The branch, master has been updated
via 385462c add missing release notes
from 8c8039a NEWS[4.19.1]: Samba 4.19.1, 4.18.8 and 4.17.12 Security
Releases are available for Download
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 385462c9a7bebf1e8a3cd9e0ded74fdb9205c777
Author: Jule Anger <jan...@samba.org>
Date: Tue Oct 10 17:26:51 2023 +0200
add missing release notes
Signed-off-by: Jule Anger <jan...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/samba-4.17.12.html | 83 ++++++++++++++++++++++++++++++++++++++++++++++
history/samba-4.18.8.html | 77 ++++++++++++++++++++++++++++++++++++++++++
history/samba-4.19.1.html | 71 +++++++++++++++++++++++++++++++++++++++
3 files changed, 231 insertions(+)
create mode 100644 history/samba-4.17.12.html
create mode 100644 history/samba-4.18.8.html
create mode 100644 history/samba-4.19.1.html
Changeset truncated at 500 lines:
diff --git a/history/samba-4.17.12.html b/history/samba-4.17.12.html
new file mode 100644
index 0000000..9290251
--- /dev/null
+++ b/history/samba-4.17.12.html
@@ -0,0 +1,83 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head>
+<title>Samba 4.17.12 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.17.12 Available for Download</H2>
+<p>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.17.12.tar.gz";>Samba
4.17.12 (gzipped)</a><br>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.17.12.tar.asc";>Signature</a>
+</p>
+<p>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.17.11-4.17.12.diffs.gz";>Patch
(gzipped) against Samba 4.17.11</a><br>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.17.11-4.17.12.diffs.asc";>Signature</a>
+</p>
+<p>
+<pre>
+ ===============================
+ Release Notes for Samba 4.17.12
+ October 10, 2023
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+
+o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root
to
+ existing unix domain sockets on the file system.
+ https://www.samba.org/samba/security/CVE-2023-3961.html
+
+o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files
with
+ OVERWRITE disposition when using the acl_xattr Samba VFS
+ module with the smb.conf setting
+ "acl_xattr:ignore system acls = yes"
+ https://www.samba.org/samba/security/CVE-2023-4091.html
+
+o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
+ attributes, including secrets and passwords. Additionally,
+ the access check fails open on error conditions.
+ https://www.samba.org/samba/security/CVE-2023-4154.html
+
+o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
+ server block for a user-defined amount of time, denying
+ service.
+ https://www.samba.org/samba/security/CVE-2023-42669.html
+
+o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
+ listeners, disrupting service on the AD DC.
+ https://www.samba.org/samba/security/CVE-2023-42670.html
+
+
+Changes since 4.17.11
+---------------------
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 15422: CVE-2023-3961.
+
+o Andrew Bartlett <abart...@samba.org>
+ * BUG 15424: CVE-2023-4154.
+ * BUG 15473: CVE-2023-42670.
+ * BUG 15474: CVE-2023-42669.
+
+o Ralph Boehme <s...@samba.org>
+ * BUG 15439: CVE-2023-4091.
+
+o Christian Merten <christ...@merten.dev>
+ * BUG 15424: CVE-2023-4154.
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 15424: CVE-2023-4154.
+
+o Andreas Schneider <a...@samba.org>
+ * BUG 15424: CVE-2023-4154.
+
+o Joseph Sutton <josephsut...@catalyst.net.nz>
+ * BUG 15424: CVE-2023-4154.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.18.8.html b/history/samba-4.18.8.html
new file mode 100644
index 0000000..bc6d4ee
--- /dev/null
+++ b/history/samba-4.18.8.html
@@ -0,0 +1,77 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head>
+<title>Samba 4.18.8 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.18.8 Available for Download</H2>
+<p>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.18.8.tar.gz";>Samba
4.18.8 (gzipped)</a><br>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.18.8.tar.asc";>Signature</a>
+</p>
+<p>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.18.7-4.18.8.diffs.gz";>Patch
(gzipped) against Samba 4.18.7</a><br>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.18.7-4.18.8.diffs.asc";>Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.18.8
+ October 10, 2023
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+
+o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root
to
+ existing unix domain sockets on the file system.
+ https://www.samba.org/samba/security/CVE-2023-3961.html
+
+o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files
with
+ OVERWRITE disposition when using the acl_xattr Samba VFS
+ module with the smb.conf setting
+ "acl_xattr:ignore system acls = yes"
+ https://www.samba.org/samba/security/CVE-2023-4091.html
+
+o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
+ attributes, including secrets and passwords. Additionally,
+ the access check fails open on error conditions.
+ https://www.samba.org/samba/security/CVE-2023-4154.html
+
+o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
+ server block for a user-defined amount of time, denying
+ service.
+ https://www.samba.org/samba/security/CVE-2023-42669.html
+
+o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
+ listeners, disrupting service on the AD DC.
+ https://www.samba.org/samba/security/CVE-2023-42670.html
+
+
+Changes since 4.18.7
+--------------------
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 15422: CVE-2023-3961.
+
+o Andrew Bartlett <abart...@samba.org>
+ * BUG 15424: CVE-2023-4154.
+ * BUG 15473: CVE-2023-42670.
+ * BUG 15474: CVE-2023-42669.
+
+o Ralph Boehme <s...@samba.org>
+ * BUG 15439: CVE-2023-4091.
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 15424: CVE-2023-4154.
+
+o Joseph Sutton <josephsut...@catalyst.net.nz>
+ * BUG 15424: CVE-2023-4154.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.19.1.html b/history/samba-4.19.1.html
new file mode 100644
index 0000000..68ce3ed
--- /dev/null
+++ b/history/samba-4.19.1.html
@@ -0,0 +1,71 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head>
+<title>Samba 4.19.1 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.19.1 Available for Download</H2>
+<p>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.19.1.tar.gz";>Samba
4.19.1 (gzipped)</a><br>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.19.1.tar.asc";>Signature</a>
+</p>
+<p>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.19.0-4.19.1.diffs.gz";>Patch
(gzipped) against Samba 4.19.0</a><br>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.19.0-4.19.1.diffs.asc";>Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.19.1
+ October 10, 2023
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+
+o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root
to
+ existing unix domain sockets on the file system.
+ https://www.samba.org/samba/security/CVE-2023-3961.html
+
+o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files
with
+ OVERWRITE disposition when using the acl_xattr Samba VFS
+ module with the smb.conf setting
+ "acl_xattr:ignore system acls = yes"
+ https://www.samba.org/samba/security/CVE-2023-4091.html
+
+o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
+ attributes, including secrets and passwords. Additionally,
+ the access check fails open on error conditions.
+ https://www.samba.org/samba/security/CVE-2023-4154.html
+
+o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
+ server block for a user-defined amount of time, denying
+ service.
+ https://www.samba.org/samba/security/CVE-2023-42669.html
+
+o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
+ listeners, disrupting service on the AD DC.
+ https://www.samba.org/samba/security/CVE-2023-42670.html
+
+
+Changes since 4.19.0
+--------------------
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 15422: CVE-2023-3961.
+
+o Andrew Bartlett <abart...@samba.org>
+ * BUG 15424: CVE-2023-4154.
+ * BUG 15473: CVE-2023-42670.
+ * BUG 15474: CVE-2023-42669.
+
+o Ralph Boehme <s...@samba.org>
+ * BUG 15439: CVE-2023-4091.
+
+
+</pre>
+</p>
+</body>
+</html>
--
Samba Website Repository
