SAMBA+
SerNet

Blog

SAMBA+ security updates for all versions available

SAMBA+ 4.18.5, 4.17.10 and 4.16.11 have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are available now. Please note: This are Security Updates, packages should be deployed as soon as possible.

These packages address several security related issues:

  • CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it.
  • CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request.
  • CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. 
  • CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server- side absolute path of shares and files and directories in search results.
Update for SAMBA+ 4.18.4, 4.16.10 and 4.17.9 available

An update for SAMBA+ 4.18.4, 4.16.10 and 4.17.9 has been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

These packages address the following issue:

  • Bug 15418 - secure channel faulty since Windows 10/11 update 07/2023
    The recently released Windows Update KB5028185/KB5028166 (July 11, 2023) breaks the client authentication against Samba AD DCs. 
Windows update breaks client authentication against Samba AD DCs

The recently released Windows Update KB5028185/KB5028166 (July 11, 2023) breaks the client authentication against Samba AD DCs. Other implications are possible but require further investigation. The Samba Team and SerNet are already working on a solution. We will provide SAMBA+ updates as soon we have a fix.

Update: A fix for Samba 4.18.4 is already implemented and an update available.

sambaXP 2023: Slides and Recordings available
Samba Team at sambaXP 2023

Although many things in the world have changed in the last few years, chairman of sambaXP Jeremy Allison stated in his welcome note that „Open Source survives“. After two years of remote events it was great to meet everyone live at sambaXP 2023 at the Hotel FREIZEIT IN in Goettingen, Germany. From May 10-11 people from all over the world passionate about Samba exchanged the latest developments and talked about all things related to Samba.

A big thank you goes out to this year’s sponsors Google, Microsoft and SerNet.

The slides and recordings of the presentations are linked in the agenda at sambaxp.org. Recordings can also be found in the sambaXP 2023 YouTube playlist.

Among others, these interesting presentations can be re-watched:

The following presentations within the IO Track of the Microsoft team can also be re-watched:

Save the Date

Next year’s sambaXP will be held from April 16-18, 2024 as a remote event. On the first day there will be a webinar by Stefan Kania. Stay updated at https://sambaxp.org.

SAMBA+ 4.18.4 available

SAMBA+ 4.18.4 has just been released by SerNet. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are
available now.

These packages address several issues, which are listed in the release notes for Samba 4.18.4.

Additionally this release includes fixes for:

  •   Bug 15275 - smbd_scavenger crashes when service smbd is stopped
  •   Bug 15416 - cldap_ping_list doesn't reset num_requests to 0 on retry


The fix for the following issue was already included in the previous SAMBA+ release:

  • Bug 15381 - Register Samba processes with GPFS  
Contact us
Contact
Deutsch English Français