[Announce] Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available

Karolin Seeger kseeger at samba.org
Tue May 14 06:31:20 UTC 2019 

Release Announcements
---------------------

These are a security releases in order to address the following defect:

o  CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum)


=======
Details
=======

o  CVE-2018-16860:
   The checksum validation in the S4U2Self handler in the embedded Heimdal KDC
   did not first confirm that the checksum was keyed, allowing replacement of
   the requested target (client) principal.

For more details and workarounds, please refer to the security advisory.


Changes:
--------

o  Isaac Boukris <iboukris at gmail.com> 
   * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed
     checksum.


#######################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).


======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================



================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6F33915B6568B7EA).  The source code can be downloaded
from:

        https://download.samba.org/pub/samba/stable/

The release notes are available online at:

        https://www.samba.org/samba/history/samba-4.10.3.html
        https://www.samba.org/samba/history/samba-4.9.8.html
        https://www.samba.org/samba/history/samba-4.8.12.html

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-announce/attachments/20190514/11c91102/signature.sig>

More information about the samba-announce mailing list