[Announce] Samba 4.16.4, 4.15.9, 4.14.14 Security Releases are available for Download

Jule Anger janger at samba.org
Wed Jul 27 10:10:38 UTC 2022


Release Announcements
---------------------

This are security releases in order to address the following defects:

o CVE-2022-2031:  Samba AD users can bypass certain restrictions 
associated with
                   changing passwords.
https://www.samba.org/samba/security/CVE-2022-2031.html

o CVE-2022-32744: Samba AD users can forge password change requests for 
any user.
https://www.samba.org/samba/security/CVE-2022-32744.html

o CVE-2022-32745: Samba AD users can crash the server process with an 
LDAP add
                   or modify request.
https://www.samba.org/samba/security/CVE-2022-32745.html

o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
                   process with an LDAP add or modify request.
https://www.samba.org/samba/security/CVE-2022-32746.html

o CVE-2022-32742: Server memory information leak via SMB1.
https://www.samba.org/samba/security/CVE-2022-32742.html

Changes
-------

o  Jeremy Allison <jra at samba.org>
    * BUG 15085: CVE-2022-32742.

o  Andrew Bartlett <abartlet at samba.org>
    * BUG 15009: CVE-2022-32746.

o  Andreas Schneider <asn at samba.org>
    * BUG 15047: CVE-2022-2031.

o  Joseph Sutton <josephsutton at catalyst.net.nz>
    * BUG 15008: CVE-2022-32745.
    * BUG 15009: CVE-2022-32746.
    * BUG 15047: CVE-2022-2031.
    * BUG 15074: CVE-2022-32744.

#######################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.libera.chat or the
#samba-technical:matrix.org matrix channel.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).


======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================



================
Download Details
================

The uncompressed Samba tarballs and patch files have been signed
using GnuPG (ID AA99442FB680B620). The Samba source code can be downloaded
from:

https://download.samba.org/pub/samba/stable/

The release notes are available online at:

         https://www.samba.org/samba/history/samba-4.16.4.html
         https://www.samba.org/samba/history/samba-4.15.9.html
         https://www.samba.org/samba/history/samba-4.14.14.html

If you are building/using ldb from a system library, you'll
also need the related updated ldb tarball, otherwise you can ignore it.
The uncompressed ldb tarballs have been signed using GnuPG (ID 
4793916113084025).
The ldb source code can be downloaded from:

samba-4.16.4:
https://download.samba.org/pub/ldb/ldb-2.5.2.tar.gz
samba-4.15.9:
https://download.samba.org/pub/ldb/ldb-2.4.4.tar.gz
samba-4.14.14:
https://download.samba.org/pub/ldb/ldb-2.3.4.tar.gz

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                         --Enjoy
                         The Samba Team



More information about the samba-announce mailing list