history/samba-4.8.12.html

   1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   2  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   3 <html xmlns="http://www.w3.org/1999/xhtml">
   4 <head>
   5 <title>Samba 4.8.12 - Release Notes</title>
   6 </head>
   7 <body>
   8 <H2>Samba 4.8.12 Available for Download</H2>
   9 <p>
  10 <a href="https://download.samba.org/pub/samba/stable/samba-4.8.12.tar.gz">Samba 4.8.12 (gzipped)</a><br>
  11 <a href="https://download.samba.org/pub/samba/stable/samba-4.8.12.tar.asc">Signature</a>
  12 </p>
  13 <p>
  14 <a href="https://download.samba.org/pub/samba/patches/samba-4.8.11-4.8.12.diffs.gz">Patch (gzipped) against Samba 4.8.11</a><br>
  15 <a href="https://download.samba.org/pub/samba/patches/samba-4.8.11-4.8.12.diffs.asc">Signature</a>
  16 </p>
  17 <p>
  18 <pre>
  19                    ==============================
  20                    Release Notes for Samba 4.8.12
  21                             May 14, 2019
  22                    ==============================
  23
  24
  25 This is a security release in order to address the following defect:
  26
  27 o  CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum)
  28
  29
  30 =======
  31 Details
  32 =======
  33
  34 o  CVE-2018-16860:
  35    The checksum validation in the S4U2Self handler in the embedded Heimdal KDC
  36    did not first confirm that the checksum was keyed, allowing replacement of
  37    the requested target (client) principal.
  38
  39 For more details and workarounds, please refer to the security advisory.
  40
  41
  42 Changes since 4.8.11:
  43 ---------------------
  44
  45 o  Isaac Boukris &lt;iboukris@gmail.com&gt;
  46    * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed
  47      checksum.
  48
  49
  50 </pre>
  51 </p>
  52 </body>
  53 </html>