27 November 2018

Samba 4.9.3, 4.8.7 and 4.7.12 Security Releases Available

These are security releases in order to address
CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server),
CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT),
CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server),
CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers),
CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) and
CVE-2018-16857 (Bad password count in AD DC not always effective).

The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA).
The 4.9.3 source code can be downloaded now. A patch against Samba 4.9.2 is also available. See the release notes for more info.
The 4.8.7 source code can be downloaded now. A patch against Samba 4.8.6 is also available. See the release notes for more info.
The 4.7.12 source code can be downloaded now. A patch against Samba 4.7.11 is also available. See the release notes for more info.