===
"Take your mind off the
problems for a moment,
and focus on the positive
possibilities. Consider how
very much you are
Release Announcements
-
These are bug fix releases to address a regression introduced by the security
fixes for CVE-2017-2619 (Symlink race allows access outside share definition).
Please see https://bugzilla.samba.org/show_bug.cgi?id=12721 for details.
Changes:
o
Release Announcements
=
This is the fourth release candidate of Samba 4.7. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.7
Release Announcements
=
This is the third release candidate of Samba 4.7. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.7
Release Announcements
=
This is the first release candidate of Samba 4.7. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.7
==
"Change your thoughts and
you change your world."
Norman Vincent Peale
==
Release Announcements
==
"I think about food literally
all day every day.
It's a thing."
Taylor Swift
==
Release
==
"Horses lend us the wings we lack."
Pam Brown
==
Release Announcements
-
This is the latest stable release of the Samba 4.6 release
==
"Problems are not the problem;
coping is the problem."
Virginia Satir
==
Release Announcements
Hi,
this is a heads-up that there will be important Samba security updates
on Wednesday, May 24th (~ 6-9am UTC). Please make sure that your Samba
servers will be updated immediately after the release!
Cheers,
Karolin
--
Karolin Seeger https://samba.org/~kseeger/
Release
Release Announcements
-
These are a security releases in order to address the following defect:
o CVE-2017-7494 (Remote code execution from a writable share)
===
Details
===
o CVE-2017-7494:
All versions of Samba from 3.5.0 onwards are vulnerable to a remote
==
"Stay positive and happy.
Work hard and don't give up
hope. Be open to criticism
and keep learning. Surround
yourself
==
"Debugging is like being the detective
in a crime movie where you are also
the murderer."
Filipe Fortes
==
Release
Release Announcements
=
This is the fifth release candidate of Samba 4.7. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.7
==
"Everyone responds to kindness."
Richard Gere
==
Release Announcements
-
This is the latest stable release of the Samba
"Comedy just pokes at problems,
rarely confronts them squarely.
Drama is like a plate of meat
and potatoes, comedy is rather
"Most of what we call management
consists of making it difficult
for people to get their work
done."
Peter Drucker
Release Announcements
=
This is the second release candidate of Samba 4.8. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.8
Release Announcements
=
This is the third release candidate of Samba 4.8. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.8
"Different people have different
opinions, and it's okay to
respect all of them."
Juan Pablo Galavis
"All you need is love. But a
little chocolate now and then
doesn't hurt."
Charles M. Schulz
"Mail your packages early so the
post office can lose them in
time for Christmas."
Johnny Carson
"Merry Christmas and a Happy New Year!"
Samba Team
Release Announcements
-
This is the latest stable release of the Samba 4.7
Release Announcements
=
This is the second release candidate of Samba 4.9. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.9
Release Announcements
=
This is the third release candidate of Samba 4.9. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.9
Release Announcements
-
These are security releases in order to address the following defects:
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
o CVE-2018-10858 (Insufficient input validation on
Release Announcements
=
This is the fifth release candidate of Samba 4.9. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.9
Release Announcements
-
These are security release in order to address the following defects:
o CVE-2018-1050 (Denial of Service Attack on external print server.)
o CVE-2018-1057 (Authenticated users can change other users' password.)
===
Details
===
o
=
"I don't make jokes.
I just watch the
government and report
the facts."
"We don't see things as
they are, we see them
as we are."
Anais Nin
"Happiness is nothing but good
health and freedom, and money
is the single best way you can
buy your freedom."
Scott
Release Announcements
=
This is the first release candidate of Samba 4.10. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.10
"Fall forward!"
Denzel Washington
Release Announcements
-
This is the latest stable release of
"The whole point of getting
things done is knowing what to
leave undone."
Oswald Chambers
Release Announcements
-
These are security releases in order to address the following defects:
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o
"Former police chief of Houston once
said of me: “Frank Abagnale could write
a check on toilet paper, drawn on the
Confederate States Treasury, sign it
‘U.R.
"The past cannot be changed.
The future is yet in your
power."
Unknown
Release
"The art of medicine consists in
amusing the patient while
nature cures the disease."
Voltaire
Release Announcements
-
These are a security releases in order to address the following defects:
o CVE-2019-3870 (World writable files in Samba AD DC private/ dir)
o CVE-2019-3880 (Save registry file outside share as unprivileged user)
===
Details
===
o
Release Announcements
=
This is the fourth release candidate of Samba 4.10. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.10
Release Announcements
=
This is the third release candidate of Samba 4.10. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.10
"Words are windows, or they're walls,
They sentence us, or set us free.
When I speak and when I hear,
Let the love light shine through me."
Ruth Bebermeyer
"I'm a very positive thinker,
and I think that is what helps
me the most in difficult
moments."
Roger Federer
"Better a diamond with
a flaw than a pebble
without."
Confucius
Release Announcements
=
This is the second release candidate of Samba 4.10. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.10
Release Announcements
-
This is a security release in order to address the following defects:
o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server
(dnsserver))
o CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches))
Please
"Before anything else,
preparation is the key to
success."
Alexander Graham Bell
"Success is not final, failure
is not fatal: it is the courage
to continue that counts."
Winston Churchill
Release Announcements
=
This is the first release candidate of Samba 4.11. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.11
"No one saves us but ourselves.
No one can and no one may.
We ourselves must walk the
path."
Buddha
"If I had to live my life again,
I'd make the same mistakes,
only sooner."
Tallulah Bankhead
"Predicting rain doesn't count.
Building arks does."
Warren Buffett
Release Announcements
Release Announcements
=
This is the third release candidate of Samba 4.11. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.11
Release Announcements
-
These are a security releases in order to address the following defect:
o CVE-2019-10197: Combination of parameters and permissions can allow user
to escape from the share path definition.
===
Details
===
o
Hi,
this is a heads-up that there will be Samba security updates on
Tuesday, September 3rd. Please make sure that your Samba
servers will be updated soon after the release!
Impacted components:
- file server (in certain non-default configurations) (CVSS 8.7, High)
Karolin
--
Karolin
Release Announcements
=
This is the second release candidate of Samba 4.11. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.11
Release Announcements
=
This is the fourth release candidate of Samba 4.11. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.11
"Moonlight is sculpture."
Nathaniel Hawthorne
Release Announcements
-
This is the first
"Be thankful we're not getting
all the government we're paying
for."
Will Rogers
Hi,
this is a heads-up that there will be Samba security updates on
Tuesday, December 10th. Please make sure that your Samba
servers will be updated soon after the release!
Impacted components:
o AD DC (CVSS 5.3, medium)
Cheers,
Karolin
--
Karolin Seeger
Hi,
this is a heads-up that there will be Samba security updates on
Tuesday, October 29th. Please make sure that your Samba
servers will be updated soon after the release!
Impacted components:
- Client (CVSS 5.3, medium)
- AD DC (CVSS 4.9, medium)
Cheers,
Karolin
--
Karolin Seeger
Release Announcements
-
These are security releases in order to address the following defects:
o CVE-2019-10218: Client code can return filenames containing path separators.
o CVE-2019-14833: Samba AD DC check password script does not receive the full
"Be thankful we're not getting
all the government we're paying
for."
Will Rogers
"Success is simply a matter of
luck. Ask any failure."
Earl Wilson
Release Announcements
Release Announcements
=
This is the fourth release candidate of Samba 4.12. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.12
Release Announcements
-
This is the first stable release of the Samba 4.12 release series.
Please read the release notes carefully before upgrading.
NEW FEATURES/CHANGES
Python 3.5 Required
---
Samba's minimum runtime requirement for
Release Announcements
=
This is the second release candidate of Samba 4.12. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.12
Release Announcements
-
This is the latest stable release of the Samba 4.11 release series.
Changes since 4.11.5:
-
o Douglas Bagnall
* BUG 14209: pygpo: Use correct method flags.
o David Disseldorp
* BUG 14216: vfs_ceph_snapshots: Fix root
Hi,
this is a heads-up that there will be Samba security updates on
Tuesday, January 14th 2020. Please make sure that your Samba
servers will be updated soon after the release!
Impacted components:
o AD DC (CVSS 6.5, medium)
Cheers,
Karolin
--
Karolin Seeger
Release Announcements
-
This is the latest stable release of the Samba 4.11 release series.
Changes since 4.11.6:
-
o Jeremy Allison
* BUG 14239: s3: lib: nmblib. Clean up and harden nmb packet processing.
* BUG 14283: s3: VFS: full_audit. Use
Hi,
this is a heads-up that there will be Samba security updates on
Tuesday, April 28th 2020. Please make sure that your Samba AD DCs
will be updated soon after the release!
Impacted components:
o AD DC (CVSS 7.5, high)
Cheers,
Karolin
--
Karolin Seeger
Release Announcements
-
This is the latest stable release of the Samba 4.12 release series.
Changes since 4.12.0
o Douglas Bagnall
* BUG 14295: nmblib: Avoid undefined behaviour in handle_name_ptrs().
o Björn Baumbach
* BUG 14296: samba-tool
Release Announcements
-
This is the last bugfix release of the Samba 4.10 release series. There will be
security releases only beyond this point.
Changes since 4.10.13
-
o Jeremy Allison
* BUG 14239: s3: lib: nmblib. Clean up and harden nmb packet
Release Announcements
-
These are a security releases in order to address the following defects:
o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ
o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
===
Details
===
o
Release Announcements
-
This is the latest stable release of the Samba 4.12 release series.
Changes since 4.12.2
o Jeremy Allison
* BUG 14301: Fix smbd panic on force-close share during async io.
* BUG 14343: s3: vfs_full_audit: Add missing
Release Announcements
-
This is the latest stable release of the Samba 4.11 release series.
Changes since 4.11.8
o Douglas Bagnall
* BUG 14242: nmblib: Avoid undefined behaviour in handle_name_ptrs().
o Björn Baumbach
* BUG 14296:
Release Announcements
=
This is the fourth release condidate of Samba 4.13. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.13
Release Announcements
=
This is the fifth release condidate of Samba 4.13. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.13
Release Announcements
-
This is the latest stable release of the Samba 4.12 release series.
Changes since 4.12.7
o Günther Deschner
* BUG 14318: docs: Add missing winexe manpage.
o Volker Lendecke
* BUG 14465: idmap_ad does not deal properly
Release Announcements
-
This is the latest stable release of the Samba 4.11 release series.
Please note that there will be *security releases only* beyond this point.
Changes since 4.11.13
-
o Günther Deschner
* BUG 14166: lib/util: Do not install
Release Announcements
-
This is the latest stable release of the Samba 4.11 release series.
Changes since 4.11.11
-
o Jeremy Allison
* BUG 14403: s3: libsmb: Fix SMB2 client rename bug to a Windows server.
o Andrew Bartlett
* BUG 14424: dsdb:
Release Announcements
=
This is the third release condidate of Samba 4.13. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.13
Release Announcements
-
This is the first stable release of the Samba 4.13 release series.
Please read the release notes carefully before upgrading.
ZeroLogon
=
Please avoid to set "server schannel = no" and "server schannel= auto" on all
Samba domain controllers
Release Announcements
-
These are security releases in order to address the following defect:
o CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon").
The following applies to Samba used as domain controller only (most
seriously the Active Directory DC,
Release Announcements
-
This is an additional bugfix release of the Samba 4.10 release series to address
the following issues:
Changes since 4.10.15
-
o Jeremy Allison
* s3: lib: Paranoia around use of snprintf copying into a fixed-size buffer
The following applies to Samba used as domain controller only.
(Both as classic/NT4-style and active direcory DC.)
Samba users have reported that the exploit for "ZeroLogin" passes
against Samba.
Samba has some protection for this issue because since Samba 4.8 we have
set a default of
Release Announcements
-
This is the latest stable release of the Samba 4.12 release series.
Changes since 4.12.5
o Jeremy Allison
* BUG 14403: s3: libsmb: Fix SMB2 client rename bug to a Windows server.
o Andrew Bartlett
* BUG 14424: dsdb:
Release Announcements
-
This is the latest stable release of the Samba 4.12 release series.
Changes since 4.12.4
o Jeremy Allison
* BUG 14301: Fix smbd panic on force-close share during async io.
* BUG 14374: Fix segfault when using
Release Announcements
-
This is the latest stable release of the Samba 4.11 release series.
Changes since 4.11.9
o Jeremy Allison
* BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share
folder that contains incorrect symbols
Release Announcements
=
This is the first release condidate of Samba 4.13. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.13
Release Announcements
-
These are security release in order to address the following defects:
o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC
LDAP Server with ASQ, VLV and paged_results.
o CVE-2020-10745: Parsing and packing of
Release Announcements
=
This is the second release condidate of Samba 4.13. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.13
Release Announcements
-
This is an extraordinary release of the Samba 4.11 release series to fix a
regression introduced with Samba 4.11.16.
Changes since 4.11.16
-
o Jeremy Allison
* BUG 14486: s3: vfs_glusterfs: Fix the error in preventing talloc
Release Announcements
-
This is the latest stable release of the Samba 4.13 release series.
Changes since 4.13.2
o Jeremy Allison
* BUG 14210: libcli: smb2: Never print length if smb2_signing_key_valid()
fails for crypto blob.
* BUG 14486:
Release Announcements
-
This is the latest stable release of the Samba 4.13 release series.
Major enhancements include:
o BUG 14537: ctdb-common: Avoid aliasing errors during code optimization.
o BUG 14486: vfs_glusterfs: Avoid data corruption with the write-behind
Release Announcements
-
These are a security releases in order to address the following defects:
o CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify.
o CVE-2020-14323: Unprivileged user can crash winbind.
o CVE-2020-14383: An authenticated user can
Release Announcements
-
This is the latest stable release of the Samba 4.12 release series.
Major enhancements include:
o BUG 14537: ctdb-common: Avoid aliasing errors during code optimization.
o BUG 14486: vfs_glusterfs: Avoid data corruption with the write-behind
Release Announcements
-
This is an extraordinary release of the Samba 4.11 release series to address the
following issues:
o BUG 14537: ctdb-common: Avoid aliasing errors during code optimization.
o BUG 14486: vfs_glusterfs: Avoid data corruption with the write-behind
Release Announcements
=
This is the first release candidate of Samba 4.14. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
Samba 4.14
Release Announcements
-
This is the latest stable release of the Samba 4.12 release series.
Changes since 4.12.10
-
o Jeremy Allison
* BUG 14210: libcli: smb2: Never print length if smb2_signing_key_valid()
fails for crypto blob.
* BUG
1 - 100 of 118 matches
Mail list logo