Release Planning for Samba 4.15
From SambaWiki
Samba 4.15 is in the Security Fixes Only Mode.
Release blocking bugs
Samba 4.15.13
(Updated 15-December-2022)
- Thursday, December 15 2022 - Samba 4.15.13 has been released as a Security Release to address the following defects:
- CVE-2022-37966 (This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022)
- CVE-2022-37967 (This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022)
- CVE-2022-38023 (The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak)
- CVE-2022-45141 (Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak)
Release Notes Samba 4.15.13
Samba 4.15.12
(Updated 15-November-2022)
- Tuesday, November 15 2022 - Samba 4.15.12 has been released as a Security Release to address the following defects:
- CVE-2022-42898 (Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap)
Release Notes Samba 4.15.12
Samba 4.15.11
(Updated 25-October-2022)
- Tuesday, October 25 2022 - Samba 4.15.11 has been released as a Security Release to address the following defect:
- CVE-2022-3437 (There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba))
Release Notes Samba 4.15.11
Samba 4.15.10
(Updated 28-September-2022)
- Wednesday, September 28 2022 - Samba 4.15.10 has been released. There will be security releases only beyond this point.
Release Notes Samba 4.15.10
Samba 4.15.9
(Updated 27-July-2022)
- Wednesday, July 27 2022 - Samba 4.15.9 has been released as a Security Release to address the following defects:
- CVE-2022-2031 (Samba AD users can bypass certain restrictions associated with changing passwords)
- CVE-2022-32744 (Samba AD users can forge password change requests for any user)
- CVE-2022-32745 (Samba AD users can crash the server process with an LDAP add or modify request)
- CVE-2022-32746 (Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request)
- CVE-2022-32742 (Server memory information leak via SMB1)
Release Notes Samba 4.15.9
Samba 4.15.8
(Updated 28-June-2022)
- Tuesday, June 28 2022 - Samba 4.15.8 has been released.
Release Notes Samba 4.15.8
Samba 4.15.7
(Updated 26-April-2022)
- Tuesday, April 26 2022 - Samba 4.15.7 has been released.
Release Notes Samba 4.15.7
Samba 4.15.6
(Updated 15-March-2022)
- Tuesday, March 15 2022 - Samba 4.15.6 has been released.
Release Notes Samba 4.15.6
Samba 4.15.5
(Updated 31-January-2022)
- Monday, January 31 2022 - Samba 4.15.5 has been released as a Security Release to address the following defects:
- CVE-2021-44141 (UNIX extensions in SMB1 disclose whether the outside target of a symlink exists.)
- CVE-2021-44142 (Out-of-Bound Read/Write on Samba vfs_fruit module.)
- CVE-2022-0336 (Re-adding an SPN skips subsequent SPN conflict checks.)
Release Notes Samba 4.15.5
Samba 4.15.4
(Updated 19-January-2022)
- Wednesday, January 19 2022 - Samba 4.15.4 has been released.
Release Notes Samba 4.15.4
Samba 4.15.3
(Updated 08-December-2021)
- Wednesday, December 08 2021 - Samba 4.15.3 has been released.
Release Notes Samba 4.15.3
Samba 4.15.2
(Updated 09-November-2021)
- Tuesday, November 9 2021 - Samba 4.15.2 has been released as a Security Release to address the following defects:
- CVE-2020-25717 (A user in an AD Domain could become root on domain members)
- CVE-2020-25718 (Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC)
- CVE-2020-25719 (Samba AD DC did not always rely on the SID and PAC in Kerberos tickets)
- CVE-2020-25721 (Kerberos acceptors need easy access to stable AD identifiers (eg objectSid))
- CVE-2020-25722 (Samba AD DC did not do sufficient access and conformance checking of data stored)
- CVE-2016-2124 (SMB1 client connections can be downgraded to plaintext authentication)
- CVE-2021-3738 (Use after free in Samba AD DC RPC server)
- CVE-2021-23192 (Subsequent DCE/RPC fragment injection vulnerability)
Release Notes Samba 4.15.2
Samba 4.15.1
(Updated 27-September-2021)
- Wednesday, October 27 2021 - Samba 4.15.1 has been released.
Release Notes Samba 4.15.1
Samba 4.15.0
(Updated 20-September-2021)
- Monday, September 20 2021 - Samba 4.15.0 has been released.
Release Notes Samba 4.15.0
Samba 4.15.0rc7
(Updated 13-September-2021)
- Monday, September 13 2021 - Samba 4.15.0rc7 has been released.
Release Notes Samba 4.15.0rc7
Samba 4.15.0rc6
(Updated 09-September-2021)
- Thursday, September 09 2021 - Samba 4.15.0rc6 has been released.
Release Notes Samba 4.15.0rc6
Samba 4.15.0rc5
(Updated 07-September-2021)
- Tuesday, September 07 2021 - Samba 4.15.0rc5 has been released.
Release Notes Samba 4.15.0rc5
Samba 4.15.0rc4
(Updated 01-September-2021)
- Wednesday, September 01 2021 - Samba 4.15.0rc4 has been released.
Release Notes Samba 4.15.0rc4
Samba 4.15.0rc3
(Updated 26-August-2021)
- Thursday, August 26 2021 - Samba 4.15.0rc3 has been released.
Release Notes Samba 4.15.0rc3
Samba 4.15.0rc2
(Updated 09-August-2021)
- Monday, August 09 2021 - Samba 4.15.0rc2 has been released.
Release Notes Samba 4.15.0rc2
Samba 4.15.0rc1
(Updated 15-July-2021)
- Thursday, July 15 2021 - Samba 4.15.0rc1 has been released.
Release Notes Samba 4.15.0rc1