diff options
| -rw-r--r-- | VERSION | 2 | ||||
| -rw-r--r-- | WHATSNEW.txt | 87 |
2 files changed, 86 insertions, 3 deletions
@@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=17 -SAMBA_VERSION_RELEASE=11 +SAMBA_VERSION_RELEASE=12 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 0b12f34e798..66ef45dd1b2 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,88 @@ =============================== + Release Notes for Samba 4.17.12 + October 10, 2023 + =============================== + + +This is a security release in order to address the following defects: + + +o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to + existing unix domain sockets on the file system. + https://www.samba.org/samba/security/CVE-2023-3961.html + +o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with + OVERWRITE disposition when using the acl_xattr Samba VFS + module with the smb.conf setting + "acl_xattr:ignore system acls = yes" + https://www.samba.org/samba/security/CVE-2023-4091.html + +o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all + attributes, including secrets and passwords. Additionally, + the access check fails open on error conditions. + https://www.samba.org/samba/security/CVE-2023-4154.html + +o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the + server block for a user-defined amount of time, denying + service. + https://www.samba.org/samba/security/CVE-2023-42669.html + +o CVE-2023-42670: Samba can be made to start multiple incompatible RPC + listeners, disrupting service on the AD DC. + https://www.samba.org/samba/security/CVE-2023-42670.html + + +Changes since 4.17.11 +--------------------- + +o Jeremy Allison <jra@samba.org> + * BUG 15422: CVE-2023-3961. + +o Andrew Bartlett <abartlet@samba.org> + * BUG 15424: CVE-2023-4154. + * BUG 15473: CVE-2023-42670. + * BUG 15474: CVE-2023-42669. + +o Ralph Boehme <slow@samba.org> + * BUG 15439: CVE-2023-4091. + +o Christian Merten <christian@merten.dev> + * BUG 15424: CVE-2023-4154. + +o Stefan Metzmacher <metze@samba.org> + * BUG 15424: CVE-2023-4154. + +o Andreas Schneider <asn@samba.org> + * BUG 15424: CVE-2023-4154. + +o Joseph Sutton <josephsutton@catalyst.net.nz> + * BUG 15424: CVE-2023-4154. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + =============================== Release Notes for Samba 4.17.11 September 07, 2023 =============================== @@ -85,8 +169,7 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- =============================== Release Notes for Samba 4.17.10 July 19, 2023 |