Merge tag 'samba-4.17.12' into v4-17-stablev4-17-stable

samba: tag release samba-4.17.12
author: Jule Anger <janger@samba.org> 2023-10-10 16:54:15 +0200
committer: Jule Anger <janger@samba.org> 2023-10-10 16:54:15 +0200
commit: 1006203e495dfb7ca2969f113aeffda3ea660d92 (patch)
tree: 6d38d3d8df4a407352549598214d4c8872539bcc
parent: 0e746c02f6cc3b53b941f2b2d9624427020a6890 (diff)
parent: 7ec207cd4146919e4ee88e5522647c169baf6922 (diff)
download: samba-v4-17-stable.tar.gz
samba-v4-17-stable.tar.bz2
samba-v4-17-stable.zip
2 files changed, 86 insertions, 3 deletions
diff --git a/VERSION b/VERSION
index 095b267f389..367b3aa9255 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=17
-SAMBA_VERSION_RELEASE=11
+SAMBA_VERSION_RELEASE=12
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 0b12f34e798..66ef45dd1b2 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,88 @@
                    ===============================
+                   Release Notes for Samba 4.17.12
+                          October 10, 2023
+                   ===============================
+
+
+This is a security release in order to address the following defects:
+
+
+o CVE-2023-3961:  Unsanitized pipe names allow SMB clients to connect as root to
+                  existing unix domain sockets on the file system.
+                  https://www.samba.org/samba/security/CVE-2023-3961.html
+
+o CVE-2023-4091:  SMB client can truncate files to 0 bytes by opening files with
+                  OVERWRITE disposition when using the acl_xattr Samba VFS
+                  module with the smb.conf setting
+                  "acl_xattr:ignore system acls = yes"
+                  https://www.samba.org/samba/security/CVE-2023-4091.html
+
+o CVE-2023-4154:  An RODC and a user with the GET_CHANGES right can view all
+                  attributes, including secrets and passwords.  Additionally,
+                  the access check fails open on error conditions.
+                  https://www.samba.org/samba/security/CVE-2023-4154.html
+
+o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
+                  server block for a user-defined amount of time, denying
+                  service.
+                  https://www.samba.org/samba/security/CVE-2023-42669.html
+
+o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
+                  listeners, disrupting service on the AD DC.
+                  https://www.samba.org/samba/security/CVE-2023-42670.html
+
+
+Changes since 4.17.11
+---------------------
+
+o  Jeremy Allison <jra@samba.org>
+   * BUG 15422: CVE-2023-3961.
+
+o  Andrew Bartlett <abartlet@samba.org>
+   * BUG 15424: CVE-2023-4154.
+   * BUG 15473: CVE-2023-42670.
+   * BUG 15474: CVE-2023-42669.
+
+o  Ralph Boehme <slow@samba.org>
+   * BUG 15439: CVE-2023-4091.
+
+o  Christian Merten <christian@merten.dev>
+   * BUG 15424: CVE-2023-4154.
+
+o  Stefan Metzmacher <metze@samba.org>
+   * BUG 15424: CVE-2023-4154.
+
+o  Andreas Schneider <asn@samba.org>
+   * BUG 15424: CVE-2023-4154.
+
+o  Joseph Sutton <josephsutton@catalyst.net.nz>
+   * BUG 15424: CVE-2023-4154.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+                   ===============================
                    Release Notes for Samba 4.17.11
                          September 07, 2023
                    ===============================
@@ -85,8 +169,7 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
                    ===============================
                    Release Notes for Samba 4.17.10
                             July 19, 2023
author	Jule Anger <janger@samba.org>	2023-10-10 16:54:15 +0200
committer	Jule Anger <janger@samba.org>	2023-10-10 16:54:15 +0200
commit	1006203e495dfb7ca2969f113aeffda3ea660d92 (patch)
tree	6d38d3d8df4a407352549598214d4c8872539bcc
parent	0e746c02f6cc3b53b941f2b2d9624427020a6890 (diff)
parent	7ec207cd4146919e4ee88e5522647c169baf6922 (diff)
download	samba-v4-17-stable.tar.gz samba-v4-17-stable.tar.bz2 samba-v4-17-stable.zip