Blog

SAMBA+ 4.12.5 has just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

These packages address a lot of issues, which are listed in the Samba 4.12.5 release notes.

Additionally fixes for the following issues are included:

  • Bug 14426: log level for debug classes is ignored

  • Bug 14427: vfs_ChDir() may not set conn->cwd_fsp->fh->fd = AT_FDCWD

  • Bug 14428: PANIC: assert failed in get_lease_type()

SAMBA+ packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at https://shop.samba.plus. The subscriptions are managed at our platform OPOSSO (https://oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. The new SAMBA+ packages are included in existing subscriptions.


SAMBA+ 4.12.4, 4.11.11 and 4.10.17 packages have just been released by SerNet. These are important security releases, please update affected systems as soon as possible. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu.

The packages address the following issues:

  • CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results.

    A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer de-reference and further combinations with the LDAP paged_results feature can give a use-after-free in Samba's AD DC LDAP server.

  • CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU.

    Compression of replies to NetBIOS over TCP/IP name resolution and DNS packets (which can be supplied as UDP requests) can be abused to consume excessive amounts of CPU on the Samba AD DC (only).

  • CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV.

    The use of the paged_results or VLV controls against the Global Catalog LDAP server on the AD DC will cause a use-after-free.

  • CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.

    The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process further requests once it receives an empty (zero-length) UDP packet to port 137.

SAMBA+ 4.12.5 packages will be available soon.

SAMBA+ packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at https://shop.samba.plus. The subscriptions are managed at our platform OPOSSO (https://oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. The new SAMBA+ packages are included in existing subscriptions.


For the first time the Samba eXPerience 2020 took place completely online. Recordings of the talks are now available as videos on sambaxp.org - including Stefan Kania's workshop on CTDB / GlusterFS.

The 19th edition of the international conference around the open source software Samba took place from 26th - 28th May 2020 for the first time exclusively digitally. Due to the changed event format and the use of an online conference platform, organizer SerNet can offer all talks as videos for the first time. 

The sambaXP 2020 was sponsored by Google and Microsoft.


The year 2020 presented new challenges for the Samba eXPerience: For the first time, the 19th international conference on the open source software Samba took place exclusively in digital form from 26th to 28th May 2020. The annual meeting of the international Samba team, which is usually held in Göttingen, was also highly successful as an online event. The sambaXP 2020 was again sponsored by Google and Microsoft.

Thanks to the virtual format, the sambaXP was even able to grow: 150 developers, users, manufacturers and system houses from the samba ecosystem from a total of 23 countries took part in 2020. One of the planning challenges was therefore to set the times of the conference in a sensible way. The setting of a daily frame from 3 p.m. to 9 p.m. CEST made it possible for both speakers and participants alike to follow attentively. A positive side effect also resulted from the use of an online conference system: organizer SerNet will publish videos of the talks for the first time. These are still going through a release process (GDPR) and will go online shortly. The presentation slides are already available.

Feedback on the sambaXP Online Edition has been throughout positive, both on the part of the event organizer and the participants. Only the personal, networking character of the conference was missed. For the future SerNet is therefore working on a format that combines the advantageous online components with the benefits of a meeting on site. 


SerNet-GnuTLS 3.6.14 has just been released. SAMBA+ 4.12.3 packages on various SUSE and Red Hat platforms depend on a recent version of GnuTLS, which is provided by the sernet-gnutls packages.

The sernet-gnutls package is part of the SAMBA+ repositories for the following distributions:

  • RHEL6 - Red Hat Enterprise Linux 6
  • CentOS 6
  • Oracle Linux 6
  • RHEL7 - Red Hat Enterprise Linux 7
  • CentOS 7
  • Oracle Linux 7
  • SLES11 - SUSE Linux Enterprise Server 11
  • SLES12 - SUSE Linux Enterprise Server 12
  • openSUSE Leap 42

The new sernet-gnutls packages address the GnuTLS security issue CVE-2020-13777:

and include an additional patch to solve a memory (RAM) consuming bug:

The new SAMBA+ 4.12.3 for AIX 7 does also include the recently patched GnuTLS version.

SAMBA+ packages are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at https://shop.samba.plus. The subscriptions are managed at our platform OPOSSO (https://oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. The new SAMBA+ packages are included in existing subscriptions.


Contact us
Contact
Deutsch English Français