SAMBA+ 4.19.1, 4.18.8 and 4.17.12 released

SAMBA+ 4.19.1, 4.18.8 and 4.17.12 have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are available now. Please note: This are Security Updates, packages should be deployed as soon as possible. These packages address several security related issues.

  • CVE-2023-3961 Unsanitized client pipe name passed to local_np_connect()
  • CVE-2023-4154 dirsync allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES"
  • CVE-2023-4091 Client can truncate file with read-only permissions
  • CVE-2023-42670 The procedure number is out of range when starting Active Directory Users and Computers
  • CVE-2023-42669 rpcecho, enabled and running in AD DC, allows blocking sleep on request

Additionally the 4.19.1 release includes fixes for:

  • Bug 15491: Heap buffer overflow with freshness tokens in the Heimdal KDC

Newsletter

SerNet's Samba newsletter informs you about all important developments and events with its main focus on new packages.

+ subscribe to Newsletter

RSS Feed

Don't miss any more SAMBA+ news? Read the latest in your feed reader of choice.

+ subscribe to RSS feed

SAMBA+ Shop

Buy software subscriptions and support budgets. SAMBA+ subscriptions are available for 1, 2 and 3 years at the SAMBA+ shop.

+ visit the US Shop ($)

+ visit the World Shop (€)

Contact us
Contact

We are here for you!

Our sales team is happy to help you with any questions about all Samba products and services from SerNet - personally and individually tailored to your needs.

You can call us directly at +1 (415) 248-7818
or outside the US at +49 551 370000-0.
Mail us at sales@remove-this.sernet.com.

Contact us!

linke Spalte
rechte Splate
captcha
* Mandatory Fields
Deutsch English Français