[Samba] Latest Ubuntu 16.04 samba upgrade breaks external ldap auth (CVE-2020-10704)
Rowland penny
rpenny at samba.org
Wed Apr 29 10:54:55 UTC 2020
On 29/04/2020 11:24, Dmitry Melekhov via samba wrote:
>
> 29.04.2020 13:08, Rowland penny via samba пишет:
>> On 29/04/2020 09:36, Remy Zandwijk via samba wrote:
>>>> On 29 Apr 2020, at 09:38, L.P.H. van Belle via samba
>>>> <samba at lists.samba.org> wrote:
>>>>
>>>> Well, my advice here is.. Your using Ubuntu 16.04 which is EOL this
>>>> month.
>>> According to https://wiki.ubuntu.com/Releases it is EOL in April
>>> 2024 and standard support ends in April 2021.
>>>
>>>
>>>
>> It is 2024 if you are prepared to pay for support.
>
>
> Well, really not, ESM for 14.04 is free up to 3 hosts , don't know
> what they will do for 16.04 though.
>
>
>
>>
>> However 4.3.11 is EOL as far as Samba is concerned and totally relies
>> on Ubuntu backporting Samba updates to these non Samba supported
>> versions.
>>
>> Rowland
>>
>>
>>
>
Okay, this is just my opinion, but even if it is free, upgrade your OS
to 20.04, this will get you a Samba version supported by Samba.
The only Samba supported versions are 4.10.x, 4.11.x and 4.12.x. ,
4.12.x is fully supported, 4.11.x will get maintenance support and
4.10.x only gets security fixes, any other version is unsupported by
Samba and relies on the distros backporting patches.
There has been multiple fixes since 4.3.x , so you are probably using an
insecure version.
Rowland
More information about the samba
mailing list