Release Planning for Samba 4.14
Samba 4.14 is the Security Fixes Only Mode.
- Wednesday, July 27 2022 - Samba 4.14.14 has been released as a Security Release to address the following defects:
- CVE-CVE-2022-2031 (Samba AD users can bypass certain restrictions associated with changing passwords)
- CVE-CVE-2022-32744 (Samba AD users can forge password change requests for any user)
- CVE-CVE-2022-32745 (Samba AD users can crash the server process with an LDAP add or modify request)
- CVE-CVE-2022-32746 (Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request)
- CVE-CVE-2022-32742 (Server memory information leak via SMB1)
- Monday, April 4 2022 - Samba 4.14.13 has been released. There will be security releases only beyond this point.
- Monday, January 31 2022 - Samba 4.14.12 has been released as a Security Release to address the following defects:
- Wednesday, December 15 2021 - Samba 4.14.11 has been released.
- Tuesday, November 9 2021 - Samba 4.14.10 has been released as a Security Release to address the following defects:
- CVE-2020-25717 (A user in an AD Domain could become root on domain members)
- CVE-2020-25718 (Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC)
- CVE-2020-25719 (Samba AD DC did not always rely on the SID and PAC in Kerberos tickets)
- CVE-2020-25721 (Kerberos acceptors need easy access to stable AD identifiers (eg objectSid))
- CVE-2020-25722 (Samba AD DC did not do sufficient access and conformance checking of data stored)
- CVE-2016-2124 (SMB1 client connections can be downgraded to plaintext authentication)
- CVE-2021-3738 (Use after free in Samba AD DC RPC server)
- CVE-2021-23192 (Subsequent DCE/RPC fragment injection vulnerability)
- Wednesday, October 27 2021 - Samba 4.14.9 has been released.
- Tuesday, October 5 2021 - Samba 4.14.8 has been released.
- Tuesday, August 24 2021 - Samba 4.14.7 has been released.
- Tuesday, July 13 2021 - Samba 4.14.6 has been released
- Tuesday, June 1 2021 - Samba 4.14.5 has been released
- Thursday, April 29 2021 - Samba 4.14.4 has been released as a security release to address the following defect:
- CVE-2021-20254 (Negative idmap cache entries can cause incorrect group entries in the Samba file server process token).
- Tuesday, April 20 2021 - Samba 4.14.3 has been released.
- Wednesday, March 24 2021 - Samba 4.14.2 has been released as a security release
- Wednesday, March 24 2021 - Samba 4.14.1 has been released as a security release
- Tuesday, March 09 2021 - Samba 4.14.0 has been released
- Monday, March 1 2021 - Samba 4.14.0rc4 has been released.
- Thursday, February 18 2021 - Samba 4.14.0rc3 has been released.
- Thursday, February 04 2021 - Samba 4.14.0rc2 has been released
- Thursday, January 21 2021 - Samba 4.14.0rc1 has been released.