history/samba-4.14.14.html

   1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   2  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   3 <html xmlns="http://www.w3.org/1999/xhtml">
   4 <head>
   5 <title>Samba 4.14.14 - Release Notes</title>
   6 </head>
   7 <body>
   8 <H2>Samba 4.14.14 Available for Download</H2>
   9 <p>
  10 <a href="https://download.samba.org/pub/samba/stable/samba-4.14.14.tar.gz">Samba 4.14.14 (gzipped)</a><br>
  11 <a href="https://download.samba.org/pub/samba/stable/samba-4.14.14.tar.asc">Signature</a>
  12 </p>
  13 <p>
  14 <a href="https://download.samba.org/pub/samba/patches/samba-4.14.13-4.14.14.diffs.gz">Patch (gzipped) against Samba 4.14.13</a><br>
  15 <a href="https://download.samba.org/pub/samba/patches/samba-4.14.13-4.14.14.diffs.asc">Signature</a>
  16 </p>
  17 <p>
  18 <pre>
  19                    ===============================
  20                    Release Notes for Samba 4.14.14
  21                             July 27, 2022
  22                    ===============================
  23
  24
  25 This is a security release in order to address the following defects:
  26
  27 o CVE-2022-2031:  Samba AD users can bypass certain restrictions associated with
  28                   changing passwords.
  29                   https://www.samba.org/samba/security/CVE-2022-2031.html
  30
  31 o CVE-2022-32744: Samba AD users can forge password change requests for any user.
  32                   https://www.samba.org/samba/security/CVE-2022-32744.html
  33
  34 o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
  35                   or modify request.
  36                   https://www.samba.org/samba/security/CVE-2022-32745.html
  37
  38 o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
  39                   process with an LDAP add or modify request.
  40                   https://www.samba.org/samba/security/CVE-2022-32746.html
  41
  42 o CVE-2022-32742: Server memory information leak via SMB1.
  43                   https://www.samba.org/samba/security/CVE-2022-32742.html
  44
  45 Changes since 4.14.13
  46 ---------------------
  47
  48 o  Jeremy Allison &lt;jra@samba.org&gt;
  49    * BUG 15085: CVE-2022-32742.
  50
  51 o  Andrew Bartlett &lt;abartlet@samba.org&gt;
  52    * BUG 15009: CVE-2022-32746.
  53
  54 o  Andreas Schneider &lt;asn@samba.org&gt;
  55    * BUG 15047: CVE-2022-2031.
  56
  57 o  Isaac Boukris &lt;iboukris@gmail.com&gt;
  58    * BUG 15047: CVE-2022-2031.
  59
  60 o  Joseph Sutton &lt;josephsutton@catalyst.net.nz&gt;
  61    * BUG 15008: CVE-2022-32745.
  62    * BUG 15009: CVE-2022-32746.
  63    * BUG 15047: CVE-2022-2031.
  64    * BUG 15074: CVE-2022-32744.
  65
  66
  67 </pre>
  68 </p>
  69 </body>
  70 </html>