Samba 4.14.14 (gzipped)
Signature
Patch (gzipped) against Samba 4.14.13
Signature
=============================== Release Notes for Samba 4.14.14 July 27, 2022 =============================== This is a security release in order to address the following defects: o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords. https://www.samba.org/samba/security/CVE-2022-2031.html o CVE-2022-32744: Samba AD users can forge password change requests for any user. https://www.samba.org/samba/security/CVE-2022-32744.html o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32745.html o CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32746.html o CVE-2022-32742: Server memory information leak via SMB1. https://www.samba.org/samba/security/CVE-2022-32742.html Changes since 4.14.13 --------------------- o Jeremy Allison <jra@samba.org> * BUG 15085: CVE-2022-32742. o Andrew Bartlett <abartlet@samba.org> * BUG 15009: CVE-2022-32746. o Andreas Schneider <asn@samba.org> * BUG 15047: CVE-2022-2031. o Isaac Boukris <iboukris@gmail.com> * BUG 15047: CVE-2022-2031. o Joseph Sutton <josephsutton@catalyst.net.nz> * BUG 15008: CVE-2022-32745. * BUG 15009: CVE-2022-32746. * BUG 15047: CVE-2022-2031. * BUG 15074: CVE-2022-32744.