Release Planning for Samba 4.15: Difference between revisions

From SambaWiki
(Change mode to end of life)
 
(21 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Samba 4.15 is the [[Samba_Release_Planning#Current_Stable_Release|'''current stable release series''']].
Samba 4.15 has been marked [[Samba_Release_Planning#Discontinued_.28End_of_Life.29|'''discontinued''']].


==[[Blocker bugs|Release blocking bugs]]==
==[[Blocker bugs|Release blocking bugs]]==
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&query_format=advanced&target_milestone=4.15 All 4.15 regression bugs]
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&query_format=advanced&target_milestone=4.15 All 4.15 regression bugs]
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=VERIFIED&query_format=advanced&target_milestone=4.15 Unresolved 4.15 regression bugs]
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=VERIFIED&query_format=advanced&target_milestone=4.15 Unresolved 4.15 regression bugs]

== Samba 4.15.13 ==

<small>('''Updated 15-December-2022''')</small>

* Thursday, December 15 2022 - [https://download.samba.org/pub/samba/stable/samba-4.15.13.tar.gz Samba 4.15.13] has been released as a '''Security Release''' to address the following defects:
** [https://www.samba.org/samba/security/CVE-2022-37966.html CVE-2022-37966] (This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022)
** [https://www.samba.org/samba/security/CVE-2022-37967.html CVE-2022-37967] (This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022)
** [https://www.samba.org/samba/security/CVE-2022-38023.html CVE-2022-38023] (The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak)
** [https://www.samba.org/samba/security/CVE-2022-45141.html CVE-2022-45141] (Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak)
[https://www.samba.org/samba/history/samba-4.15.13.html Release Notes Samba 4.15.13]

== Samba 4.15.12 ==

<small>('''Updated 15-November-2022''')</small>

* Tuesday, November 15 2022 - [https://download.samba.org/pub/samba/stable/samba-4.15.12.tar.gz Samba 4.15.12] has been released as a '''Security Release''' to address the following defects:
** [https://www.samba.org/samba/security/CVE-2022-42898.html CVE-2022-42898] (Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap)
[https://www.samba.org/samba/history/samba-4.15.12.html Release Notes Samba 4.15.12]

== Samba 4.15.11 ==

<small>('''Updated 25-October-2022''')</small>

* Tuesday, October 25 2022 - [https://download.samba.org/pub/samba/stable/samba-4.15.11.tar.gz Samba 4.15.11] has been released as a '''Security Release''' to address the following defect:
** [https://www.samba.org/samba/security/CVE-2022-3437.html CVE-2022-3437] (There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba))
[https://www.samba.org/samba/history/samba-4.15.11.html Release Notes Samba 4.15.11]

== Samba 4.15.10 ==

<small>('''Updated 28-September-2022''')</small>

* Wednesday, September 28 2022 - '''Samba 4.15.10''' has been released. There will be security releases only beyond this point.
[https://www.samba.org/samba/history/samba-4.15.10.html Release Notes Samba 4.15.10]

== Samba 4.15.9 ==

<small>('''Updated 27-July-2022''')</small>

* Wednesday, July 27 2022 - [https://download.samba.org/pub/samba/stable/samba-4.15.9.tar.gz Samba 4.15.9] has been released as a '''Security Release''' to address the following defects:
** [https://www.samba.org/samba/security/CVE-2022-2031.html CVE-2022-2031] (Samba AD users can bypass certain restrictions associated with changing passwords)
** [https://www.samba.org/samba/security/CVE-2022-32744.html CVE-2022-32744] (Samba AD users can forge password change requests for any user)
** [https://www.samba.org/samba/security/CVE-2022-32745.html CVE-2022-32745] (Samba AD users can crash the server process with an LDAP add or modify request)
** [https://www.samba.org/samba/security/CVE-2022-32746.html CVE-2022-32746] (Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request)
** [https://www.samba.org/samba/security/CVE-2022-32742.html CVE-2022-32742] (Server memory information leak via SMB1)
[https://www.samba.org/samba/history/samba-4.15.9.html Release Notes Samba 4.15.9]

== Samba 4.15.8 ==

<small>('''Updated 28-June-2022''')</small>

* Tuesday, June 28 2022 - '''Samba 4.15.8''' has been released.
[https://www.samba.org/samba/history/samba-4.15.8.html Release Notes Samba 4.15.8]

== Samba 4.15.7 ==

<small>('''Updated 26-April-2022''')</small>

* Tuesday, April 26 2022 - '''Samba 4.15.7''' has been released.
[https://www.samba.org/samba/history/samba-4.15.7.html Release Notes Samba 4.15.7]

== Samba 4.15.6 ==

<small>('''Updated 15-March-2022''')</small>

* Tuesday, March 15 2022 - '''Samba 4.15.6''' has been released.
[https://www.samba.org/samba/history/samba-4.15.6.html Release Notes Samba 4.15.6]

== Samba 4.15.5 ==

<small>('''Updated 31-January-2022''')</small>

* Monday, January 31 2022 - [https://download.samba.org/pub/samba/stable/samba-4.15.5.tar.gz Samba 4.15.5] has been released as a '''Security Release''' to address the following defects:
** [https://www.samba.org/samba/security/CVE-2021-44141.html CVE-2021-44141] (UNIX extensions in SMB1 disclose whether the outside target of a symlink exists.)
** [https://www.samba.org/samba/security/CVE-2021-44142.html CVE-2021-44142] (Out-of-Bound Read/Write on Samba vfs_fruit module.)
** [https://www.samba.org/samba/security/CVE-2022-0336.html CVE-2022-0336] (Re-adding an SPN skips subsequent SPN conflict checks.)
[https://www.samba.org/samba/history/samba-4.15.5.html Release Notes Samba 4.15.5]

== Samba 4.15.4 ==

<small>('''Updated 19-January-2022''')</small>

* Wednesday, January 19 2022 - '''Samba 4.15.4''' has been released.
[https://www.samba.org/samba/history/samba-4.15.4.html Release Notes Samba 4.15.4]

== Samba 4.15.3 ==

<small>('''Updated 08-December-2021''')</small>

* Wednesday, December 08 2021 - '''Samba 4.15.3''' has been released.
[https://www.samba.org/samba/history/samba-4.15.3.html Release Notes Samba 4.15.3]

== Samba 4.15.2 ==

<small>('''Updated 09-November-2021''')</small>

* Tuesday, November 9 2021 - [https://download.samba.org/pub/samba/stable/samba-4.15.2.tar.gz Samba 4.15.2] has been released as a '''Security Release''' to address the following defects:
** [https://www.samba.org/samba/security/CVE-2020-25717.html CVE-2020-25717] (A user in an AD Domain could become root on domain members)
** [https://www.samba.org/samba/security/CVE-2020-25718.html CVE-2020-25718] (Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC)
** [https://www.samba.org/samba/security/CVE-2020-25719.html CVE-2020-25719] (Samba AD DC did not always rely on the SID and PAC in Kerberos tickets)
** [https://www.samba.org/samba/security/CVE-2020-25721.html CVE-2020-25721] (Kerberos acceptors need easy access to stable AD identifiers (eg objectSid))
** [https://www.samba.org/samba/security/CVE-2020-25722.html CVE-2020-25722] (Samba AD DC did not do sufficient access and conformance checking of data stored)
** [https://www.samba.org/samba/security/CVE-2016-2124.html CVE-2016-2124] (SMB1 client connections can be downgraded to plaintext authentication)
** [https://www.samba.org/samba/security/CVE-2021-3738.html CVE-2021-3738] (Use after free in Samba AD DC RPC server)
** [https://www.samba.org/samba/security/CVE-2021-23192.html CVE-2021-23192] (Subsequent DCE/RPC fragment injection vulnerability)
[https://www.samba.org/samba/history/samba-4.15.2.html Release Notes Samba 4.15.2]


== Samba 4.15.1 ==
== Samba 4.15.1 ==


<small>('''Updated 11-October-2021''')</small>
<small>('''Updated 27-September-2021''')</small>


* Wednesday, October 27 2021 - Planned release date for '''Samba 4.15.1'''.
* Wednesday, October 27 2021 - '''Samba 4.15.1''' has been released.
[https://www.samba.org/samba/history/samba-4.15.1.html Release Notes Samba 4.15.1]


== Samba 4.15.0 ==
== Samba 4.15.0 ==

Latest revision as of 12:43, 8 March 2023

Samba 4.15 has been marked discontinued.

Release blocking bugs

Samba 4.15.13

(Updated 15-December-2022)

  • Thursday, December 15 2022 - Samba 4.15.13 has been released as a Security Release to address the following defects:
    • CVE-2022-37966 (This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022)
    • CVE-2022-37967 (This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022)
    • CVE-2022-38023 (The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak)
    • CVE-2022-45141 (Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak)
 Release Notes Samba 4.15.13

Samba 4.15.12

(Updated 15-November-2022)

  • Tuesday, November 15 2022 - Samba 4.15.12 has been released as a Security Release to address the following defects:
    • CVE-2022-42898 (Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap)
 Release Notes Samba 4.15.12

Samba 4.15.11

(Updated 25-October-2022)

  • Tuesday, October 25 2022 - Samba 4.15.11 has been released as a Security Release to address the following defect:
    • CVE-2022-3437 (There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba))
 Release Notes Samba 4.15.11

Samba 4.15.10

(Updated 28-September-2022)

  • Wednesday, September 28 2022 - Samba 4.15.10 has been released. There will be security releases only beyond this point.
 Release Notes Samba 4.15.10

Samba 4.15.9

(Updated 27-July-2022)

  • Wednesday, July 27 2022 - Samba 4.15.9 has been released as a Security Release to address the following defects:
    • CVE-2022-2031 (Samba AD users can bypass certain restrictions associated with changing passwords)
    • CVE-2022-32744 (Samba AD users can forge password change requests for any user)
    • CVE-2022-32745 (Samba AD users can crash the server process with an LDAP add or modify request)
    • CVE-2022-32746 (Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request)
    • CVE-2022-32742 (Server memory information leak via SMB1)
 Release Notes Samba 4.15.9

Samba 4.15.8

(Updated 28-June-2022)

  • Tuesday, June 28 2022 - Samba 4.15.8 has been released.
 Release Notes Samba 4.15.8

Samba 4.15.7

(Updated 26-April-2022)

  • Tuesday, April 26 2022 - Samba 4.15.7 has been released.
 Release Notes Samba 4.15.7

Samba 4.15.6

(Updated 15-March-2022)

  • Tuesday, March 15 2022 - Samba 4.15.6 has been released.
 Release Notes Samba 4.15.6

Samba 4.15.5

(Updated 31-January-2022)

  • Monday, January 31 2022 - Samba 4.15.5 has been released as a Security Release to address the following defects:
    • CVE-2021-44141 (UNIX extensions in SMB1 disclose whether the outside target of a symlink exists.)
    • CVE-2021-44142 (Out-of-Bound Read/Write on Samba vfs_fruit module.)
    • CVE-2022-0336 (Re-adding an SPN skips subsequent SPN conflict checks.)
 Release Notes Samba 4.15.5

Samba 4.15.4

(Updated 19-January-2022)

  • Wednesday, January 19 2022 - Samba 4.15.4 has been released.
 Release Notes Samba 4.15.4

Samba 4.15.3

(Updated 08-December-2021)

  • Wednesday, December 08 2021 - Samba 4.15.3 has been released.
 Release Notes Samba 4.15.3

Samba 4.15.2

(Updated 09-November-2021)

  • Tuesday, November 9 2021 - Samba 4.15.2 has been released as a Security Release to address the following defects:
    • CVE-2020-25717 (A user in an AD Domain could become root on domain members)
    • CVE-2020-25718 (Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC)
    • CVE-2020-25719 (Samba AD DC did not always rely on the SID and PAC in Kerberos tickets)
    • CVE-2020-25721 (Kerberos acceptors need easy access to stable AD identifiers (eg objectSid))
    • CVE-2020-25722 (Samba AD DC did not do sufficient access and conformance checking of data stored)
    • CVE-2016-2124 (SMB1 client connections can be downgraded to plaintext authentication)
    • CVE-2021-3738 (Use after free in Samba AD DC RPC server)
    • CVE-2021-23192 (Subsequent DCE/RPC fragment injection vulnerability)
 Release Notes Samba 4.15.2

Samba 4.15.1

(Updated 27-September-2021)

  • Wednesday, October 27 2021 - Samba 4.15.1 has been released.
 Release Notes Samba 4.15.1

Samba 4.15.0

(Updated 20-September-2021)

  • Monday, September 20 2021 - Samba 4.15.0 has been released.
 Release Notes Samba 4.15.0

Samba 4.15.0rc7

(Updated 13-September-2021)

  • Monday, September 13 2021 - Samba 4.15.0rc7 has been released.
 Release Notes Samba 4.15.0rc7

Samba 4.15.0rc6

(Updated 09-September-2021)

  • Thursday, September 09 2021 - Samba 4.15.0rc6 has been released.
 Release Notes Samba 4.15.0rc6

Samba 4.15.0rc5

(Updated 07-September-2021)

  • Tuesday, September 07 2021 - Samba 4.15.0rc5 has been released.
 Release Notes Samba 4.15.0rc5

Samba 4.15.0rc4

(Updated 01-September-2021)

  • Wednesday, September 01 2021 - Samba 4.15.0rc4 has been released.
 Release Notes Samba 4.15.0rc4

Samba 4.15.0rc3

(Updated 26-August-2021)

  • Thursday, August 26 2021 - Samba 4.15.0rc3 has been released.
 Release Notes Samba 4.15.0rc3

Samba 4.15.0rc2

(Updated 09-August-2021)

  • Monday, August 09 2021 - Samba 4.15.0rc2 has been released.
 Release Notes Samba 4.15.0rc2

Samba 4.15.0rc1

(Updated 15-July-2021)

  • Thursday, July 15 2021 - Samba 4.15.0rc1 has been released.
 Release Notes Samba 4.15.0rc1