Blog

SAMBA+ 4.17.3, 4.16.7 and 4.15.12 have just been released by SerNet. These are important security releases, please update affected systems as soon
as possible. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX.

The packages address the following issues:

• CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit systems
  Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap.
   
• Fix a regression introduced by the CVE-2022-42898 fix affecting 32-bit systems leading to a failure to validate PACs.
  DEB: 4.15.12-16, 4.16.7-22, 4.17.3-20
  RPM: 4.15.12-16, 4.16.7-21, 4.17.3-19

From 10 - 11 May 2023 the 22nd sambaXP will take place. This time finally back on site at the Hotel Freizeit In in Göttingen, Germany! As every year, the SAMBA team will gather here with its developers, users and providers. The focus will be on the OpenSource Software SAMBA with its current innovations, developments and much more. The organizer SerNet is looking forward to a good exchange!

Call for Paper
The Call for Paper has started. We are looking forward to receiving papers on various topics in SAMBA and the challenges in data management. The program committee, consisting of Jeremy Allison (Google), Stefan Kania (Author), Ralph Boehme (SerNet), will review the papers and provide feedback. Submit your presentation proposal right now at https://www.sambaXP.org!

Workshops on May 9, 2023
Several workshops will again be offered the day before the conference. Topics will be announced shortly.

Tickets will go on sale later this month. For more information, visit https://www.sambaXP.org.

Videos sambaXP 2022
Want to see what talks there were this year? On YouTube you will find a playlist with the presentations of sambaXP 2022.

SAMBA+ 4.17.2, 4.16.6 and 4.15.11 have just been released. These are important security releases, please update affected systems as soon as possible. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX.

The 4.17.2 packages address the following issues:

• CVE-2022-3437: Buffer overflow in Heimdal unwrap_des3():
  There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba).
• CVE-2022-3592: Wide links protection broken:
  A malicious client can use a symlink to escape the exported directory.

Samba 4.16 and 4.15 are not affected by CVE-2022-3592, the packages address CVE-2022-3437.

The 4.15.11 packages additionally address the following issues:

• Bug 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue
• Bug 15202: writev epoll_wait cpu-spinning in the LDAP server

SAMBA+ 4.15.10 has just been released by SerNet. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are available now.

These packages address several issues, the changes since Samba 4.15.9 are listed in the release notes here:  https://www.samba.org/samba/history/samba-4.15.10.html

SAMBA+ 4.17.0 has just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now. SAMBA+ 4.17 for AIX will follow soon.

This is the first stable SAMBA+ release of the new Samba 4.17 release series. Please make sure to test thoroughly before upgrading and read the release notes carefully! The release notes, which contain information about changes and new features of the new major release, are available here:

https://www.samba.org/samba/history/samba-4.17.0.html

With the new 4.17 release Samba 4.16 has been turned into the "maintenance mode" and Samba 4.15 into the "security fixes only mode". Samba 4.14 will not receive any updates beyond this point. The SAMBA+ 4.14 repositories will be disabled soon. Please update to a more recent version of SAMBA+.

Details on upgrading can be found in the SAMBA+ HowTo collection:

https://samba.plus/samba-howto/