1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.15.2 - Release Notes</title>
8 <H2>Samba 4.15.2 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.15.2.tar.gz">Samba 4.15.2 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.15.2.tar.asc">Signature</a>
14 <a href="https://download.samba.org/pub/samba/patches/samba-4.15.1-4.15.2.diffs.gz">Patch (gzipped) against Samba 4.15.1</a><br>
15 <a href="https://download.samba.org/pub/samba/patches/samba-4.15.1-4.15.2.diffs.asc">Signature</a>
19 ==============================
20 Release Notes for Samba 4.15.2
22 ==============================
25 This is a security release in order to address the following defects:
27 o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
29 https://www.samba.org/samba/security/CVE-2016-2124.html
31 o CVE-2020-25717: A user on the domain can become root on domain members.
32 https://www.samba.org/samba/security/CVE-2020-25717.html
33 (PLEASE READ! There are important behaviour changes described)
35 o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
37 https://www.samba.org/samba/security/CVE-2020-25718.html
39 o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
41 https://www.samba.org/samba/security/CVE-2020-25719.html
43 o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
45 https://www.samba.org/samba/security/CVE-2020-25721.html
47 o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
48 checking of data stored.
49 https://www.samba.org/samba/security/CVE-2020-25722.html
51 o CVE-2021-3738: Use after free in Samba AD DC RPC server.
52 https://www.samba.org/samba/security/CVE-2021-3738.html
54 o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
55 https://www.samba.org/samba/security/CVE-2021-23192.html
61 o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
64 o Andrew Bartlett <abartlet@samba.org>
70 o Ralph Boehme <slow@samba.org>
73 o Alexander Bokovoy <ab@samba.org>
76 o Samuel Cabrero <scabrero@samba.org>
79 o Nadezhda Ivanova <nivanova@symas.com>
82 o Stefan Metzmacher <metze@samba.org>
90 o Andreas Schneider <asn@samba.org>
93 o Joseph Sutton <josephsutton@catalyst.net.nz>