SAMBA+ Security Releases for CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745 and CVE-2022-32746

New updated SAMBA+ 4.16.3-*, 4.15.8-* and 4.14.13-* packages have just been released (the exact version numbers are listed below). These are important security releases, please update affected systems as soon as possible. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX.

The packages address the following issues:

  • CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords.
  • CVE-2022-32744: Samba AD users can forge password change requests for any user.
  • CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request.
  • CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request.
  • CVE-2022-32742: Server memory information leak via SMB1.

The first versions with the fixes:

  • (SuSE, RedHat, ...):    4.16.3-18, 4.15.8-15 and 4.14.13-16
  • Debian/Ubuntu:       4.16.3-18, 4.15.8-16 and 4.14.13-16
  • AIX:                             4.16.3-2,  4.15.8-6  and 4.14.13-11

Packages with the official 4.16.4, 4.15.9 and 4.14.14 upstream releases will follow in the next days.

Newsletter

SerNet's Samba newsletter informs you about all important developments and events with its main focus on new packages.

+ subscribe to Newsletter

RSS Feed

Don't miss any more SAMBA+ news? Read the latest in your feed reader of choice.

+ subscribe to RSS feed

SAMBA+ Shop

Buy and manage software subscriptions. SAMBA+ subscriptions are available for one, two and three years at the SAMBA+ shop.

+ visit the shop

Deutsch English Français