Release Planning for Samba 4.16: Difference between revisions
From SambaWiki
(Created page with "Samba 4.16 is the '''New upcoming release series'''. ==Release blocking bugs== * [https://bugzilla.samba.org/buglist.cgi?...") |
m (Fix typo) |
||
(28 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
Samba 4.16 |
Samba 4.16 has been marked [[Samba_Release_Planning#Discontinued_.28End_of_Life.29|'''discontinued''']]. |
||
==[[Blocker bugs|Release blocking bugs]]== |
==[[Blocker bugs|Release blocking bugs]]== |
||
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&query_format=advanced&target_milestone=4.16 All 4.16 regression bugs] |
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&query_format=advanced&target_milestone=4.16 All 4.16 regression bugs] |
||
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=VERIFIED&query_format=advanced&target_milestone=4.16 Unresolved 4.16 regression bugs] |
* [https://bugzilla.samba.org/buglist.cgi?bug_severity=regression&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=VERIFIED&query_format=advanced&target_milestone=4.16 Unresolved 4.16 regression bugs] |
||
== Samba 4.16.11 == |
|||
<small>('''Updated 19-July-2023''')</small> |
|||
* Wednesday, July 19 2023 - [https://download.samba.org/pub/samba/stable/samba-4.16.11.tar.gz Samba 4.16.11] has been released as a '''Security Release''' to address the following defects: |
|||
** [https://www.samba.org/samba/security/CVE-2023-34967.html CVE-2023-34967] (Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process.) |
|||
** [https://www.samba.org/samba/security/CVE-2022-2127.html CVE-2022-2127] (When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it.) |
|||
** [https://www.samba.org/samba/security/CVE-2023-34968.html CVE-2023-34968] (As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results.) |
|||
** [https://www.samba.org/samba/security/CVE-2023-34966.html CVE-2023-34966] (An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request.) |
|||
[https://www.samba.org/samba/history/samba-4.16.11.html Release Notes Samba 4.16.11] |
|||
== Samba 4.16.10 == |
|||
<small>('''Updated 2023-March-29''')</small> |
|||
* Wednesday, March 29 2023 - [https://download.samba.org/pub/samba/stable/samba-4.16.10.tar.gz Samba 4.16.10] has been released as a '''Security Release''' to address the following defects: |
|||
** [https://www.samba.org/samba/security/CVE-2023-0922.html CVE-2023-0922] (The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.) |
|||
** [https://www.samba.org/samba/security/CVE-2023-0614.html CVE-2023-0614] (The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing.) |
|||
[https://www.samba.org/samba/history/samba-4.16.10.html Release Notes Samba 4.16.10] |
|||
== Samba 4.16.9 == |
|||
<small>('''Updated 16-February-2023''')</small> |
|||
* Thursday, February 16 2023 - '''Samba 4.16.9''' has been released. There will be security releases only beyond this point. |
|||
[https://www.samba.org/samba/history/samba-4.16.9.html Release Notes Samba 4.16.9] |
|||
== Samba 4.16.8 == |
|||
<small>('''Updated 15-December-2022''')</small> |
|||
* Thursday, December 15 2022 - [https://download.samba.org/pub/samba/stable/samba-4.16.8.tar.gz Samba 4.16.8] has been released as a '''Security Release''' to address the following defects: |
|||
** [https://www.samba.org/samba/security/CVE-2022-37966.html CVE-2022-37966] (This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022) |
|||
** [https://www.samba.org/samba/security/CVE-2022-37967.html CVE-2022-37967] (This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022) |
|||
** [https://www.samba.org/samba/security/CVE-2022-38023.html CVE-2022-38023] (The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak) |
|||
[https://www.samba.org/samba/history/samba-4.16.8.html Release Notes Samba 4.16.8] |
|||
== Samba 4.16.7 == |
|||
<small>('''Updated 15-November-2022''')</small> |
|||
* Tuesday, November 15 2022 - [https://download.samba.org/pub/samba/stable/samba-4.16.7.tar.gz Samba 4.16.7] has been released as a '''Security Release''' to address the following defects: |
|||
** [https://www.samba.org/samba/security/CVE-2022-42898.html CVE-2022-42898] (Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap) |
|||
[https://www.samba.org/samba/history/samba-4.16.7.html Release Notes Samba 4.16.7] |
|||
== Samba 4.16.6 == |
|||
<small>('''Updated 25-October-2022''')</small> |
|||
* Tuesday, October 25 2022 - [https://download.samba.org/pub/samba/stable/samba-4.16.6.tar.gz Samba 4.16.6] has been released as a '''Security Release''' to address the following defect: |
|||
** [https://www.samba.org/samba/security/CVE-2022-3437.html CVE-2022-3437] (There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba)) |
|||
[https://www.samba.org/samba/history/samba-4.16.6.html Release Notes Samba 4.16.6] |
|||
== Samba 4.16.5 == |
|||
<small>('''Updated 07-September-2022''')</small> |
|||
* Wednesday, September 07 2022 - '''Samba 4.16.5''' has been released. |
|||
[https://www.samba.org/samba/history/samba-4.16.5.html Release Notes Samba 4.16.5] |
|||
== Samba 4.16.4 == |
|||
<small>('''Updated 27-July-2022''')</small> |
|||
* Wednesday, July 27 2022 - [https://download.samba.org/pub/samba/stable/samba-4.16.4.tar.gz Samba 4.16.4] has been released as a '''Security Release''' to address the following defects: |
|||
** [https://www.samba.org/samba/security/CVE-2022-2031.html CVE-2022-2031] (Samba AD users can bypass certain restrictions associated with changing passwords) |
|||
** [https://www.samba.org/samba/security/CVE-2022-32744.html CVE-2022-32744] (Samba AD users can forge password change requests for any user) |
|||
** [https://www.samba.org/samba/security/CVE-2022-32745.html CVE-2022-32745] (Samba AD users can crash the server process with an LDAP add or modify request) |
|||
** [https://www.samba.org/samba/security/CVE-2022-32746.html CVE-2022-32746] (Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request) |
|||
** [https://www.samba.org/samba/security/CVE-2022-32742.html CVE-2022-32742] (Server memory information leak via SMB1) |
|||
[https://www.samba.org/samba/history/samba-4.16.4.html Release Notes Samba 4.16.4] |
|||
== Samba 4.16.3 == |
|||
<small>('''Updated 18-July-2022''')</small> |
|||
* Monday, July 18 2022 - '''Samba 4.16.3''' has been released. |
|||
[https://www.samba.org/samba/history/samba-4.16.3.html Release Notes Samba 4.16.3] |
|||
== Samba 4.16.2 == |
|||
<small>('''Updated 13-June-2022''')</small> |
|||
* Monday, June 13 2022 - '''Samba 4.16.2''' has been released. |
|||
[https://www.samba.org/samba/history/samba-4.16.2.html Release Notes Samba 4.16.2] |
|||
== Samba 4.16.1 == |
|||
<small>('''Updated 2-May-2022''')</small> |
|||
* Monday, May 2 2022 - '''Samba 4.16.1''' has been released. |
|||
[https://www.samba.org/samba/history/samba-4.16.1.html Release Notes Samba 4.16.1] |
|||
== Samba 4.16.0 == |
|||
<small>('''Updated 21-March-2022''')</small> |
|||
* Monday, March 21 2022 - '''Samba 4.16.0''' has been released. |
|||
[https://www.samba.org/samba/history/samba-4.16.0.html Release Notes Samba 4.16.0] |
|||
== Samba 4.16.0rc5 == |
|||
<small>('''Updated 8-March-2022''')</small> |
|||
* Tuesday, March 8 2022 - '''Samba 4.16.0rc5''' has been released. |
|||
[https://download.samba.org/pub/samba/rc/samba-4.16.0rc5.WHATSNEW.txt Release Notes Samba 4.16.0rc5] |
|||
== Samba 4.16.0rc4 == |
|||
<small>('''Updated 1-March-2022''')</small> |
|||
* Tuesday, March 1 2022 - '''Samba 4.16.0rc4''' has been released. |
|||
[https://download.samba.org/pub/samba/rc/samba-4.16.0rc4.WHATSNEW.txt Release Notes Samba 4.16.0rc4] |
|||
== Samba 4.16.0rc3 == |
|||
<small>('''Updated 15-February-2022''')</small> |
|||
* Tuesday, February 15 2022 - '''Samba 4.16.0rc3''' has been released. |
|||
[https://download.samba.org/pub/samba/rc/samba-4.16.0rc3.WHATSNEW.txt Release Notes Samba 4.16.0rc3] |
|||
== Samba 4.16.0rc2 == |
|||
<small>('''Updated 31-January-2022''')</small> |
|||
* Monday, January 31 2022 - '''Samba 4.16.0rc2''' has been released. |
|||
[https://download.samba.org/pub/samba/rc/samba-4.16.0rc2.WHATSNEW.txt Release Notes Samba 4.16.0rc2] |
|||
== Samba 4.16.0rc1 == |
|||
<small>('''Updated 24-January-2022''')</small> |
|||
* Monday, January 24 2022 - '''Samba 4.16.0rc1''' has been released. |
|||
[https://download.samba.org/pub/samba/rc/samba-4.16.0rc1.WHATSNEW.txt Release Notes Samba 4.16.0rc1] |
Latest revision as of 13:12, 4 September 2023
Samba 4.16 has been marked discontinued.
Release blocking bugs
Samba 4.16.11
(Updated 19-July-2023)
- Wednesday, July 19 2023 - Samba 4.16.11 has been released as a Security Release to address the following defects:
- CVE-2023-34967 (Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process.)
- CVE-2022-2127 (When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it.)
- CVE-2023-34968 (As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results.)
- CVE-2023-34966 (An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request.)
Release Notes Samba 4.16.11
Samba 4.16.10
(Updated 2023-March-29)
- Wednesday, March 29 2023 - Samba 4.16.10 has been released as a Security Release to address the following defects:
- CVE-2023-0922 (The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.)
- CVE-2023-0614 (The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing.)
Release Notes Samba 4.16.10
Samba 4.16.9
(Updated 16-February-2023)
- Thursday, February 16 2023 - Samba 4.16.9 has been released. There will be security releases only beyond this point.
Release Notes Samba 4.16.9
Samba 4.16.8
(Updated 15-December-2022)
- Thursday, December 15 2022 - Samba 4.16.8 has been released as a Security Release to address the following defects:
- CVE-2022-37966 (This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022)
- CVE-2022-37967 (This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022)
- CVE-2022-38023 (The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak)
Release Notes Samba 4.16.8
Samba 4.16.7
(Updated 15-November-2022)
- Tuesday, November 15 2022 - Samba 4.16.7 has been released as a Security Release to address the following defects:
- CVE-2022-42898 (Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap)
Release Notes Samba 4.16.7
Samba 4.16.6
(Updated 25-October-2022)
- Tuesday, October 25 2022 - Samba 4.16.6 has been released as a Security Release to address the following defect:
- CVE-2022-3437 (There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba))
Release Notes Samba 4.16.6
Samba 4.16.5
(Updated 07-September-2022)
- Wednesday, September 07 2022 - Samba 4.16.5 has been released.
Release Notes Samba 4.16.5
Samba 4.16.4
(Updated 27-July-2022)
- Wednesday, July 27 2022 - Samba 4.16.4 has been released as a Security Release to address the following defects:
- CVE-2022-2031 (Samba AD users can bypass certain restrictions associated with changing passwords)
- CVE-2022-32744 (Samba AD users can forge password change requests for any user)
- CVE-2022-32745 (Samba AD users can crash the server process with an LDAP add or modify request)
- CVE-2022-32746 (Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request)
- CVE-2022-32742 (Server memory information leak via SMB1)
Release Notes Samba 4.16.4
Samba 4.16.3
(Updated 18-July-2022)
- Monday, July 18 2022 - Samba 4.16.3 has been released.
Release Notes Samba 4.16.3
Samba 4.16.2
(Updated 13-June-2022)
- Monday, June 13 2022 - Samba 4.16.2 has been released.
Release Notes Samba 4.16.2
Samba 4.16.1
(Updated 2-May-2022)
- Monday, May 2 2022 - Samba 4.16.1 has been released.
Release Notes Samba 4.16.1
Samba 4.16.0
(Updated 21-March-2022)
- Monday, March 21 2022 - Samba 4.16.0 has been released.
Release Notes Samba 4.16.0
Samba 4.16.0rc5
(Updated 8-March-2022)
- Tuesday, March 8 2022 - Samba 4.16.0rc5 has been released.
Release Notes Samba 4.16.0rc5
Samba 4.16.0rc4
(Updated 1-March-2022)
- Tuesday, March 1 2022 - Samba 4.16.0rc4 has been released.
Release Notes Samba 4.16.0rc4
Samba 4.16.0rc3
(Updated 15-February-2022)
- Tuesday, February 15 2022 - Samba 4.16.0rc3 has been released.
Release Notes Samba 4.16.0rc3
Samba 4.16.0rc2
(Updated 31-January-2022)
- Monday, January 31 2022 - Samba 4.16.0rc2 has been released.
Release Notes Samba 4.16.0rc2
Samba 4.16.0rc1
(Updated 24-January-2022)
- Monday, January 24 2022 - Samba 4.16.0rc1 has been released.
Release Notes Samba 4.16.0rc1