Difference between revisions of "Release Planning for Samba 4.15"

From SambaWiki
(Change mode to security fixes only mode)
(Release Samba v4.15.12)
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
Samba 4.15 is the [[Samba_Release_Planning#Security_Fixes_Only_Mode|'''Security Fixes Only Mode''']].
+
Samba 4.15 is in the [[Samba_Release_Planning#Security_Fixes_Only_Mode|'''Security Fixes Only Mode''']].
   
 
==[[Blocker bugs|Release blocking bugs]]==
 
==[[Blocker bugs|Release blocking bugs]]==
 
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&query_format=advanced&target_milestone=4.15 All 4.15 regression bugs]
 
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&query_format=advanced&target_milestone=4.15 All 4.15 regression bugs]
 
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=VERIFIED&query_format=advanced&target_milestone=4.15 Unresolved 4.15 regression bugs]
 
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=VERIFIED&query_format=advanced&target_milestone=4.15 Unresolved 4.15 regression bugs]
  +
  +
== Samba 4.15.12 ==
  +
  +
<small>('''Updated 15-November-2022''')</small>
  +
  +
* Tuesday, November 15 2022 - [https://download.samba.org/pub/samba/stable/samba-4.15.12.tar.gz Samba 4.15.12] has been released as a '''Security Release''' to address the following defects:
  +
** [https://www.samba.org/samba/security/CVE-2022-42898.html CVE-2022-42898] (Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap)
  +
[https://www.samba.org/samba/history/samba-4.15.12.html Release Notes Samba 4.15.12]
  +
  +
== Samba 4.15.11 ==
  +
  +
<small>('''Updated 25-October-2022''')</small>
  +
  +
* Tuesday, October 25 2022 - [https://download.samba.org/pub/samba/stable/samba-4.15.11.tar.gz Samba 4.15.11] has been released as a '''Security Release''' to address the following defect:
  +
** [https://www.samba.org/samba/security/CVE-2022-3437.html CVE-2022-3437] (There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba))
  +
[https://www.samba.org/samba/history/samba-4.15.11.html Release Notes Samba 4.15.11]
   
 
== Samba 4.15.10 ==
 
== Samba 4.15.10 ==
   
<small>('''Updated 13-September-2022''')</small>
+
<small>('''Updated 28-September-2022''')</small>
   
* Wednesday, September 28 2022 - Planned release date for '''Samba 4.15.10'''. There will be security releases only beyond this point.
+
* Wednesday, September 28 2022 - '''Samba 4.15.10''' has been released. There will be security releases only beyond this point.
  +
[https://www.samba.org/samba/history/samba-4.15.10.html Release Notes Samba 4.15.10]
   
 
== Samba 4.15.9 ==
 
== Samba 4.15.9 ==

Latest revision as of 15:52, 15 November 2022

Samba 4.15 is in the Security Fixes Only Mode.

Release blocking bugs

Samba 4.15.12

(Updated 15-November-2022)

  • Tuesday, November 15 2022 - Samba 4.15.12 has been released as a Security Release to address the following defects:
    • CVE-2022-42898 (Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap)
 Release Notes Samba 4.15.12

Samba 4.15.11

(Updated 25-October-2022)

  • Tuesday, October 25 2022 - Samba 4.15.11 has been released as a Security Release to address the following defect:
    • CVE-2022-3437 (There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba))
 Release Notes Samba 4.15.11

Samba 4.15.10

(Updated 28-September-2022)

  • Wednesday, September 28 2022 - Samba 4.15.10 has been released. There will be security releases only beyond this point.
 Release Notes Samba 4.15.10

Samba 4.15.9

(Updated 27-July-2022)

  • Wednesday, July 27 2022 - Samba 4.15.9 has been released as a Security Release to address the following defects:
    • CVE-2022-2031 (Samba AD users can bypass certain restrictions associated with changing passwords)
    • CVE-2022-32744 (Samba AD users can forge password change requests for any user)
    • CVE-2022-32745 (Samba AD users can crash the server process with an LDAP add or modify request)
    • CVE-2022-32746 (Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request)
    • CVE-2022-32742 (Server memory information leak via SMB1)
 Release Notes Samba 4.15.9

Samba 4.15.8

(Updated 28-June-2022)

  • Tuesday, June 28 2022 - Samba 4.15.8 has been released.
 Release Notes Samba 4.15.8

Samba 4.15.7

(Updated 26-April-2022)

  • Tuesday, April 26 2022 - Samba 4.15.7 has been released.
 Release Notes Samba 4.15.7

Samba 4.15.6

(Updated 15-March-2022)

  • Tuesday, March 15 2022 - Samba 4.15.6 has been released.
 Release Notes Samba 4.15.6

Samba 4.15.5

(Updated 31-January-2022)

  • Monday, January 31 2022 - Samba 4.15.5 has been released as a Security Release to address the following defects:
    • CVE-2021-44141 (UNIX extensions in SMB1 disclose whether the outside target of a symlink exists.)
    • CVE-2021-44142 (Out-of-Bound Read/Write on Samba vfs_fruit module.)
    • CVE-2022-0336 (Re-adding an SPN skips subsequent SPN conflict checks.)
 Release Notes Samba 4.15.5

Samba 4.15.4

(Updated 19-January-2022)

  • Wednesday, January 19 2022 - Samba 4.15.4 has been released.
 Release Notes Samba 4.15.4

Samba 4.15.3

(Updated 08-December-2021)

  • Wednesday, December 08 2021 - Samba 4.15.3 has been released.
 Release Notes Samba 4.15.3

Samba 4.15.2

(Updated 09-November-2021)

  • Tuesday, November 9 2021 - Samba 4.15.2 has been released as a Security Release to address the following defects:
    • CVE-2020-25717 (A user in an AD Domain could become root on domain members)
    • CVE-2020-25718 (Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC)
    • CVE-2020-25719 (Samba AD DC did not always rely on the SID and PAC in Kerberos tickets)
    • CVE-2020-25721 (Kerberos acceptors need easy access to stable AD identifiers (eg objectSid))
    • CVE-2020-25722 (Samba AD DC did not do sufficient access and conformance checking of data stored)
    • CVE-2016-2124 (SMB1 client connections can be downgraded to plaintext authentication)
    • CVE-2021-3738 (Use after free in Samba AD DC RPC server)
    • CVE-2021-23192 (Subsequent DCE/RPC fragment injection vulnerability)
 Release Notes Samba 4.15.2

Samba 4.15.1

(Updated 27-September-2021)

  • Wednesday, October 27 2021 - Samba 4.15.1 has been released.
 Release Notes Samba 4.15.1

Samba 4.15.0

(Updated 20-September-2021)

  • Monday, September 20 2021 - Samba 4.15.0 has been released.
 Release Notes Samba 4.15.0

Samba 4.15.0rc7

(Updated 13-September-2021)

  • Monday, September 13 2021 - Samba 4.15.0rc7 has been released.
 Release Notes Samba 4.15.0rc7

Samba 4.15.0rc6

(Updated 09-September-2021)

  • Thursday, September 09 2021 - Samba 4.15.0rc6 has been released.
 Release Notes Samba 4.15.0rc6

Samba 4.15.0rc5

(Updated 07-September-2021)

  • Tuesday, September 07 2021 - Samba 4.15.0rc5 has been released.
 Release Notes Samba 4.15.0rc5

Samba 4.15.0rc4

(Updated 01-September-2021)

  • Wednesday, September 01 2021 - Samba 4.15.0rc4 has been released.
 Release Notes Samba 4.15.0rc4

Samba 4.15.0rc3

(Updated 26-August-2021)

  • Thursday, August 26 2021 - Samba 4.15.0rc3 has been released.
 Release Notes Samba 4.15.0rc3

Samba 4.15.0rc2

(Updated 09-August-2021)

  • Monday, August 09 2021 - Samba 4.15.0rc2 has been released.
 Release Notes Samba 4.15.0rc2

Samba 4.15.0rc1

(Updated 15-July-2021)

  • Thursday, July 15 2021 - Samba 4.15.0rc1 has been released.
 Release Notes Samba 4.15.0rc1