From: Jule Anger Date: Tue, 3 Jun 2025 06:44:16 +0000 (+0200) Subject: WHATSNEW: Add release notes for Samba 4.21.6. X-Git-Tag: samba-4.21.6~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b10e124e28057736320a41dbff2bba84e7ff1a4d;p=thirdparty%2Fsamba.git WHATSNEW: Add release notes for Samba 4.21.6. Signed-off-by: Jule Anger --- diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 873b4ec20df..b8967d54c82 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,99 @@ + ============================== + Release Notes for Samba 4.21.6 + June 03, 2025 + ============================== + + +This is the latest stable release of the Samba 4.21 release series. +It contains the security-relevant bugfix CVE-2025-0620: + + smbd doesn't pick up group membership changes + when re-authenticating an expired SMB session: + https://www.samba.org/samba/security/CVE-2025-0620.html + + +Description of CVE-2025-0620 +----------------------------- + + With Kerberos authentication SMB sessions typically have an + associated lifetime, requiring re-authentication by the + client when the session expires. As part of the + re-authentication, Samba receives the current group + membership information and is expected to reflect this + change in further SMB request processing. + + For historic reasons, Samba maintains a cache of + associations between a user's impersonation information and + connected shares. A recent change in this cache caused Samba + to not reflect group membership changes from session + re-authentication when processing further SMB requests. + + As a result, when an administrator removes a user from a + particular group in Active Directory, this change will not + become effective unless the user disconnects from the server + and establishes a new connection. + + +Changes since 4.21.5 +-------------------- + +o Douglas Bagnall + * BUG 15774: Running "gpo manage motd set" twice fails with backtrace. + * BUG 15829: samba-tool gpo backup creates entity backups it can't read. + * BUG 15839: gp_cert_auto_enroll_ext.py has problem unpacking GUIDs with + prepended 0's. + +o Ralph Boehme + * BUG 15707: CVE-2025-0620 [SECURITY] smbd doesn't pick up group membership + changes when re-authenticating an expired SMB session. + * BUG 15767: Deadlock between two smbd processes. + +o Pavel Filipenský + * BUG 15727: net ad join fails with "Failed to join domain: failed to create + kerberos keytab". + +o Andreas Hasenack + * BUG 15774: Running "gpo manage motd set" twice fails with backtrace. + +o Volker Lendecke + * BUG 15841: Wide link issue in samba 4.22. + +o Stefan Metzmacher + * BUG 15767: Deadlock between two smbd processes. + * BUG 15851: dcerpcd not able to bind to listening port. + +o Anoop C S + * BUG 15819: vfs_ceph_snapshots fails to list snapshots for entries at any + level beyond share root. + +o Martin Schwenke + * BUG 15858: CTDB does not put nodes running NFS into grace on graceful + shutdown. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- ============================== Release Notes for Samba 4.21.5 March 31, 2025 @@ -74,8 +170,7 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- ============================== Release Notes for Samba 4.21.4 February 17, 2025