<a href="https://wiki.samba.org/index.php/Samba_Release_Planning">
supported Samba versions</a>.</p>
+ <p>A list of public <a href="https://bugzilla.samba.org/buglist.cgi?f1=alias&o1=regexp&order=Last Changed&product=PIDL&product=Samba 2.2&product=Samba 3.0&product=Samba 3.2&product=Samba 3.3&product=Samba 3.4&product=Samba 3.5&product=Samba 3.6&product=Samba 4.0&product=Samba 4.1 and newer&query_format=advanced&v1=^CVE-.*">
+ Samba Security Bugs</a> is available. Some minor issues will
+ only be listed in <a href="https://bugzilla.samba.org">
+ The Samba Bugzilla</a> and not here, if they did not result
+ in a security release</p>
+
<table class="security_table">
<th colspan="6">Samba Security Releases</th>
<tr >
<td><em>Details</em></td>
</tr>
+ <tr>
+ <td>29 March 2023</td>
+ <td>
+ <a href="/samba/ftp/patches/security/samba-4.18.1-security-2023-03-29.patch">
+ patch for Samba 4.18.1</a><br/>
+ <a href="/samba/ftp/patches/security/samba-4.17.7-security-2023-03-29.patch">
+ patch for Samba 4.17.7</a><br/>
+ <a href="/samba/ftp/patches/security/samba-4.16.10-security-2023-03-29.patch">
+ patch for Samba 4.16.10</a><br/>
+ </td>
+ <td>
+ CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
+ Please see announcements for details.
+ </td>
+ <td>All versions of Samba since 4.0 prior to 4.16.10, 4.17.7, 4.18.1.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0225">CVE-2023-0225</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0922">CVE-2023-0922</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0614">CVE-2023-0614</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2023-0225.html">Announcement</a>,
+<a href="/samba/security/CVE-2023-0922.html">Announcement</a>,
+<a href="/samba/security/CVE-2023-0614.html">Announcement</a>.
+ </td>
+ </tr>
+
+ <tr>
+ <td>15 December 2022</td>
+ <td>
+ Please see bug reports in <a href="https://bugzilla.samba.org">the Samba Bugzilla</a>.
+ </td>
+ <td>CVE-2022-37966, CVE-2022-37967, CVE-2022-38023 and CVE-2022-45141.
+ Please see announcements for details.
+ </td>
+ <td>All versions of Samba prior to 4.15.13, 4.16.8, 4.17.4.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38023">CVE-2022-38023</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37966">CVE-2022-37966</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37967">CVE-2022-37967</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45141">CVE-2022-45141</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2022-38023.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-37966.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-37967.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-45141.html">Announcement</a>.
+ </td>
+ </tr>
+
+ <tr>
+ <td>15 November 2022</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.17.3-security-2022-11-15.patch">
+ patch for Samba 4.17.3</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.16.7-security-2022-11-15.patch">
+ patch for Samba 4.16.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.15.12-security-2022-11-15.patch">
+ patch for Samba 4.15.12</a><br />
+ </td>
+ <td>Samba's Kerberos libraries and AD DC failed to guard against integer
+ overflows when parsing a PAC on a 32-bit system, which allowed an attacker
+ with a forged PAC to corrupt the heap.
+ </td>
+ <td>All versions of Samba prior to 4.15.12, 4.16.7, 4.17.3.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898">CVE-2022-42898</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2022-42898.html">Announcement</a>.
+ </td>
+ </tr>
+
+
+ <tr>
+ <td>25 October 2022</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.17.2-security-2022-10-25.patch">
+ patch for Samba 4.17.2</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.16.6-security-2022-10-25.patch">
+ patch for Samba 4.16.6</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.15.11-security-2022-10-25.patch">
+ patch for Samba 4.15.11</a><br />
+ </td>
+ <td>CVE-2022-3437 and CVE-2022-3592.
+ Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437">CVE-2022-3437</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592">CVE-2022-3592</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2022-3437.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-3592.html">Announcement</a>.
+ </td>
+ </tr>
+
+ <td>27 July 2022</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.16.4-security-2022-07-27.patch">
+ patch for Samba 4.16.4</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.15.9-security-2022-07-27.patch">
+ patch for Samba 4.15.9</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.14.14-security-2022-07-27.patch">
+ patch for Samba 4.14.14</a><br />
+ </td>
+ <td>CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745 and CVE-2022-32746.
+ Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031">CVE-2022-2031</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742">CVE-2022-32742</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744">CVE-2022-32744</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745">CVE-2022-32745</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746">CVE-2022-32746</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2022-2031.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-32742.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-32744.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-32745.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-32746.html">Announcement</a>.
+ </td>
+ </tr>
+
+ <tr>
+ <td>31 January 2022</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.15.5-security-2022-01-31.patch">
+ patch for Samba 4.15.5</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.14.12-security-2022-01-31.patch">
+ patch for Samba 4.14.12</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.13.17-security-2022-01-31.patch">
+ patch for Samba 4.13.17</a><br />
+ </td>
+ <td>CVE-2021-44141, CVE-2021-44142 and CVE-2022-0336. Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44141">CVE-2021-44141</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44142">CVE-2021-44142</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0336">CVE-2022-0336</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2021-44141.html">Announcement</a>,
+<a href="/samba/security/CVE-2021-44142.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-0336.html">Announcement</a>.
+ </td>
+ </tr>
+
+ <tr>
+ <td>10 January 2022</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.13.16-security-2022-01-10.patch">
+ patch for Samba 4.13.16</a><br />
+ </td>
+ <td>Symlink race error can allow directory creation outside of the exported share.
+ </td>
+ <td>All versions of the Samba file server prior to 4.13.16</td>
+ <td>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43566">CVE-2021-43566</a>.
+ </td>
+ <td>
+ <a href="/samba/security/CVE-2021-43566.html">Announcement</a>.
+ </td>
+ </tr>
+
+ <tr>
+ <td>9 November 2021</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.15.1-security-2021-11-09.patch">
+ patch for Samba 4.15.1</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.14.9-security-2021-11-09.patch">
+ patch for Samba 4.14.9</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.13.13-security-2021-11-09.patch">
+ patch for Samba 4.13.13</a><br />
+ </td>
+ <td>CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719,
+CVE-2020-25721, CVE-2020-25722, CVE-2021-3738 and CVE-2021-23192. Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2124">CVE-2016-2124</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25717">CVE-2020-25717</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25718">CVE-2020-25718</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25719">CVE-2020-25719</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25721">CVE-2020-25721</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25722">CVE-2020-25722</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3738">CVE-2021-3738</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23192">CVE-2021-23192</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2016-2124.html">Announcement</a>,
+<a href="/samba/security/CVE-2020-25717.html">Announcement</a>,
+<a href="/samba/security/CVE-2020-25718.html">Announcement</a>,
+<a href="/samba/security/CVE-2020-25719.html">Announcement</a>,
+<a href="/samba/security/CVE-2020-25721.html">Announcement</a>,
+<a href="/samba/security/CVE-2020-25722.html">Announcement</a>,
+<a href="/samba/security/CVE-2021-3738.html">Announcement</a>,
+<a href="/samba/security/CVE-2021-23192.html">Announcement</a>.
+ </td>
+ </tr>
+ <tr>
+ <td>29 Apr 2021</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.12.14-security-2021-04-29.patch">
+ patch for Samba 4.14.3</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.13.7-security-2021-04-29.patch">
+ patch for Samba 4.13.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.12.14-security-2021-04-29.patch">
+ patch for Samba 4.12.14</a><br />
+ </td>
+ <td>Negative idmap cache entries can cause incorrect group entries in
+ the Samba file server process token.
+ </td>
+ <td>All versions since 3.6.0.</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20254">CVE-2021-20254</a>
+ </td>
+ <td><a href="/samba/security/CVE-2021-20254.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>24 Mar 2021</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.14.0-security-2021-03-24.patch">
+ patch for Samba 4.14.0</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.13.5-security-2021-03-24.patch">
+ patch for Samba 4.13.5</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.12.12-security-2021-03-24.patch">
+ patch for Samba 4.12.12</a><br />
+ </td>
+ <td>CVE-2020-27840 and CVE-2021-20277. Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27840">CVE-2020-27840</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20277">CVE-2021-20277</a>.
+ </td>
+ <td><a href="/samba/security/CVE-2020-27840.html">Announcement</a>,
+ <a href="/samba/security/CVE-2021-20277.html">Announcement</a>.
+ </td>
+ </tr>
+
<tr>
<td>29 Oct 2020</td>
<td><a href="/samba/ftp/patches/security/samba-4.13.0-security-2020-10-29.patch">
git.samba.org / samba-web.git / blobdiff