history/samba-4.15.2.html

   1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   2  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   3 <html xmlns="http://www.w3.org/1999/xhtml">
   4 <head>
   5 <title>Samba 4.15.2 - Release Notes</title>
   6 </head>
   7 <body>
   8 <H2>Samba 4.15.2 Available for Download</H2>
   9 <p>
  10 <a href="https://download.samba.org/pub/samba/stable/samba-4.15.2.tar.gz">Samba 4.15.2 (gzipped)</a><br>
  11 <a href="https://download.samba.org/pub/samba/stable/samba-4.15.2.tar.asc">Signature</a>
  12 </p>
  13 <p>
  14 <a href="https://download.samba.org/pub/samba/patches/samba-4.15.1-4.15.2.diffs.gz">Patch (gzipped) against Samba 4.15.1</a><br>
  15 <a href="https://download.samba.org/pub/samba/patches/samba-4.15.1-4.15.2.diffs.asc">Signature</a>
  16 </p>
  17 <p>
  18 <pre>
  19                    ==============================
  20                    Release Notes for Samba 4.15.2
  21                            November 9, 2021
  22                    ==============================
  23
  24
  25 This is a security release in order to address the following defects:
  26
  27 o CVE-2016-2124:  SMB1 client connections can be downgraded to plaintext
  28                   authentication.
  29                   https://www.samba.org/samba/security/CVE-2016-2124.html
  30
  31 o CVE-2020-25717: A user on the domain can become root on domain members.
  32                   https://www.samba.org/samba/security/CVE-2020-25717.html
  33                   (PLEASE READ! There are important behaviour changes described)
  34
  35 o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
  36                   by an RODC.
  37                   https://www.samba.org/samba/security/CVE-2020-25718.html
  38
  39 o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
  40                   tickets.
  41                   https://www.samba.org/samba/security/CVE-2020-25719.html
  42
  43 o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
  44                   (eg objectSid).
  45                   https://www.samba.org/samba/security/CVE-2020-25721.html
  46
  47 o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
  48                   checking of data stored.
  49                   https://www.samba.org/samba/security/CVE-2020-25722.html
  50
  51 o CVE-2021-3738:  Use after free in Samba AD DC RPC server.
  52                   https://www.samba.org/samba/security/CVE-2021-3738.html
  53
  54 o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
  55                   https://www.samba.org/samba/security/CVE-2021-23192.html
  56
  57
  58 Changes since 4.15.1
  59 --------------------
  60
  61 o  Douglas Bagnall &lt;douglas.bagnall@catalyst.net.nz&gt;
  62    * CVE-2020-25722
  63
  64 o  Andrew Bartlett &lt;abartlet@samba.org&gt;
  65    * CVE-2020-25718
  66    * CVE-2020-25719
  67    * CVE-2020-25721
  68    * CVE-2020-25722
  69
  70 o  Ralph Boehme &lt;slow@samba.org&gt;
  71    * CVE-2020-25717
  72
  73 o  Alexander Bokovoy &lt;ab@samba.org&gt;
  74    * CVE-2020-25717
  75
  76 o  Samuel Cabrero &lt;scabrero@samba.org&gt;
  77    * CVE-2020-25717
  78
  79 o  Nadezhda Ivanova &lt;nivanova@symas.com&gt;
  80    * CVE-2020-25722
  81
  82 o  Stefan Metzmacher &lt;metze@samba.org&gt;
  83    * CVE-2016-2124
  84    * CVE-2020-25717
  85    * CVE-2020-25719
  86    * CVE-2020-25722
  87    * CVE-2021-23192
  88    * CVE-2021-3738
  89
  90 o  Andreas Schneider &lt;asn@samba.org&gt;
  91    * CVE-2020-25719
  92
  93 o  Joseph Sutton &lt;josephsutton@catalyst.net.nz&gt;
  94    * CVE-2020-17049
  95    * CVE-2020-25718
  96    * CVE-2020-25719
  97    * CVE-2020-25721
  98    * CVE-2020-25722
  99    * MS CVE-2020-17049
 100
 101
 102 </pre>
 103 </p>
 104 </body>
 105 </html>