From b643df361ed3943d5e30ebe48831715073231b58 Mon Sep 17 00:00:00 2001 From: Jule Anger Date: Mon, 8 Nov 2021 11:57:45 +0100 Subject: [PATCH] WHATSNEW: Add release notes for Samba 4.14.10. Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher Signed-off-by: Karolin Seeger --- WHATSNEW.txt | 113 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 111 insertions(+), 2 deletions(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index e41ee1dabb4..f81a31d49b0 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,112 @@ + =============================== + Release Notes for Samba 4.14.10 + November 9, 2021 + =============================== + + +This is a security release in order to address the following defects: + +o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext + authentication. + https://www.samba.org/samba/security/CVE-2016-2124.html + +o CVE-2020-25717: A user on the domain can become root on domain members. + https://www.samba.org/samba/security/CVE-2020-25717.html + (PLEASE READ! There are important behaviour changes described) + +o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued + by an RODC. + https://www.samba.org/samba/security/CVE-2020-25718.html + +o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos + tickets. + https://www.samba.org/samba/security/CVE-2020-25719.html + +o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers + (eg objectSid). + https://www.samba.org/samba/security/CVE-2020-25721.html + +o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance + checking of data stored. + https://www.samba.org/samba/security/CVE-2020-25722.html + +o CVE-2021-3738: Use after free in Samba AD DC RPC server. + https://www.samba.org/samba/security/CVE-2021-3738.html + +o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability. + https://www.samba.org/samba/security/CVE-2021-23192.html + + +Changes since 4.14.9 +-------------------- + +o Douglas Bagnall + * CVE-2020-25722 + +o Andrew Bartlett + * CVE-2020-25718 + * CVE-2020-25719 + * CVE-2020-25721 + * CVE-2020-25722 + +o Ralph Boehme + * CVE-2020-25717 + +o Alexander Bokovoy + * CVE-2020-25717 + +o Samuel Cabrero + * CVE-2020-25717 + +o Nadezhda Ivanova + * CVE-2020-25722 + +o Stefan Metzmacher + * CVE-2016-2124 + * CVE-2020-25717 + * CVE-2020-25719 + * CVE-2020-25722 + * CVE-2021-23192 + * CVE-2021-3738 + * ldb: version 2.3.2 + +o Andreas Schneider + * CVE-2020-25719 + +o Joseph Sutton + * CVE-2020-17049 + * CVE-2020-25718 + * CVE-2020-25719 + * CVE-2020-25721 + * CVE-2020-25722 + * MS CVE-2020-17049 + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.libera.chat or the +#samba-technical:matrix.org matrix channel. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + ============================== Release Notes for Samba 4.14.9 October 27, 2021 @@ -97,8 +206,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================== Release Notes for Samba 4.14.8 October 05, 2021