From: Jule Anger
+Samba 4.16.11 (gzipped)
+Patch (gzipped) against Samba 4.16.10
+Samba 4.16.11 Available for Download
+
+Signature
+
+Signature
+
+ ===============================
+ Release Notes for Samba 4.16.11
+ July 19, 2023
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously
+ crafted request can trigger an out-of-bounds read in winbind
+ and possibly crash it.
+ https://www.samba.org/samba/security/CVE-2022-2127.html
+
+o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
+ Spotlight can be triggered by an unauthenticated attacker by
+ issuing a malformed RPC request.
+ https://www.samba.org/samba/security/CVE-2023-34966.html
+
+o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
+ Spotlight can be used by an unauthenticated attacker to
+ trigger a process crash in a shared RPC mdssvc worker process.
+ https://www.samba.org/samba/security/CVE-2023-34967.html
+
+o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
+ side absolute path of shares and files and directories in
+ search results.
+ https://www.samba.org/samba/security/CVE-2023-34968.html
+
+
+Changes since 4.16.10
+---------------------
+
+o Ralph Boehme <slow@samba.org>
+ * BUG 15072: CVE-2022-2127.
+ * BUG 15340: CVE-2023-34966.
+ * BUG 15341: CVE-2023-34967.
+ * BUG 15388: CVE-2023-34968.
+
+o Samuel Cabrero <scabrero@samba.org>
+ * BUG 15072: CVE-2022-2127.
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 15072: CVE-2022-2127.
+
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
+
+
+
+
+Samba 4.17.10 (gzipped)
+Signature
+
+Patch (gzipped) against Samba 4.17.9
+Signature
+
+
+ =============================== + Release Notes for Samba 4.17.10 + July 19, 2023 + =============================== + + +This is a security release in order to address the following defects: + +o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously + crafted request can trigger an out-of-bounds read in winbind + and possibly crash it. + https://www.samba.org/samba/security/CVE-2022-2127.html + +o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured + "server signing = required" or for SMB2 connections to Domain + Controllers where SMB2 packet signing is mandatory. + https://www.samba.org/samba/security/CVE-2023-3347.html + +o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for + Spotlight can be triggered by an unauthenticated attacker by + issuing a malformed RPC request. + https://www.samba.org/samba/security/CVE-2023-34966.html + +o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for + Spotlight can be used by an unauthenticated attacker to + trigger a process crash in a shared RPC mdssvc worker process. + https://www.samba.org/samba/security/CVE-2023-34967.html + +o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server- + side absolute path of shares and files and directories in + search results. + https://www.samba.org/samba/security/CVE-2023-34968.html + + +Changes since 4.17.9 +-------------------- + +o Ralph Boehme <slow@samba.org> + * BUG 15072: CVE-2022-2127. + * BUG 15340: CVE-2023-34966. + * BUG 15341: CVE-2023-34967. + * BUG 15388: CVE-2023-34968. + * BUG 15397: CVE-2023-3347. + +o Volker Lendecke <vl@samba.org> + * BUG 15072: CVE-2022-2127. + +o Stefan Metzmacher <metze@samba.org> + * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023. + + ++ + + diff --git a/history/samba-4.18.5.html b/history/samba-4.18.5.html new file mode 100644 index 0000000..42756fc --- /dev/null +++ b/history/samba-4.18.5.html @@ -0,0 +1,73 @@ + + + +
+Samba 4.18.5 (gzipped)
+Signature
+
+Patch (gzipped) against Samba 4.18.4
+Signature
+
+
+ ============================== + Release Notes for Samba 4.18.5 + July 19, 2023 + ============================== + + +This is a security release in order to address the following defects: + +o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously + crafted request can trigger an out-of-bounds read in winbind + and possibly crash it. + https://www.samba.org/samba/security/CVE-2022-2127.html + +o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured + "server signing = required" or for SMB2 connections to Domain + Controllers where SMB2 packet signing is mandatory. + https://www.samba.org/samba/security/CVE-2023-3347.html + +o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for + Spotlight can be triggered by an unauthenticated attacker by + issuing a malformed RPC request. + https://www.samba.org/samba/security/CVE-2023-34966.html + +o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for + Spotlight can be used by an unauthenticated attacker to + trigger a process crash in a shared RPC mdssvc worker process. + https://www.samba.org/samba/security/CVE-2023-34967.html + +o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server- + side absolute path of shares and files and directories in + search results. + https://www.samba.org/samba/security/CVE-2023-34968.html + + +Changes since 4.18.4 +-------------------- + +o Ralph Boehme <slow@samba.org> + * BUG 15072: CVE-2022-2127. + * BUG 15340: CVE-2023-34966. + * BUG 15341: CVE-2023-34967. + * BUG 15388: CVE-2023-34968. + * BUG 15397: CVE-2023-3347. + +o Volker Lendecke <vl@samba.org> + * BUG 15072: CVE-2022-2127. + +o Stefan Metzmacher <metze@samba.org> + * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023. + + ++ + +