SAMBA+ 4.13.1, 4.12.9 and 4.11.15 Security Releases

SAMBA+ 4.13.1, 4.12.9 and 4.11.15 packages have just been released by SerNet. These are important security releases, please update affected systems as soon as possible. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX.

The packages address the following issues:

  • CVE-2020-14383 An authenticated user can crash the DCE/RPC DNS with easily crafted records.
  • CVE-2020-14323 Unprivileged user can crash winbind.
  • CVE-2020-14318 Missing handle permissions check in SMB1/2/3 ChangeNotify.

SAMBA+ 4.13.1 is the first stable release if the 4.13 release series. Please read the 4.13.0 release notes also carefully before upgrading.

Samba 4.13 raises the minimum requirement for Python to Python 3.6. Due to this requirement SAMBA+ 4.13 is not available for Debian stretch (9) and Ubuntu xenial (16.04) for now.

SAMBA+ 4.10 has reached the end of its life and will not receive any further updates. Please update to a more recent version of SAMBA+.

SAMBA+ packages are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at https://shop.samba.plus. The subscriptions are managed at our platform OPOSSO (https://oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. The new SAMBA+ packages are included in existing subscriptions.

Newsletter

SerNet's Samba newsletter informs you about all important developments and events with its main focus on new packages.

+ subscribe to Newsletter

RSS Feed

Don't miss any more SAMBA+ news? Read the latest in your feed reader of choice.

+ subscribe to RSS feed

SAMBA+ Shop

Buy and manage software subscriptions. SAMBA+ subscriptions are available for one, two and three years at the SAMBA+ shop.

+ visit the shop

Deutsch English Français