1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.8.12 - Release Notes</title>
8 <H2>Samba 4.8.12 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.8.12.tar.gz">Samba 4.8.12 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.8.12.tar.asc">Signature</a>
14 <a href="https://download.samba.org/pub/samba/patches/samba-4.8.11-4.8.12.diffs.gz">Patch (gzipped) against Samba 4.8.11</a><br>
15 <a href="https://download.samba.org/pub/samba/patches/samba-4.8.11-4.8.12.diffs.asc">Signature</a>
19 ==============================
20 Release Notes for Samba 4.8.12
22 ==============================
25 This is a security release in order to address the following defect:
27 o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum)
35 The checksum validation in the S4U2Self handler in the embedded Heimdal KDC
36 did not first confirm that the checksum was keyed, allowing replacement of
37 the requested target (client) principal.
39 For more details and workarounds, please refer to the security advisory.
45 o Isaac Boukris <iboukris@gmail.com>
46 * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed