Samba 4.18.1 (gzipped)
Signature
Patch (gzipped) against Samba 4.18.0
Signature
============================== Release Notes for Samba 4.18.1 March 29, 2023 ============================== This is a security release in order to address the following defects: o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. https://www.samba.org/samba/security/CVE-2023-0225.html o CVE-2023-0922: The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. https://www.samba.org/samba/security/CVE-2023-0922.html o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing. https://www.samba.org/samba/security/CVE-2023-0614.html Changes since 4.18.0 -------------------- o Douglas Bagnall <douglas.bagnall@catalyst.net.nz> * BUG 15276: CVE-2023-0225. o Andrew Bartlett <abartlet@samba.org> * BUG 15270: CVE-2023-0614. * BUG 15331: ldb wildcard matching makes excessive allocations. * BUG 15332: large_ldap test is inefficient. o Rob van der Linde <rob@catalyst.net.nz> * BUG 15315: CVE-2023-0922. o Joseph Sutton <josephsutton@catalyst.net.nz> * BUG 15270: CVE-2023-0614. * BUG 15276: CVE-2023-0225.