[Samba] Need to know Samba version addressing "CVE-2018-14628" fix
Vivek Anand -X (vivekan - Altran ACT S.A.S at Cisco)
vivekan at cisco.com
Mon Jan 30 07:27:57 UTC 2023
Hi Team,
We are looking for Security Release Version / patch for "CVE-2018-14628<https://attachments.samba.org/attachment.cgi?id=14477>".
The above CVE says :
All versions of Samba from 4.0.0 onwards are vulnerable to an
information leak (compared with the established behaviour of
Microsoft's Active Directory) when Samba is an Active Directory Domain
Controller.
A patch addressing this defect has been posted to
http://www.samba.org/samba/security/
Additionally, Samba 4.7.x 4.8.x and 4.9.x have been issued as a
security release to correct the defect.
But on samba security page, we are unable to find patch/release version addressing "CVE-2018-14628"
We are using "samba-4.17.3" and have queries as below:
1. Is "samba-4.17.3" affected by vulnerability "CVE-2018-14628"?
2. If yes, which samba version/patch is containing fix for above CVE?
Thanks,
Vivek Anand
More information about the samba
mailing list