The branch, v4-18-stable has been updated via 3dc0412a79f Merge tag 'samba-4.18.8' into v4-18-stable via f1c0d4f1feb VERSION: Disable GIT_SNAPSHOT for the 4.18.8 release. via 0bf0250e358 WHATSNEW: Add release notes for Samba 4.18.8. via eb6f2d92e8a CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup via 4eba269b1ba CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC via 2ef556473bd CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC via e652fbe8525 CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default via 4b3da3a97d1 CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY via e691257c618 CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests via 9d249db44c7 CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour via ebc2796a029 CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once via 3e7bdcd0e48 CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever. via 23031057e86 CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start via 87ff4f57bf7 CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force() via 8ad21108f88 CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice via 570e892a0e8 CVE-2023-4154 libcli/security: add security_descriptor_[s|d]acl_insert() helpers via 7ebf51dd8b5 CVE-2023-4154 libcli/security: prepare security_descriptor_acl_add() to place the ace at a position via da9bdf36c35 CVE-2023-4154 replace: add ARRAY_INSERT_ELEMENT() helper via 217b30b05e2 CVE-2023-4154 python/samba/ndr: add ndr_deepcopy() helper via 8a2b11fda30 CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add() via 8ebcfe5599c CVE-2023-4154 python:sd_utils: add dacl_{prepend,append,delete}_aces() helpers via b65b141ed75 CVE-2023-4154 python:sd_utils: introduce update_aces_in_dacl() helper via 704fadfb60e CVE-2023-4154 s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG via e8df1a60866 CVE-2023-4154 s4:dsdb:tests: Fix code spelling via 5ca0ee6f111 CVE-2023-4154 s4:dsdb:tests: Refactor confidential attributes test via 582f4f2e844 CVE-2023-4154 dsdb: Remove remaining references to DC_MODE_RETURN_NONE and DC_MODE_RETURN_ALL via 3c432b14469 CVE-2023-4091: smbd: use open_access_mask for access check in open_file() via bfe8e10bf3b CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file via 3e64edae781 CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames. via d1a26b4f46b CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code. via 84b5d3640f7 CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir. via 2576c0275dc VERSION: Bump version up to Samba 4.18.8... from 85475a0cb20 CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-stable - Log ----------------------------------------------------------------- commit 3dc0412a79fdbba02dc1c729c13c8ebff9aa6a85 Merge: 85475a0cb20 f1c0d4f1feb Author: Jule Anger <jan...@samba.org> Date: Tue Oct 10 17:04:24 2023 +0200 Merge tag 'samba-4.18.8' into v4-18-stable samba: tag release samba-4.18.8 commit f1c0d4f1feb8105d22307e29150e0b7d59b5fed9 Author: Jule Anger <jan...@samba.org> Date: Tue Oct 10 10:58:39 2023 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.18.8 release. Signed-off-by: Jule Anger <jan...@samba.org> commit 0bf0250e358b3084d6c4c28df31b92fdaded9557 Author: Jule Anger <jan...@samba.org> Date: Tue Oct 10 10:58:08 2023 +0200 WHATSNEW: Add release notes for Samba 4.18.8. Signed-off-by: Jule Anger <jan...@samba.org> commit eb6f2d92e8af60d67334a94ab5df56785a1508f2 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Sep 12 16:23:49 2023 +1200 CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup We now have ensured that no conflicting services attempt to start so we do not need the runtime lookup and so avoid the risk that the lookup may fail. This means that any duplicates will be noticed early not just in a race condition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 4eba269b1ba4ce6e9f71efed9f537249d1bd2c5d Author: Andrew Bartlett <abart...@samba.org> Date: Tue Sep 12 12:28:49 2023 +1200 CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC Just as we refuse to start NETLOGON except on the DC, we must refuse to start all of the RPC services that are provided by the AD DC. Most critically of course this applies to netlogon, lsa and samr. This avoids the supression of these services being the result of a runtime epmapper lookup, as if that fails these services can disrupt service to end users by listening on the same socket as the AD DC servers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 2ef556473bd858fc3dbcd6372835ded48f75135d Author: Andrew Bartlett <abart...@samba.org> Date: Tue Sep 12 19:01:03 2023 +1200 CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC The rpcecho server in source3 does have samba the sleep() feature that the s4 version has, but the task architecture is different, so there is not the same impact. Hoever equally this is not something that should be enabled on production builds of Samba, so restrict to selftest builds. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit e652fbe8525dfaa5b7d794cac90f9d216432e78c Author: Andrew Bartlett <abart...@samba.org> Date: Tue Sep 12 18:59:44 2023 +1200 CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default The rpcecho server is useful in development and testing, but should never have been allowed into production, as it includes the facility to do a blocking sleep() in the single-threaded rpc worker. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 4b3da3a97d1cbfd17a4eef466eb3bc1fc4887a34 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 8 17:58:27 2023 +1200 CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY This makes LDAP_DIRSYNC_OBJECT_SECURITY the only behaviour provided by Samba. Having a second access control system withing the LDAP stack is unsafe and this layer is incomplete. The current system gives all accounts that have been given the GUID_DRS_GET_CHANGES extended right SYSTEM access. Currently in Samba this equates to full access to passwords as well as "RODC Filtered attributes" (often used with confidential attributes). Rather than attempting to correctly filter for secrets (passwords) and these filtered attributes, as well as preventing search expressions for both, we leave this complexity to the acl_read module which has this facility already well tested. The implication is that callers will only see and filter by attribute in DirSync that they could without DirSync. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit e691257c61813f2cf9513d149ba82b021ec824ee Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 22 15:08:17 2023 +1200 CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests The aim here is to document the expected (even if not implemented) SEARCH_FLAG_RODC_ATTRIBUTE vs SEARCH_FLAG_CONFIDENTIAL, behaviour, so that any change once CVE-2023-4154 is fixed can be noted. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 9d249db44c7c8feb1c4e8719739a5cee60b25842 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 8 14:30:19 2023 +1200 CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour SEARCH_FLAG_RODC_ATTRIBUTE should be like SEARCH_FLAG_CONFIDENTIAL, but for DirSync and DRS replication. Accounts with GUID_DRS_GET_CHANGES rights should not be able to read this attribute. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit ebc2796a029b4dbe803457db0de9e999d1203460 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 8 11:18:46 2023 +1200 CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once When we (expect to) get back a result, do not waste time against a potentially slow server confirming we also get back results for all the other attribute combinations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 3e7bdcd0e488fe0788ca537ca9894f0c4fda6be6 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Aug 7 11:56:56 2023 +1200 CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 23031057e8626e61994bf833226c196e0d966e63 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Aug 7 14:44:28 2023 +1200 CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start Rather than fail, if the last run failed to reset things, just force the DC into the required state. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 87ff4f57bf7a1980f2f6299115e35ab12483a150 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Aug 7 13:15:40 2023 +1200 CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force() Thie helps ensure this test is reliable even in spite of errors while running. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 8ad21108f88be4fcabc1919757eed2ed06c06fba Author: Andrew Bartlett <abart...@samba.org> Date: Mon Aug 7 11:55:55 2023 +1200 CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice To re-use setup code, the super-class must have no test_*() methods otherwise these will be run as well as the class-local tests. We rename tests that would otherwise have duplicate names BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> commit 570e892a0e811b1c90b7fe6b065b16591d38f7ee Author: Stefan Metzmacher <me...@samba.org> Date: Thu Mar 16 10:03:44 2023 +0100 CVE-2023-4154 libcli/security: add security_descriptor_[s|d]acl_insert() helpers BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> (cherry picked from commit 2c02378029fff6636b8f19e45af78b265f2210ed) commit 7ebf51dd8b57b5932bb6f923d513e3f84c653567 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Mar 16 10:00:11 2023 +0100 CVE-2023-4154 libcli/security: prepare security_descriptor_acl_add() to place the ace at a position Often it is important to insert an ace at a specific position in the ACL. As a default we still append by default by using -1, which is the generic version of passing the number of existing aces. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> (cherry picked from commit c3cb915a67aff6739b72b86d7d139609df309ada) commit da9bdf36c357826f4dd25cf1121dfdbba3ed1dd2 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Mar 16 09:57:43 2023 +0100 CVE-2023-4154 replace: add ARRAY_INSERT_ELEMENT() helper BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> (cherry picked from commit 9d8ff0d1e0b2ba7c84af36e1931f5bc99902a44b) commit 217b30b05e24b66a427d9cc605141f917b88745c Author: Stefan Metzmacher <me...@samba.org> Date: Fri Mar 17 14:08:34 2023 +0100 CVE-2023-4154 python/samba/ndr: add ndr_deepcopy() helper This uses ndr_pack/unpack in order to create a deep copy of the given object. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> (cherry picked from commit 4627997ddae44265ad35b3234232eb74458c6c34) commit 8a2b11fda30eef3883bbe9ea538dae6f68216fd9 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Mar 16 10:11:05 2023 +0100 CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> (cherry picked from commit 9ea06aaf9f57e3c7094553d9ac40fb73057a9b74) commit 8ebcfe5599c5540da2fdd161d5108275d22c959e Author: Stefan Metzmacher <me...@samba.org> Date: Thu Mar 16 18:03:10 2023 +0100 CVE-2023-4154 python:sd_utils: add dacl_{prepend,append,delete}_aces() helpers They better represent what they are doing, we keep dacl_add_ace() as wrapper of dacl_prepend_aces() in order to let existing callers work as before. In future it would be good to have a dacl_insert_aces() that would canonicalize the ace order before storing, but that a task for another day. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> (cherry picked from commit a1109a9bf12e020636b8d66fc54984aac58bfe6b) commit b65b141ed7572503fc896b5efd46b3a48ef847d1 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Mar 10 18:25:18 2023 +0100 CVE-2023-4154 python:sd_utils: introduce update_aces_in_dacl() helper This is a more generic api that can be re-used in other places as well in future. It operates on a security descriptor object instead of SDDL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> (cherry picked from commit 8411e6d302e25d10f1035ebbdcbde7308566e930) commit 704fadfb60e74bbaee41f0e37415c1f31734fb34 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 14 17:19:27 2023 +1300 CVE-2023-4154 s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG It's no longer used anywhere. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> (cherry picked from commit 8b4e6f7b3fb8018cb64deef9b8e1cbc2e5ba12cf) commit e8df1a60866651678ce99d730f6a5e4bcc671b1d Author: Andreas Schneider <a...@samba.org> Date: Wed Aug 2 10:44:32 2023 +0200 CVE-2023-4154 s4:dsdb:tests: Fix code spelling BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> (cherry picked from commit b29793ffdee5d9b9c1c05830622e80f7faec7670) commit 5ca0ee6f111e63ef92bbb8fc94b81a08b490854f Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Jan 27 07:43:40 2023 +1300 CVE-2023-4154 s4:dsdb:tests: Refactor confidential attributes test Use more specific unittest methods, and remove unused code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> (cherry picked from commit 2e5d08c908b3fa48b9b374279a331061cb77bce3) commit 582f4f2e844d95e48444d2b98c7397cac32ad6d4 Author: Andrew Bartlett <abart...@samba.org> Date: Wed Mar 1 14:49:06 2023 +1300 CVE-2023-4154 dsdb: Remove remaining references to DC_MODE_RETURN_NONE and DC_MODE_RETURN_ALL The confidential_attrs test no longer uses DC_MODE_RETURN_NONE we can now remove the complexity. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> (cherry picked from commit 82d2ec786f7e75ff6f34eb3357964345b10de091) commit 3c432b144690353b7c86daf38612a2e19eb82084 Author: Ralph Boehme <s...@samba.org> Date: Tue Aug 1 13:04:36 2023 +0200 CVE-2023-4091: smbd: use open_access_mask for access check in open_file() If the client requested FILE_OVERWRITE[_IF], we're implicitly adding FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the access check we're using access_mask which doesn't contain the additional right, which means we can end up truncating a file for which the user has only read-only access via an SD. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439 Signed-off-by: Ralph Boehme <s...@samba.org> commit bfe8e10bf3b5dafecd0b19ef8ea163327f73a531 Author: Ralph Boehme <s...@samba.org> Date: Tue Aug 1 12:30:00 2023 +0200 CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439 Signed-off-by: Ralph Boehme <s...@samba.org> commit 3e64edae781fe8cdec33b68b00f5daa51bb74b5d Author: Jeremy Allison <j...@samba.org> Date: Tue Jul 25 17:54:41 2023 -0700 CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames. We correctly handle this and just return ENOENT (NT_STATUS_OBJECT_NAME_NOT_FOUND). Remove knowfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422 Signed-off-by: Jeremy Allison <j...@samba.org> commit d1a26b4f46b4f27d01c90a71b9bbd065c2d0efd1 Author: Jeremy Allison <j...@samba.org> Date: Tue Jul 25 17:49:21 2023 -0700 CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code. The raw SMB2-INVALID-PIPENAME test passes against Windows 2022, as it just returns NT_STATUS_OBJECT_NAME_NOT_FOUND. Add the knownfail. BUG:https://bugzilla.samba.org/show_bug.cgi?id=15422 Signed-off-by: Jeremy Allison <j...@samba.org> commit 84b5d3640f7103dcc8984df7be679967bc06fd44 Author: Jeremy Allison <j...@samba.org> Date: Tue Jul 25 17:41:04 2023 -0700 CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir. For now, SMB_ASSERT() to exit the server. We will remove this once the test code is in place. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422 Signed-off-by: Jeremy Allison <j...@samba.org> commit 2576c0275dc9dcb4ca1cfb6a6a323f4e30651bd0 Author: Jule Anger <jan...@samba.org> Date: Wed Sep 27 10:09:45 2023 +0200 VERSION: Bump version up to Samba 4.18.8... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger <jan...@samba.org> (cherry picked from commit ca1b7c185edf67b1ceb988a8015396351c5ac240) ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 80 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 305add2b815..8fa17dff606 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=18 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index fd11954058e..53fe4eafa72 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,81 @@ + ============================== + Release Notes for Samba 4.18.8 + October 10, 2023 + ============================== + + +This is a security release in order to address the following defects: + + +o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to + existing unix domain sockets on the file system. + https://www.samba.org/samba/security/CVE-2023-3961.html + +o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with + OVERWRITE disposition when using the acl_xattr Samba VFS + module with the smb.conf setting + "acl_xattr:ignore system acls = yes" + https://www.samba.org/samba/security/CVE-2023-4091.html + +o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all + attributes, including secrets and passwords. Additionally, + the access check fails open on error conditions. + https://www.samba.org/samba/security/CVE-2023-4154.html + +o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the + server block for a user-defined amount of time, denying + service. + https://www.samba.org/samba/security/CVE-2023-42669.html + +o CVE-2023-42670: Samba can be made to start multiple incompatible RPC + listeners, disrupting service on the AD DC. + https://www.samba.org/samba/security/CVE-2023-42670.html + + +Changes since 4.18.7 +-------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 15422: CVE-2023-3961. + +o Andrew Bartlett <abart...@samba.org> + * BUG 15424: CVE-2023-4154. + * BUG 15473: CVE-2023-42670. + * BUG 15474: CVE-2023-42669. + +o Ralph Boehme <s...@samba.org> + * BUG 15439: CVE-2023-4091. + +o Stefan Metzmacher <me...@samba.org> + * BUG 15424: CVE-2023-4154. + +o Joseph Sutton <josephsut...@catalyst.net.nz> + * BUG 15424: CVE-2023-4154. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- ============================== Release Notes for Samba 4.18.7 September 27, 2023 @@ -72,8 +150,7 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- ============================== Release Notes for Samba 4.18.6 August 16, 2023 -- Samba Shared Repository