1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.9.6 - Release Notes</title>
8 <H2>Samba 4.9.6 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.9.6.tar.gz">Samba 4.9.6 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.9.6.tar.asc">Signature</a>
14 <a href="https://download.samba.org/pub/samba/patches/samba-4.9.5-4.9.6.diffs.gz">Patch (gzipped) against Samba 4.9.5</a><br>
15 <a href="https://download.samba.org/pub/samba/patches/samba-4.9.5-4.9.6.diffs.asc">Signature</a>
19 =============================
20 Release Notes for Samba 4.9.6
22 =============================
25 This is a security release in order to address the following defects:
27 o CVE-2019-3870 (World writable files in Samba AD DC private/ dir)
28 o CVE-2019-3880 (Save registry file outside share as unprivileged user)
36 During the provision of a new Active Directory DC, some files in the private/
37 directory are created world-writable.
40 Authenticated users with write permission can trigger a symlink traversal to
41 write or detect files outside the Samba share.
43 For more details and workarounds, please refer to the security advisories.
49 o Andrew Bartlett <abartlet@samba.org>
50 * BUG 13834: CVE-2019-3870: pysmbd: Ensure a zero umask is set for
53 o Jeremy Allison <jra@samba.org>
54 * BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of