[SCM] Samba Website Repository - branch master updated
Jule Anger
janger at samba.org
Wed Jul 19 14:40:15 UTC 2023
The branch, master has been updated
via 6c4000d add missing release notes for security releases 4.18.5, 4.17.10 and 4.16.11
from 40ef1bb NEWS[4.18.1]: Samba 4.18.5, 4.17.10 and 4.16.11 Security Releases are available for Download
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6c4000de33aa2be2795bd5192b80598453a2dd6a
Author: Jule Anger <janger at samba.org>
Date: Wed Jul 19 16:38:23 2023 +0200
add missing release notes for security releases 4.18.5, 4.17.10 and 4.16.11
Signed-off-by: Jule Anger <janger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/samba-4.16.11.html | 70 ++++++++++++++++++++++++++++++++++++++++++++
history/samba-4.17.10.html | 73 ++++++++++++++++++++++++++++++++++++++++++++++
history/samba-4.18.5.html | 73 ++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 216 insertions(+)
create mode 100644 history/samba-4.16.11.html
create mode 100644 history/samba-4.17.10.html
create mode 100644 history/samba-4.18.5.html
Changeset truncated at 500 lines:
diff --git a/history/samba-4.16.11.html b/history/samba-4.16.11.html
new file mode 100644
index 0000000..8b7a49f
--- /dev/null
+++ b/history/samba-4.16.11.html
@@ -0,0 +1,70 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.16.11 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.16.11 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.16.11.tar.gz">Samba 4.16.11 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.16.11.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.16.10-4.16.11.diffs.gz">Patch (gzipped) against Samba 4.16.10</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.16.10-4.16.11.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ===============================
+ Release Notes for Samba 4.16.11
+ July 19, 2023
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously
+ crafted request can trigger an out-of-bounds read in winbind
+ and possibly crash it.
+ https://www.samba.org/samba/security/CVE-2022-2127.html
+
+o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
+ Spotlight can be triggered by an unauthenticated attacker by
+ issuing a malformed RPC request.
+ https://www.samba.org/samba/security/CVE-2023-34966.html
+
+o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
+ Spotlight can be used by an unauthenticated attacker to
+ trigger a process crash in a shared RPC mdssvc worker process.
+ https://www.samba.org/samba/security/CVE-2023-34967.html
+
+o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
+ side absolute path of shares and files and directories in
+ search results.
+ https://www.samba.org/samba/security/CVE-2023-34968.html
+
+
+Changes since 4.16.10
+---------------------
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 15072: CVE-2022-2127.
+ * BUG 15340: CVE-2023-34966.
+ * BUG 15341: CVE-2023-34967.
+ * BUG 15388: CVE-2023-34968.
+
+o Samuel Cabrero <scabrero at samba.org>
+ * BUG 15072: CVE-2022-2127.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 15072: CVE-2022-2127.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.17.10.html b/history/samba-4.17.10.html
new file mode 100644
index 0000000..f345ce6
--- /dev/null
+++ b/history/samba-4.17.10.html
@@ -0,0 +1,73 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.17.10 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.17.10 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.17.10.tar.gz">Samba 4.17.10 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.17.10.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.17.9-4.17.10.diffs.gz">Patch (gzipped) against Samba 4.17.9</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.17.9-4.17.10.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ===============================
+ Release Notes for Samba 4.17.10
+ July 19, 2023
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously
+ crafted request can trigger an out-of-bounds read in winbind
+ and possibly crash it.
+ https://www.samba.org/samba/security/CVE-2022-2127.html
+
+o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured
+ "server signing = required" or for SMB2 connections to Domain
+ Controllers where SMB2 packet signing is mandatory.
+ https://www.samba.org/samba/security/CVE-2023-3347.html
+
+o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
+ Spotlight can be triggered by an unauthenticated attacker by
+ issuing a malformed RPC request.
+ https://www.samba.org/samba/security/CVE-2023-34966.html
+
+o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
+ Spotlight can be used by an unauthenticated attacker to
+ trigger a process crash in a shared RPC mdssvc worker process.
+ https://www.samba.org/samba/security/CVE-2023-34967.html
+
+o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
+ side absolute path of shares and files and directories in
+ search results.
+ https://www.samba.org/samba/security/CVE-2023-34968.html
+
+
+Changes since 4.17.9
+--------------------
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 15072: CVE-2022-2127.
+ * BUG 15340: CVE-2023-34966.
+ * BUG 15341: CVE-2023-34967.
+ * BUG 15388: CVE-2023-34968.
+ * BUG 15397: CVE-2023-3347.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 15072: CVE-2022-2127.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.18.5.html b/history/samba-4.18.5.html
new file mode 100644
index 0000000..42756fc
--- /dev/null
+++ b/history/samba-4.18.5.html
@@ -0,0 +1,73 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.18.5 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.18.5 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.18.5.tar.gz">Samba 4.18.5 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.18.5.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.18.4-4.18.5.diffs.gz">Patch (gzipped) against Samba 4.18.4</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.18.4-4.18.5.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.18.5
+ July 19, 2023
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously
+ crafted request can trigger an out-of-bounds read in winbind
+ and possibly crash it.
+ https://www.samba.org/samba/security/CVE-2022-2127.html
+
+o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured
+ "server signing = required" or for SMB2 connections to Domain
+ Controllers where SMB2 packet signing is mandatory.
+ https://www.samba.org/samba/security/CVE-2023-3347.html
+
+o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
+ Spotlight can be triggered by an unauthenticated attacker by
+ issuing a malformed RPC request.
+ https://www.samba.org/samba/security/CVE-2023-34966.html
+
+o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
+ Spotlight can be used by an unauthenticated attacker to
+ trigger a process crash in a shared RPC mdssvc worker process.
+ https://www.samba.org/samba/security/CVE-2023-34967.html
+
+o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
+ side absolute path of shares and files and directories in
+ search results.
+ https://www.samba.org/samba/security/CVE-2023-34968.html
+
+
+Changes since 4.18.4
+--------------------
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 15072: CVE-2022-2127.
+ * BUG 15340: CVE-2023-34966.
+ * BUG 15341: CVE-2023-34967.
+ * BUG 15388: CVE-2023-34968.
+ * BUG 15397: CVE-2023-3347.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 15072: CVE-2022-2127.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
+
+
+</pre>
+</p>
+</body>
+</html>
--
Samba Website Repository
More information about the samba-cvs
mailing list