SAMBA+ 4.8.4, 4.7.9 and 4.6.16 packages have just been released. These are important security releases, please update affected systems as soon as possible. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu.
The packages address the following issues:
- CVE-2018-1139 (Weak authentication protocol allowed.)
- CVE-2018-10858 (Insufficient input validation on client directory listing in libsmbclient.)
- CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
- CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP server.)
Samba 4.8.4 addresses all CVEs listed above, Samba 4.7.9 all except CVE 2018-1140 and 4.6.16 only CVE-2018-10858 and CVE-2018-10919.
For more information about the security issues, please visit:
These packages are included in a SAMBA+ subscription which can be purchased at the SAMBA+ Shop, detailed information and prices are listed there. The subscriptions are managed at our platform OPOSSO. Users can activate their subscriptions here and manage access credentials.