SerNet-GnuTLS 3.6.14 has just been released. SAMBA+ 4.12.3 packages on various SUSE and Red Hat platforms depend on a recent version of GnuTLS, which is provided by the sernet-gnutls packages.
The sernet-gnutls package is part of the SAMBA+ repositories for the following distributions:
RHEL6 - Red Hat Enterprise Linux 6
CentOS 6
Oracle Linux 6
RHEL7 - Red Hat Enterprise Linux 7
CentOS 7
Oracle Linux 7
SLES11 - SUSE Linux Enterprise Server 11
SLES12 - SUSE Linux Enterprise Server 12
openSUSE Leap 42
The new sernet-gnutls packages address the GnuTLS security issue CVE-2020-13777:
SAMBA+ packages are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at https://shop.samba.plus. The subscriptions are managed at our platform OPOSSO (https://oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. The new SAMBA+ packages are included in existing subscriptions.
SAMBA+ packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at https://shop.samba.plus. The subscriptions are managed at our platform OPOSSO (https://oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. The new SAMBA+ packages are included in existing subscriptions.
SAMBA+ software packages from the 4.12 release series are now available for Ubuntu 20.04 LTS (Focal Fossa).
SAMBA+ packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at https://shop.samba.plus. The subscriptions are managed at our platform OPOSSO (https://oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. New SAMBA+ packages are included in existing subscriptions.
SAMBA+ 4.12.2, 4.11.8 and 4.10.15 packages have just been released by SerNet. These are important security releases, please update affected systems as soon as possible. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu.
The packages address the following issues:
CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ
A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server.
CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV.
SAMBA+ packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at https://shop.samba.plus. The subscriptions are managed at our platform OPOSSO (https://oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. The new SAMBA+ packages are included in existing subscriptions.
SAMBA+ 4.12.1 has just been released. Packages for various SUSE and Red Hat platforms as well as for Debian GNU/Linux and Ubuntu are available now.
This is the latest stable release of the Samba 4.12 release series. Please see the release notes for more details.
With the release of Samba 4.12 the Samba 4.9 release series has upstream been marked as discontinued.
SAMBA+ packages and all later versions are available as software subscription. They can be purchased at the SAMBA+ shop, detailed information and prices are listed at https://shop.samba.plus. The subscriptions are managed at our platform OPOSSO (https://oposso.samba.plus). Users can activate their subscriptions here and manage access credentials. The new SAMBA+ packages are included in existing subscriptions.
