similar to: [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available

When I upgrade a major revision (3.4.x -> 3.5.x ), I always get a listing from "testparm -v" before and after the upgrade to make sure that a parameter (that I didn't specify in the config) didn't change it's default setting. ---------------------------------------------- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660

Release Announcements --------------------- These are security release in order to address the following defects: o CVE-2018-1050 (Denial of Service Attack on external print server.) o CVE-2018-1057 (Authenticated users can change other users' password.) ======= Details ======= o CVE-2018-1050: All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack

Release Announcements --------------------- These are security release in order to address the following defects: o CVE-2018-1050 (Denial of Service Attack on external print server.) o CVE-2018-1057 (Authenticated users can change other users' password.) ======= Details ======= o CVE-2018-1050: All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack

Release Announcements --------------------- Samba 4.1.11 and 4.0.21 have been issued as security releases in order to address CVE-2014-3560 (Remote code execution in nmbd). For more details, please see http://www.samba.org/samba/history/security.html o CVE-2014-3560: All current versions of Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name

Release Announcements --------------------- Samba 4.1.11 and 4.0.21 have been issued as security releases in order to address CVE-2014-3560 (Remote code execution in nmbd). For more details, please see http://www.samba.org/samba/history/security.html o CVE-2014-3560: All current versions of Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name

Hi, this is a heads-up that there will be Samba security updates on Wednesday, May 24th. Please make sure that your Samba AD DCs will be updated immediately after the release! Impacted components: o AD DC LDAP Server (CVSS 7.5, high) Cheers, Karolin -- Karolin Seeger https://samba.org/~kseeger/ Release Manager Samba Team https://samba.org Team Lead Samba SerNet https://sernet.de

Hi, this is a heads-up that there will be Samba security updates on Wednesday, May 24th. Please make sure that your Samba AD DCs will be updated immediately after the release! Impacted components: o AD DC LDAP Server (CVSS 7.5, high) Cheers, Karolin -- Karolin Seeger https://samba.org/~kseeger/ Release Manager Samba Team https://samba.org Team Lead Samba SerNet https://sernet.de

On 9/20/19 8:58 AM, Eric Blake wrote: > On 9/12/19 12:41 PM, Richard W.M. Jones wrote: >> We have discovered a potential Denial of Service / Amplification Attack >> in nbdkit. > > Unfortunately, our fix for this issue cause another potential Denial of > Service attack: > >> >> Lifecycle >> --------- >> >> Reported: 2019-09-11 Fixed:

Release Announcements ===================== Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to address CVE-2012-1182. o CVE-2012-1182: Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user. Changes: -------- o Stefan Metzmacher <metze at samba.org> *BUG 8815: PIDL based autogenerated code allows

Release Announcements ===================== Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to address CVE-2012-1182. o CVE-2012-1182: Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user. Changes: -------- o Stefan Metzmacher <metze at samba.org> *BUG 8815: PIDL based autogenerated code allows

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Release Announcements ===================== This is a security release in order to address CVE-2008-4314 ("Potential leak of arbitrary memory contents"). o CVE-2008-4314 Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to malicious clients. The original security announcement for this and past

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Release Announcements ===================== This is a security release in order to address CVE-2008-4314 ("Potential leak of arbitrary memory contents"). o CVE-2008-4314 Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to malicious clients. The original security announcement for this and past

Hi, this is a heads-up that there will be Samba security updates on Tuesday, January 14th 2020. Please make sure that your Samba servers will be updated soon after the release! Impacted components: o AD DC (CVSS 6.5, medium) Cheers, Karolin -- Karolin Seeger https://samba.org/~kseeger/ Release Manager Samba Team https://samba.org Team Lead Samba SerNet https://sernet.de

Hi, this is a heads-up that there will be Samba security updates on Tuesday, January 14th 2020. Please make sure that your Samba servers will be updated soon after the release! Impacted components: o AD DC (CVSS 6.5, medium) Cheers, Karolin -- Karolin Seeger https://samba.org/~kseeger/ Release Manager Samba Team https://samba.org Team Lead Samba SerNet https://sernet.de

Release Announcements --------------------- This is the first stable release of the Samba 4.13 release series. Please read the release notes carefully before upgrading. ZeroLogon ========= Please avoid to set "server schannel = no" and "server schannel= auto" on all Samba domain controllers due to the wellknown ZeroLogon issue. For details please see

Release Announcements --------------------- This is the first stable release of the Samba 4.13 release series. Please read the release notes carefully before upgrading. ZeroLogon ========= Please avoid to set "server schannel = no" and "server schannel= auto" on all Samba domain controllers due to the wellknown ZeroLogon issue. For details please see

We have discovered a potential Denial of Service / Amplification Attack in nbdkit. Lifecycle --------- Reported: 2019-09-11 Fixed: 2019-09-11 Published: 2019-09-12 There is no CVE number assigned for this issue yet, but the bug is being categorized and processed by Red Hat's security team which may result in a CVE being published later. Credit ------ Reported and patched by Richard W.M.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:22.openssh Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSH Category: contrib Module: openssh Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:22.openssh Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSH Category: contrib Module: openssh Announced:

Hi Team, Workaround for CVE-2017-12151 :- client max protocol = NT1 and CVE-2017-12163 :- server min protocol = SMB2_02 are contradicting to each other. CVE-2017-12151 impacts on SMB3 protocol but workaound suggst to use NT1. I have below queries regarding this. Is SMB2 protocol also impacted by CVE-2017-12151 ? Can i use client max protocol = SMB2 so that it does not contradict with