From: Jule Anger Date: Mon, 8 Nov 2021 11:03:27 +0000 (+0100) Subject: WHATSNEW: Add release notes for Samba 4.13.14. X-Git-Tag: samba-4.13.14~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c14ac876b6f6a98cf04a705a928d8d8866c962f;p=thirdparty%2Fsamba.git WHATSNEW: Add release notes for Samba 4.13.14. Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher Signed-off-by: Karolin Seeger --- diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 575ae48705f..40753b2b500 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,112 @@ + =============================== + Release Notes for Samba 4.13.14 + November 9, 2021 + =============================== + + +This is a security release in order to address the following defects: + +o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext + authentication. + https://www.samba.org/samba/security/CVE-2016-2124.html + +o CVE-2020-25717: A user on the domain can become root on domain members. + https://www.samba.org/samba/security/CVE-2020-25717.html + (PLEASE READ! There are important behaviour changes described) + +o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued + by an RODC. + https://www.samba.org/samba/security/CVE-2020-25718.html + +o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos + tickets. + https://www.samba.org/samba/security/CVE-2020-25719.html + +o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers + (eg objectSid). + https://www.samba.org/samba/security/CVE-2020-25721.html + +o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance + checking of data stored. + https://www.samba.org/samba/security/CVE-2020-25722.html + +o CVE-2021-3738: Use after free in Samba AD DC RPC server. + https://www.samba.org/samba/security/CVE-2021-3738.html + +o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability. + https://www.samba.org/samba/security/CVE-2021-23192.html + + +Changes since 4.13.13 +--------------------- + +o Douglas Bagnall + * CVE-2020-25722 + +o Andrew Bartlett + * CVE-2020-25718 + * CVE-2020-25719 + * CVE-2020-25721 + * CVE-2020-25722 + +o Ralph Boehme + * CVE-2020-25717 + +o Alexander Bokovoy + * CVE-2020-25717 + +o Samuel Cabrero + * CVE-2020-25717 + +o Nadezhda Ivanova + * CVE-2020-25722 + +o Stefan Metzmacher + * CVE-2016-2124 + * CVE-2020-25717 + * CVE-2020-25719 + * CVE-2020-25722 + * CVE-2021-23192 + * CVE-2021-3738 + * ldb: version 2.2.3 + +o Andreas Schneider + * CVE-2020-25719 + +o Joseph Sutton + * CVE-2020-17049 + * CVE-2020-25718 + * CVE-2020-25719 + * CVE-2020-25721 + * CVE-2020-25722 + * MS CVE-2020-17049 + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.libera.chat or the +#samba-technical:matrix.org matrix channel. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + =============================== Release Notes for Samba 4.13.13 October 29, 2021 @@ -94,8 +203,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- + =============================== Release Notes for Samba 4.13.12 September 22, 2021