SAMBA+
SerNet

Blog

SAMBA+ 4.18.6 available

SAMBA+ 4.18.6 has just been released by the Samba team at SerNet. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are available now.

These packages address several issues, which are listed in the release notes: https://www.samba.org/samba/history/samba-4.18.6.html

The fixes for the following issues were already included in the previous SAMBA+ release:

  • Bug 15275 - smbd_scavenger crashes when service smbd is stopped
  • Bug 15416 - cldap_ping_list doesn't reset num_requests to 0 on retry 
Talks and meeting opportunities at SDC 2023
Storage Developer Conference

SerNet Inc. will be participating as a Silver Sponsor at this year's Storage Developer Conference (SDC). The conference is hosted by the Storage Networking Industry Association (SNIA) in Fremont, CA on September 18-21.

Our Samba team will be presenting on September 20: 

Topic: Reparse Points Current Status
Speaker: Volker Lendecke, Developer at SerNet/Samba Team
8:30am - 9:20am (PST)

Topic: Samba io_uring Status Update
Speaker: Stefan Metzmacher, Developer at SerNet/Samba-Team
9:30am - 10:20am (PST)

Topic: net use //samba/cloud: Scaling Samba
Speaker: Ralph Böhme, Samba Team Lead at SerNet/Samba Team
10:35am - 11:25am (PST)

In addition to these sessions, we invite all attendees to meet our team, discuss our recent endeavors, and explore potential collaborations. To ensure in-depth discussions and address specific inquiries, we are offering scheduled appointments. Those interested can contact us in advance to secure a meeting slot. Please use the contact form or mail us at sales@remove-this.sernet.com – we look forward to a constructive dialogue and a successful conference.

SAMBA+ security updates for all versions available

SAMBA+ 4.18.5, 4.17.10 and 4.16.11 have just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX are available now. Please note: This are Security Updates, packages should be deployed as soon as possible.

These packages address several security related issues:

  • CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it.
  • CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request.
  • CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. 
  • CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server- side absolute path of shares and files and directories in search results.
Update for SAMBA+ 4.18.4, 4.16.10 and 4.17.9 available

An update for SAMBA+ 4.18.4, 4.16.10 and 4.17.9 has been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.

These packages address the following issue:

  • Bug 15418 - secure channel faulty since Windows 10/11 update 07/2023
    The recently released Windows Update KB5028185/KB5028166 (July 11, 2023) breaks the client authentication against Samba AD DCs. 
Windows update breaks client authentication against Samba AD DCs

The recently released Windows Update KB5028185/KB5028166 (July 11, 2023) breaks the client authentication against Samba AD DCs. Other implications are possible but require further investigation. The Samba Team and SerNet are already working on a solution. We will provide SAMBA+ updates as soon we have a fix.

Update: A fix for Samba 4.18.4 is already implemented and an update available.

Contact us
Contact
Deutsch English Français