SAMBA+ 4.19.1, 4.18.8 and 4.17.12 have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are available now. Please note: This are Security Updates, packages should be deployed as soon as possible. These packages address several security related issues.
- CVE-2023-3961 Unsanitized client pipe name passed to local_np_connect()
- CVE-2023-4154 dirsync allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES"
- CVE-2023-4091 Client can truncate file with read-only permissions
- CVE-2023-42670 The procedure number is out of range when starting Active Directory Users and Computers
- CVE-2023-42669 rpcecho, enabled and running in AD DC, allows blocking sleep on request
Additionally the 4.19.1 release includes fixes for:
- Bug 15491: Heap buffer overflow with freshness tokens in the Heimdal KDC