similar to: [Announce] Samba meta-data symlink vulnerability CVE-2021-20316

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html o CVE-2020-25717: A user on the domain can become root on domain members.

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html o CVE-2020-25717: A user on the domain can become root on domain members.

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4476 (Bug ID) Vulnerability type: CWE-24: Path Traversal: '../filedir' Vulnerable version: 2.3.11-2.3.14 Vulnerable component: imap, pop3, submission, managesieve Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-03-22

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4476 (Bug ID) Vulnerability type: CWE-24: Path Traversal: '../filedir' Vulnerable version: 2.3.11-2.3.14 Vulnerable component: imap, pop3, submission, managesieve Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-03-22

Release Announcements ===================== This is the third release candidate of Samba 4.16.? This is *not* intended for production environments and is designed for testing purposes only.? Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.16 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the third release candidate of Samba 4.16.? This is *not* intended for production environments and is designed for testing purposes only.? Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.16 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the fourth release candidate of Samba 4.16.? This is *not* intended for production environments and is designed for testing purposes only.? Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.16 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the fourth release candidate of Samba 4.16.? This is *not* intended for production environments and is designed for testing purposes only.? Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.16 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the fifth release candidate of Samba 4.16.? This is *not* intended for production environments and is designed for testing purposes only.? Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.16 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the fifth release candidate of Samba 4.16.? This is *not* intended for production environments and is designed for testing purposes only.? Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.16 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements --------------------- This is a security release in order to address the following defects: o CVE-2021-43566:? mkdir race condition allows share escape in Samba 4.x. https://www.samba.org/samba/security/CVE-2021-43566.html ======= Details ======= o? CVE-2021-43566: ?? All versions of Samba prior to 4.13.16 are vulnerable to a malicious ?? client using an SMB1 or NFS

Release Announcements --------------------- This is a security release in order to address the following defects: o CVE-2021-43566:? mkdir race condition allows share escape in Samba 4.x. https://www.samba.org/samba/security/CVE-2021-43566.html ======= Details ======= o? CVE-2021-43566: ?? All versions of Samba prior to 4.13.16 are vulnerable to a malicious ?? client using an SMB1 or NFS

Release Announcements ===================== This is the second release candidate of Samba 4.16.? This is *not* intended for production environments and is designed for testing purposes only.? Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.16 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the second release candidate of Samba 4.16.? This is *not* intended for production environments and is designed for testing purposes only.? Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.16 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements --------------------- This is the first stable release of the Samba 4.17 release series. Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES ==================== SMB Server performance improvements ----------------------------------- The security improvements in recent releases (4.13, 4.14, 4.15, 4.16), mainly as protection against symlink

Release Announcements --------------------- This is the first stable release of the Samba 4.17 release series. Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES ==================== SMB Server performance improvements ----------------------------------- The security improvements in recent releases (4.13, 4.14, 4.15, 4.16), mainly as protection against symlink

Release Announcements ===================== This is the fifth release candidate of Samba 4.17.? This is *not* intended for production environments and is designed for testing purposes only.? Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.17 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the fifth release candidate of Samba 4.17.? This is *not* intended for production environments and is designed for testing purposes only.? Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.17 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES