active Directory DC, but also the classic/NT4-style DC). Installations running Samba as a file server only are

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2017-12150 (SMB1/2/3 connections may not require signing where they should) o CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects) o CVE-2017-12163 (Server memory information leak over SMB1) ======= Details ======= o CVE-2017-12150: A

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2017-12150 (SMB1/2/3 connections may not require signing where they should) o CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects) o CVE-2017-12163 (Server memory information leak over SMB1) ======= Details ======= o CVE-2017-12150: A

Under what conditions are "server services = -ldap" an acceptable workaround? would it work with a standalone AD with file sharing done by other Samba servers? On Tue, Mar 13, 2018 at 5:20 AM, Karolin Seeger via samba-technical <samba-technical at lists.samba.org> wrote: > Release Announcements > --------------------- > > These are security release in order to address

Hi Team, Workaround for CVE-2017-12151 :- client max protocol = NT1 and CVE-2017-12163 :- server min protocol = SMB2_02 are contradicting to each other. CVE-2017-12151 impacts on SMB3 protocol but workaound suggst to use NT1. I have below queries regarding this. Is SMB2 protocol also impacted by CVE-2017-12151 ? Can i use client max protocol = SMB2 so that it does not contradict with

Release Announcements --------------------- These are a security releases in order to address the following defect: o CVE-2017-2619 (Symlink race allows access outside share definition) ======= Details ======= o CVE-2017-2619: All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file

Release Announcements --------------------- These are a security releases in order to address the following defect: o CVE-2017-2619 (Symlink race allows access outside share definition) ======= Details ======= o CVE-2017-2619: All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability). o CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in trusted realms). o CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability). o CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in trusted realms). o CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger

Release Announcements --------------------- These are security releases in order to address the following defect: o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass) ======= Details ======= o CVE-2017-11103 (Heimdal): All versions of Samba from 4.0.0 onwards using embedded Heimdal Kerberos are vulnerable to a man-in-the-middle attack impersonating a trusted

Release Announcements --------------------- These are a security releases in order to address the following defect: o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) ======= Details ======= o CVE-2018-16860: The checksum validation in the S4U2Self handler in the embedded Heimdal KDC did not first confirm that the checksum was keyed, allowing replacement of the

Release Announcements --------------------- These are a security releases in order to address the following defect: o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) ======= Details ======= o CVE-2018-16860: The checksum validation in the S4U2Self handler in the embedded Heimdal KDC did not first confirm that the checksum was keyed, allowing replacement of the

Release Announcements --------------------- These are security release in order to address the following defects: o CVE-2018-1050 (Denial of Service Attack on external print server.) o CVE-2018-1057 (Authenticated users can change other users' password.) ======= Details ======= o CVE-2018-1050: All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack