1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.11.2 - Release Notes</title>
8 <H2>Samba 4.11.2 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.11.2.tar.gz">Samba 4.11.2 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.11.2.tar.asc">Signature</a>
14 <a href="https://download.samba.org/pub/samba/patches/samba-4.11.1-4.11.2.diffs.gz">Patch (gzipped) against Samba 4.11.1</a><br>
15 <a href="https://download.samba.org/pub/samba/patches/samba-4.11.1-4.11.2.diffs.asc">Signature</a>
19 ==============================
20 Release Notes for Samba 4.11.2
22 ==============================
25 This is a security release in order to address the following defects:
27 o CVE-2019-10218: Client code can return filenames containing path separators.
28 o CVE-2019-14833: Samba AD DC check password script does not receive the full
30 o CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server
38 Malicious servers can cause Samba client code to return filenames containing
39 path separators to calling code.
42 When the password contains multi-byte (non-ASCII) characters, the check
43 password script does not receive the full password string.
46 Users with the "get changes" extended access right can crash the AD DC LDAP
47 server by requesting an attribute using the range= syntax.
49 For more details and workarounds, please refer to the security advisories.
55 o Jeremy Allison <jra@samba.org>
56 * BUG 14071: CVE-2019-10218 - s3: libsmb: Protect SMB1 and SMB2 client code
57 from evil server returned names.
59 o Andrew Bartlett <abartlet@samba.org>
60 * BUG 12438: CVE-2019-14833: Use utf8 characters in the unacceptable
62 * BUG 14040: CVE-2019-14847 dsdb: Correct behaviour of ranged_results when
63 combined with dirsync.
65 o Björn Baumbach <bb@sernet.de>
66 * BUG 12438: CVE-2019-14833 dsdb: Send full password to check password