<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.19.3.html">samba-4.19.3.</a></li>
<li><a href="samba-4.19.2.html">samba-4.19.2</a></li>
<li><a href="samba-4.19.1.html">samba-4.19.1</a></li>
<li><a href="samba-4.19.0.html">samba-4.19.0</a></li>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.19.3 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.19.3 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.19.3.tar.gz">Samba 4.19.3 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.19.3.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.19.2-4.19.3.diffs.gz">Patch (gzipped) against Samba 4.19.2</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.19.2-4.19.3.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.19.3
+ November 27, 2023
+ ==============================
+
+
+This is the latest stable release of the Samba 4.19 release series.
+It contains the security-relevant bugfix CVE-2018-14628:
+
+ Wrong ntSecurityDescriptor values for "CN=Deleted Objects"
+ allow read of object tombstones over LDAP
+ (Administrator action required!)
+ https://www.samba.org/samba/security/CVE-2018-14628.html
+
+
+Description of CVE-2018-14628
+-----------------------------
+
+All versions of Samba from 4.0.0 onwards are vulnerable to an
+information leak (compared with the established behaviour of
+Microsoft's Active Directory) when Samba is an Active Directory Domain
+Controller.
+
+When a domain was provisioned with an unpatched Samba version,
+the ntSecurityDescriptor is simply inherited from Domain/Partition-HEAD-Object
+instead of being very strict (as on a Windows provisioned domain).
+
+This means also non privileged users can use the
+LDAP_SERVER_SHOW_DELETED_OID control in order to view,
+the names and preserved attributes of deleted objects.
+
+No information that was hidden before the deletion is visible, but in
+with the correct ntSecurityDescriptor value in place the whole object
+is also not visible without administrative rights.
+
+There is no further vulnerability associated with this error, merely an
+information disclosure.
+
+Action required in order to resolve CVE-2018-14628!
+---------------------------------------------------
+
+The patched Samba does NOT protect existing domains!
+
+The administrator needs to run the following command
+(on only one domain controller)
+in order to apply the protection to an existing domain:
+
+ samba-tool dbcheck --cross-ncs --attrs=nTSecurityDescriptor --fix
+
+The above requires manual interaction in order to review the
+changes before they are applied. Typicall question look like this:
+
+ Reset nTSecurityDescriptor on CN=Deleted Objects,DC=samba,DC=org back to provision default?
+ Owner mismatch: SY (in ref) DA(in current)
+ Group mismatch: SY (in ref) DA(in current)
+ Part dacl is different between reference and current here is the detail:
+ (A;;LCRPLORC;;;AU) ACE is not present in the reference
+ (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) ACE is not present in the reference
+ (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA) ACE is not present in the reference
+ (A;;CCDCLCSWRPWPSDRCWDWO;;;SY) ACE is not present in the current
+ (A;;LCRP;;;BA) ACE is not present in the current
+ [y/N/all/none] y
+ Fixed attribute 'nTSecurityDescriptor' of 'CN=Deleted Objects,DC=samba,DC=org'
+
+The change should be confirmed with 'y' for all objects starting with
+'CN=Deleted Objects'.
+
+
+Changes since 4.19.2
+--------------------
+
+o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+ * BUG 15520: sid_strings test broken by unix epoch > 1700000000.
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 15487: smbd crashes if asked to return full information on close of a
+ stream handle with delete on close disposition set.
+ * BUG 15521: smbd: fix close order of base_fsp and stream_fsp in
+ smb_fname_fsp_destructor().
+
+o Pavel Filipenský <pfilipensky@samba.org>
+ * BUG 15499: Improve logging for failover scenarios.
+
+o Björn Jacke <bj@sernet.de>
+ * BUG 15093: Files without "read attributes" NFS4 ACL permission are not
+ listed in directories.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 13595: CVE-2018-14628 [SECURITY] Deleted Object tombstones visible in
+ AD LDAP to normal users.
+ * BUG 15492: Kerberos TGS-REQ with User2User does not work for normal
+ accounts.
+
+o Christof Schmitt <cs@samba.org>
+ * BUG 15507: vfs_gpfs stat calls fail due to file system permissions.
+
+o Andreas Schneider <asn@samba.org>
+ * BUG 15513: Samba doesn't build with Python 3.12.
+
+
+</pre>
+</p>
+</body>
+</html>
--- /dev/null
+<!-- BEGIN: posted_news/20231127-121657.4.19.3.body.html -->
+<h5><a name="4.19.3">27 November 2023</a></h5>
+<p class=headline>Samba 4.19.3 Available for Download</p>
+<p>
+This is the latest stable release of the Samba 4.19 release series.
+</p>
+<p>
+The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620).
+The source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.19.3.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.19.2-4.19.3.diffs.gz">patch against Samba 4.19.2</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.19.3.html">the release notes for more info</a>.
+</p>
+<!-- END: posted_news/20231127-121657.4.19.3.body.html -->
--- /dev/null
+<!-- BEGIN: posted_news/20231127-121657.4.19.3.headline.html -->
+<li> 27 November 2023 <a href="#4.19.3">Samba 4.19.3 Available for Download</a></li>
+<!-- END: posted_news/20231127-121657.4.19.3.headline.html -->
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2018-14628.html:</H2>
+
+<p>
+<pre>
+====================================================================
+== Subject: Unprivileged read of deleted object tombstones
+== in AD LDAP server
+==
+== CVE ID#: CVE-2018-14628
+==
+== Versions: All versions of Samba from 4.0.0 onwards.
+==
+== Summary: Wrong ntSecurityDescriptor values for "CN=Deleted Objects"
+== allow read of object tombstones over LDAP
+== (Administrator action required!)
+==
+====================================================================
+
+===========
+Description
+===========
+
+All versions of Samba from 4.0.0 onwards are vulnerable to an
+information leak (compared with the established behaviour of
+Microsoft's Active Directory) when Samba is an Active Directory Domain
+Controller.
+
+When a domain was provisioned with an unpatched Samba version,
+the ntSecurityDescriptor is simply inherited from Domain/Partition-HEAD-Object
+instead of being very strict (as on a Windows provisioned domain).
+
+This means also non privileged users can use the
+LDAP_SERVER_SHOW_DELETED_OID control in order to view,
+the names and preserved attributes of deleted objects.
+
+No information that was hidden before the deletion is visible, but in
+with the correct ntSecurityDescriptor value in place the whole object
+is also not visible without administrative rights.
+
+There is no further vulnerability associated with this error, merely an
+information disclosure.
+
+===================================================
+Action required in order to resolve CVE-2018-14628!
+===================================================
+
+The patched Samba does NOT protect existing domains!
+
+The administrator needs to run the following command
+(on only one domain controller)
+in order to apply the protection to an existing domain:
+
+ samba-tool dbcheck --cross-ncs --attrs=nTSecurityDescriptor --fix
+
+The above requires manual interaction in order to review the
+changes before they are applied. Typicall question look like this:
+
+ Reset nTSecurityDescriptor on CN=Deleted Objects,DC=samba,DC=org back to provision default?
+ Owner mismatch: SY (in ref) DA(in current)
+ Group mismatch: SY (in ref) DA(in current)
+ Part dacl is different between reference and current here is the detail:
+ (A;;LCRPLORC;;;AU) ACE is not present in the reference
+ (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) ACE is not present in the reference
+ (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA) ACE is not present in the reference
+ (A;;CCDCLCSWRPWPSDRCWDWO;;;SY) ACE is not present in the current
+ (A;;LCRP;;;BA) ACE is not present in the current
+ [y/N/all/none] y
+ Fixed attribute 'nTSecurityDescriptor' of 'CN=Deleted Objects,DC=samba,DC=org'
+
+The change should be confirmed with 'y' for all objects starting with
+'CN=Deleted Objects'.
+
+==================
+Patch Availability
+==================
+
+The Samba Team decided not to issue a dedicated security release,
+see https://wiki.samba.org/index.php/Samba_Security_Process.
+
+See https://bugzilla.samba.org/show_bug.cgi?id=13595
+
+==========
+Workaround
+==========
+
+The administrator can manually change the ntSecurityDescriptor
+attribute for the "CN=Deleted Objects" containers to the
+following SDDL:
+
+ O:SYG:SYD:PAI(A;;RPWPCCDCLCRCWOWDSDSW;;;SY)(A;;RPLC;;;BA)
+
+It basically means System has FullAccess, while Builtin\Administrators
+has ReadProperty and ListChildren rights.
+
+There's a separate "CN=Deleted Objects" container in the root
+of each naming context/partition (expect the schema partition).
+The fix should be applied to all (typically 4) partitions,
+while the domain partition is the most important one.
+
+=======
+Credits
+=======
+
+The initial bugs were found by the Andrew Bartlett of Catalyst.
+Andrew Bartlett of Catalyst and the Samba Team did the investigation
+and Stefan Metzmacher of SerNet provided the final fix.
+
+
+</pre>
+</body>
+</html>
\ No newline at end of file