1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.14.14 - Release Notes</title>
8 <H2>Samba 4.14.14 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.14.14.tar.gz">Samba 4.14.14 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.14.14.tar.asc">Signature</a>
14 <a href="https://download.samba.org/pub/samba/patches/samba-4.14.13-4.14.14.diffs.gz">Patch (gzipped) against Samba 4.14.13</a><br>
15 <a href="https://download.samba.org/pub/samba/patches/samba-4.14.13-4.14.14.diffs.asc">Signature</a>
19 ===============================
20 Release Notes for Samba 4.14.14
22 ===============================
25 This is a security release in order to address the following defects:
27 o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with
29 https://www.samba.org/samba/security/CVE-2022-2031.html
31 o CVE-2022-32744: Samba AD users can forge password change requests for any user.
32 https://www.samba.org/samba/security/CVE-2022-32744.html
34 o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
36 https://www.samba.org/samba/security/CVE-2022-32745.html
38 o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
39 process with an LDAP add or modify request.
40 https://www.samba.org/samba/security/CVE-2022-32746.html
42 o CVE-2022-32742: Server memory information leak via SMB1.
43 https://www.samba.org/samba/security/CVE-2022-32742.html
48 o Jeremy Allison <jra@samba.org>
49 * BUG 15085: CVE-2022-32742.
51 o Andrew Bartlett <abartlet@samba.org>
52 * BUG 15009: CVE-2022-32746.
54 o Andreas Schneider <asn@samba.org>
55 * BUG 15047: CVE-2022-2031.
57 o Isaac Boukris <iboukris@gmail.com>
58 * BUG 15047: CVE-2022-2031.
60 o Joseph Sutton <josephsutton@catalyst.net.nz>
61 * BUG 15008: CVE-2022-32745.
62 * BUG 15009: CVE-2022-32746.
63 * BUG 15047: CVE-2022-2031.
64 * BUG 15074: CVE-2022-32744.