history/samba-4.17.2.html

   1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   2  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   3 <html xmlns="http://www.w3.org/1999/xhtml">
   4 <head>
   5 <title>Samba 4.17.2 - Release Notes</title>
   6 </head>
   7 <body>
   8 <H2>Samba 4.17.2 Available for Download</H2>
   9 <p>
  10 <a href="https://download.samba.org/pub/samba/stable/samba-4.17.2.tar.gz">Samba 4.17.2 (gzipped)</a><br>
  11 <a href="https://download.samba.org/pub/samba/stable/samba-4.17.2.tar.asc">Signature</a>
  12 </p>
  13 <p>
  14 <a href="https://download.samba.org/pub/samba/patches/samba-4.17.1-4.17.2.diffs.gz">Patch (gzipped) against Samba 4.17.1</a><br>
  15 <a href="https://download.samba.org/pub/samba/patches/samba-4.17.1-4.17.2.diffs.asc">Signature</a>
  16 </p>
  17 <p>
  18 <pre>
  19                    ==============================
  20                    Release Notes for Samba 4.17.2
  21                           October 25, 2022
  22                    ==============================
  23
  24
  25 This is a security release in order to address the following defects:
  26
  27 o CVE-2022-3437:  There is a limited write heap buffer overflow in the GSSAPI
  28                   unwrap_des() and unwrap_des3() routines of Heimdal (included
  29                   in Samba).
  30                   https://www.samba.org/samba/security/CVE-2022-3437.html
  31
  32 o CVE-2022-3592:  A malicious client can use a symlink to escape the exported
  33                   directory.
  34                   https://www.samba.org/samba/security/CVE-2022-3592.html
  35
  36 Changes since 4.17.1
  37 --------------------
  38
  39 o  Volker Lendecke &lt;vl@samba.org&gt;
  40    * BUG 15207: CVE-2022-3592.
  41
  42 o  Joseph Sutton &lt;josephsutton@catalyst.net.nz&gt;
  43    * BUG 15134: CVE-2022-3437.
  44
  45
  46 </pre>
  47 </p>
  48 </body>
  49 </html>