the appropriate security concern. For complete information, follow the
link to full release notes for each release.</p>
+ <p>Samba's <a href="https://wiki.samba.org/index.php/Samba_Security_Process">
+ coordinated security release and disclosure process</a> is followed
+ and new versions of Samba are released for
+ <a href="https://wiki.samba.org/index.php/Samba_Release_Planning">
+ supported Samba versions</a>.</p>
- <table class="real">
+ <p>A list of public <a href="https://bugzilla.samba.org/buglist.cgi?f1=alias&o1=regexp&order=Last Changed&product=PIDL&product=Samba 2.2&product=Samba 3.0&product=Samba 3.2&product=Samba 3.3&product=Samba 3.4&product=Samba 3.5&product=Samba 3.6&product=Samba 4.0&product=Samba 4.1 and newer&query_format=advanced&v1=^CVE-.*">
+ Samba Security Bugs</a> is available. Some minor issues will
+ only be listed in <a href="https://bugzilla.samba.org">
+ The Samba Bugzilla</a> and not here, if they did not result
+ in a security release</p>
+
+ <table class="security_table">
<th colspan="6">Samba Security Releases</th>
<tr >
<td><em>Date Issued</em></td>
<td><em>Details</em></td>
</tr>
+ <tr>
+ <td>29 March 2023</td>
+ <td>
+ <a href="/samba/ftp/patches/security/samba-4.18.1-security-2023-03-29.patch">
+ patch for Samba 4.18.1</a><br/>
+ <a href="/samba/ftp/patches/security/samba-4.17.7-security-2023-03-29.patch">
+ patch for Samba 4.17.7</a><br/>
+ <a href="/samba/ftp/patches/security/samba-4.16.10-security-2023-03-29.patch">
+ patch for Samba 4.16.10</a><br/>
+ </td>
+ <td>
+ CVE-2023-0225, CVE-2023-0922 and CVE-2023-0614.
+ Please see announcements for details.
+ </td>
+ <td>All versions of Samba since 4.0 prior to 4.16.10, 4.17.7, 4.18.1.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0225">CVE-2023-0225</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0922">CVE-2023-0922</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0614">CVE-2023-0614</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2023-0225.html">Announcement</a>,
+<a href="/samba/security/CVE-2023-0922.html">Announcement</a>,
+<a href="/samba/security/CVE-2023-0614.html">Announcement</a>.
+ </td>
+ </tr>
+
+ <tr>
+ <td>15 December 2022</td>
+ <td>
+ Please see bug reports in <a href="https://bugzilla.samba.org">the Samba Bugzilla</a>.
+ </td>
+ <td>CVE-2022-37966, CVE-2022-37967, CVE-2022-38023 and CVE-2022-45141.
+ Please see announcements for details.
+ </td>
+ <td>All versions of Samba prior to 4.15.13, 4.16.8, 4.17.4.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38023">CVE-2022-38023</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37966">CVE-2022-37966</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37967">CVE-2022-37967</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45141">CVE-2022-45141</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2022-38023.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-37966.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-37967.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-45141.html">Announcement</a>.
+ </td>
+ </tr>
+
+ <tr>
+ <td>15 November 2022</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.17.3-security-2022-11-15.patch">
+ patch for Samba 4.17.3</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.16.7-security-2022-11-15.patch">
+ patch for Samba 4.16.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.15.12-security-2022-11-15.patch">
+ patch for Samba 4.15.12</a><br />
+ </td>
+ <td>Samba's Kerberos libraries and AD DC failed to guard against integer
+ overflows when parsing a PAC on a 32-bit system, which allowed an attacker
+ with a forged PAC to corrupt the heap.
+ </td>
+ <td>All versions of Samba prior to 4.15.12, 4.16.7, 4.17.3.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898">CVE-2022-42898</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2022-42898.html">Announcement</a>.
+ </td>
+ </tr>
+
+
+ <tr>
+ <td>25 October 2022</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.17.2-security-2022-10-25.patch">
+ patch for Samba 4.17.2</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.16.6-security-2022-10-25.patch">
+ patch for Samba 4.16.6</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.15.11-security-2022-10-25.patch">
+ patch for Samba 4.15.11</a><br />
+ </td>
+ <td>CVE-2022-3437 and CVE-2022-3592.
+ Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437">CVE-2022-3437</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592">CVE-2022-3592</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2022-3437.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-3592.html">Announcement</a>.
+ </td>
+ </tr>
+
+ <td>27 July 2022</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.16.4-security-2022-07-27.patch">
+ patch for Samba 4.16.4</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.15.9-security-2022-07-27.patch">
+ patch for Samba 4.15.9</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.14.14-security-2022-07-27.patch">
+ patch for Samba 4.14.14</a><br />
+ </td>
+ <td>CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745 and CVE-2022-32746.
+ Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031">CVE-2022-2031</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742">CVE-2022-32742</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744">CVE-2022-32744</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745">CVE-2022-32745</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746">CVE-2022-32746</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2022-2031.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-32742.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-32744.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-32745.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-32746.html">Announcement</a>.
+ </td>
+ </tr>
+
+ <tr>
+ <td>31 January 2022</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.15.5-security-2022-01-31.patch">
+ patch for Samba 4.15.5</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.14.12-security-2022-01-31.patch">
+ patch for Samba 4.14.12</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.13.17-security-2022-01-31.patch">
+ patch for Samba 4.13.17</a><br />
+ </td>
+ <td>CVE-2021-44141, CVE-2021-44142 and CVE-2022-0336. Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44141">CVE-2021-44141</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44142">CVE-2021-44142</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0336">CVE-2022-0336</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2021-44141.html">Announcement</a>,
+<a href="/samba/security/CVE-2021-44142.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-0336.html">Announcement</a>.
+ </td>
+ </tr>
+
+ <tr>
+ <td>10 January 2022</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.13.16-security-2022-01-10.patch">
+ patch for Samba 4.13.16</a><br />
+ </td>
+ <td>Symlink race error can allow directory creation outside of the exported share.
+ </td>
+ <td>All versions of the Samba file server prior to 4.13.16</td>
+ <td>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43566">CVE-2021-43566</a>.
+ </td>
+ <td>
+ <a href="/samba/security/CVE-2021-43566.html">Announcement</a>.
+ </td>
+ </tr>
+
+ <tr>
+ <td>9 November 2021</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.15.1-security-2021-11-09.patch">
+ patch for Samba 4.15.1</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.14.9-security-2021-11-09.patch">
+ patch for Samba 4.14.9</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.13.13-security-2021-11-09.patch">
+ patch for Samba 4.13.13</a><br />
+ </td>
+ <td>CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719,
+CVE-2020-25721, CVE-2020-25722, CVE-2021-3738 and CVE-2021-23192. Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2124">CVE-2016-2124</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25717">CVE-2020-25717</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25718">CVE-2020-25718</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25719">CVE-2020-25719</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25721">CVE-2020-25721</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25722">CVE-2020-25722</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3738">CVE-2021-3738</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23192">CVE-2021-23192</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2016-2124.html">Announcement</a>,
+<a href="/samba/security/CVE-2020-25717.html">Announcement</a>,
+<a href="/samba/security/CVE-2020-25718.html">Announcement</a>,
+<a href="/samba/security/CVE-2020-25719.html">Announcement</a>,
+<a href="/samba/security/CVE-2020-25721.html">Announcement</a>,
+<a href="/samba/security/CVE-2020-25722.html">Announcement</a>,
+<a href="/samba/security/CVE-2021-3738.html">Announcement</a>,
+<a href="/samba/security/CVE-2021-23192.html">Announcement</a>.
+ </td>
+ </tr>
+ <tr>
+ <td>29 Apr 2021</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.12.14-security-2021-04-29.patch">
+ patch for Samba 4.14.3</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.13.7-security-2021-04-29.patch">
+ patch for Samba 4.13.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.12.14-security-2021-04-29.patch">
+ patch for Samba 4.12.14</a><br />
+ </td>
+ <td>Negative idmap cache entries can cause incorrect group entries in
+ the Samba file server process token.
+ </td>
+ <td>All versions since 3.6.0.</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20254">CVE-2021-20254</a>
+ </td>
+ <td><a href="/samba/security/CVE-2021-20254.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>24 Mar 2021</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.14.0-security-2021-03-24.patch">
+ patch for Samba 4.14.0</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.13.5-security-2021-03-24.patch">
+ patch for Samba 4.13.5</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.12.12-security-2021-03-24.patch">
+ patch for Samba 4.12.12</a><br />
+ </td>
+ <td>CVE-2020-27840 and CVE-2021-20277. Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27840">CVE-2020-27840</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20277">CVE-2021-20277</a>.
+ </td>
+ <td><a href="/samba/security/CVE-2020-27840.html">Announcement</a>,
+ <a href="/samba/security/CVE-2021-20277.html">Announcement</a>.
+ </td>
+ </tr>
+
+ <tr>
+ <td>29 Oct 2020</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.13.0-security-2020-10-29.patch">
+ patch for Samba 4.13.0</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.12.8-security-2020-10-29.patch">
+ patch for Samba 4.12.8</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.11.14-security-2020-10-29.patch">
+ patch for Samba 4.11.14</a><br />
+ </td>
+ <td>CVE-2020-14318, CVE-2020-14323 and CVE-2020-14383. Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14318">CVE-2020-14318</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14323">CVE-2020-14323</a>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14383">CVE-2020-14383</a>.
+ </td>
+ <td><a href="/samba/security/CVE-2020-14318.html">Announcement</a>,
+ <a href="/samba/security/CVE-2020-14323.html">Announcement</a>,
+ <a href="/samba/security/CVE-2020-14383.html">Announcement</a>.
+ </td>
+ </tr>
+
+ <tr>
+ <td>18 Sep 2020</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.12.6-security-2020-09-18.patch">
+ patch for Samba 4.12.6</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.11.12-security-2020-09-18.patch">
+ patch for Samba 4.11.12</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.10.17-security-2020-09-18.patch">
+ patch for Samba 4.10.17</a><br />
+ </td>
+ <td>CVE-2020-1472.
+ Please see announcements for details.
+ </td>
+ <td>Please refer to the advisory.</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472">CVE-2020-1472</a>.
+ </td>
+ <td><a href="/samba/security/CVE-2020-1472.html">Announcement</a>,
+ </td>
+ </tr>
+
+ <tr>
+ <td>02 Jul 2020</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.12.3-security-2020-07-02.patch">
+ patch for Samba 4.12.3</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.11.10-security-2020-07-02.patch">
+ patch for Samba 4.11.10</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.10.16-security-2020-07-02.patch">
+ patch for Samba 4.10.16</a><br />
+ </td>
+ <td>CVE-2020-10730, CVE-2020-10745, CVE-2020-10760 and CVE-2020-14303.
+ Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10730">CVE-2020-10730</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10745">CVE-2020-10745</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10760">CVE-2020-10760</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14303">CVE-2020-14303</a>.
+ </td>
+ <td><a href="/samba/security/CVE-2020-10730.html">Announcement</a>,
+ <a href="/samba/security/CVE-2020-10745.html">Announcement</a>,
+ <a href="/samba/security/CVE-2020-10760.html">Announcement</a>,
+ <a href="/samba/security/CVE-2020-14303.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>28 Apr 2020</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.12.1-security-2020-04-28.patch">
+ patch for Samba 4.12.1</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.11.7-security-2020-04-28.patch">
+ patch for Samba 4.11.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.10.14-security-2020-04-28.patch">
+ patch for Samba 4.10.14</a><br />
+ </td>
+ <td>CVE-2020-10700 and CVE-2020-10704. Please see announcements for
+ details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10700">CVE-2020-10700</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10704">CVE-2020-10704</a>.
+ </td>
+ <td><a href="/samba/security/CVE-2020-10700.html">Announcement</a>,
+ <a href="/samba/security/CVE-2020-10704.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>21 Jan 2020</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.11.4-security-2020-01-21.patch">
+ patch for Samba 4.11.4</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.10.11-security-2020-01-21.patch">
+ patch for Samba 4.10.11</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.9.17-security-2020-01-21.patch">
+ patch for Samba 4.9.17</a><br />
+ </td>
+ <td>CVE-2019-14902, CVE-2019-14907 and CVE-2019-19344. Please see announcements for
+ details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14902">CVE-2019-14902</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14907">CVE-2019-14907</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19344">CVE-2019-19344.</a>.
+ </td>
+ <td><a href="/samba/security/CVE-2019-14902.html">Announcement</a>,
+ <a href="/samba/security/CVE-2019-14907.html">Announcement</a>,
+ <a href="/samba/security/CVE-2019-19344.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>10 Dec 2019</td>
+ <td><a
+href="/samba/ftp/patches/security/samba-4.11.2-security-2019-12-10.patch">
+ patch for Samba 4.11.2</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.10.10-security-2019-12-10.patch">
+ patch for Samba 4.10.10</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.9.16-security-2019-12-10.patch">
+ patch for Samba 4.9.16</a><br />
+ </td>
+ <td>CVE-2019-14861 and CVE-2019-14870. Please see announcements for
+ details.
+ </td>
+ <td>All versions since Samba 4.0</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14861">CVE-2019-14861</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14870">CVE-2019-14870</a>.
+ </td>
+ <td><a href="/samba/security/CVE-2019-14861.html">Announcement</a>,
+ <a href="/samba/security/CVE-2019-14870.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>29 Oct 2019</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.11.1-security-2019-10-29.patch">
+ patch for Samba 4.11.1</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.10.9-security-2019-10-29.patch">
+ patch for Samba 4.10.9</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.9.14-security-2019-10-29.patch">
+ patch for Samba 4.9.14</a><br />
+ </td>
+ <td>CVE-2019-10218, CVE-2019-14833 and CVE-2019-14847. Please see
+ announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10218">CVE-2019-10218</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14833">CVE-2019-14833</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14847">CVE-2019-14847</a>
+ </td>
+ <td><a href="/samba/security/CVE-2019-10218.html">Announcement</a>,
+ <a href="/samba/security/CVE-2019-14833.html">Announcement</a>,
+ <a href="/samba/security/CVE-2019-14847.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>03 Sep 2019</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.10.7-CVE-2019-10197.patch">
+ patch for Samba 4.10.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.9.12-CVE-2019-10197.patch">
+ patch for Samba 4.9.12</a><br />
+ </td>
+ <td>Combination of parameters and permissions can allow user to escape
+ from the share path definition.
+ </td>
+ <td>All versions between Samba 4.9.0 and 4.9.12/4.10.7 (incl.).</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10197">CVE-2019-10197</a>
+ </td>
+ <td><a href="/samba/security/CVE-2019-10197.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>19 Jun 2019</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.10.4-security-2019-06-19.patch">
+ patch for Samba 4.10.4 (both CVEs)</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.9.8-security-2019-06-19.patch">
+ patch for Samba 4.9.8 (CVE-2019-12435 only)</a><br />
+ </td>
+ <td>CVE-2019-12435 and CVE-2019-12436. Please see the announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12435">CVE-2019-12435</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12436">CVE-2019-12436</a>
+ </td>
+ <td><a href="/samba/security/CVE-2019-12435.html">Announcement</a>,
+ <a href="/samba/security/CVE-2019-12436.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>14 May 2019</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.10.2-security-2019-05-14.patch">
+ patch for Samba 4.10.2</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.9.7-security-2019-05-14.patch">
+ patch for Samba 4.9.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.8.11-security-2019-05-14.patch">
+ patch for Samba 4.8.11</a><br />
+ </td>
+ <td>CVE-2018-16860. Please see the announcements for details.
+ </td>
+ <td>All versions of Samba prior to 4.10.3, 4.9.8, 4.8.12.</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16860">CVE-2018-16860</a>
+ </td>
+ <td><a href="/samba/security/CVE-2018-16860.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>08 Apr 2019</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.10.1-security-2019-04-08.patch">
+ patch for Samba 4.10.1 (both CVEs)</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.9.5-security-2019-04-08.patch">
+ patch for Samba 4.9.5 (both CVEs)</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.8.10-security-2019-04-08.patch">
+ patch for Samba 4.8.10 (CVE-2019-3880 only)</a><br />
+ </td>
+ <td>CVE-2019-3870 and CVE-2019-3880. Please see the announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3870">CVE-2019-3870</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3880">CVE-2019-3880</a>
+ </td>
+ <td><a href="/samba/security/CVE-2019-3870.html">Announcement</a>,
+ <a href="/samba/security/CVE-2019-3880.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>27 Nov 2018</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.9.2-security-2018-11-27.patch">
+ patch for Samba 4.9.2 (all CVEs)</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.8.6-security-2018-11-27.patch">
+ patch for Samba 4.8.6 (all CVEs except CVE-2018-16852 and CVE-2018-16857)</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.7.11-security-2018-11-27.patch">
+ patch for Samba 4.7.11 (all CVEs except CVE-2018-16852 and CVE-2018-16857)</a><br />
+ <td>Numerous CVEs. Please see the announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14629">CVE-2018-14629</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16841">CVE-2018-16841</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16851">CVE-2018-16851</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16852">CVE-2018-16852</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16853">CVE-2018-16853</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16857">CVE-2018-16857</a>
+ </td>
+ <td><a href="/samba/security/CVE-2018-14629.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-16841.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-16851.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-16852.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-16853.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-16857.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>14 Aug 2018</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.8.3-security-2018-08-14.patch">
+ patch for Samba 4.8.3 (all CVEs)</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.7.8-security-2018-08-14.patch">
+ patch for Samba 4.7.8 (all CVEs except CVE-2018-1140)</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.6.15-security-2018-08-14.patch">
+ patch for Samba 4.6.15 (CVE-2018-10858 and CVE-2018-10919)</a><br />
+ <td>Numerous CVEs. Please see the announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10858">CVE-2018-10858</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10918">CVE-2018-10918</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10919">CVE-2018-10919</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1139">CVE-2018-1139</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1140">CVE-2018-1140</a>
+ </td>
+ <td><a href="/samba/security/CVE-2018-10858.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-10918.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-10919.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-1139.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-1140.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>13 Mar 2018</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.7.5-security-2018-03-13.patch">
+ patch for Samba 4.7.5</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.6.13-security-2018-03-13.patch">
+ patch for Samba 4.6.13</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.5.15-security-2018-03-13.patch">
+ patch for Samba 4.5.15</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.4.16-CVE-2018-1057.patch">
+ patch for Samba 4.4.16 (only CVE-2018-1057)</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.3.13-CVE-2018-1057.patch">
+ patch for Samba 4.3.13 (only CVE-2018-1057)</a><br />
+ <td>Numerous CVEs. Please see the announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1050">CVE-2018-1050</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1057">CVE-2018-1057</a>
+ </td>
+ <td><a href="/samba/security/CVE-2018-1050.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-1057.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>21 Nov 2017</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.7.2-security-2017-11-21.patch">
+ patch for Samba 4.7.2</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.6.10-security-2017-11-21.patch">
+ patch for Samba 4.6.10</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.5.14-security-2017-11-21.patch">
+ patch for Samba 4.5.14</a><br />
+ <td>Numerous CVEs. Please see the announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14746">CVE-2017-14746</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275">CVE-2017-15275</a>
+ </td>
+ <td><a href="/samba/security/CVE-2017-14746.html">Announcement</a>,
+ <a href="/samba/security/CVE-2017-15275.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>20 Sep 2017</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.6.7-security-2017-09-20.patch">
+ patch for Samba 4.6.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.5.13-security-2017-09-20.patch">
+ patch for Samba 4.5.13</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.4.15-security-2017-09-20.patch">
+ patch for Samba 4.4.15</a><br />
+ <td>Numerous CVEs. Please see the announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12150">CVE-2017-12150</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12151">CVE-2017-12151</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12163">CVE-2017-12163</a>
+ </td>
+ <td><a href="/samba/security/CVE-2017-12150.html">Announcement</a>,
+ <a href="/samba/security/CVE-2017-12151.html">Announcement</a>,
+ <a href="/samba/security/CVE-2017-12163.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>12 July 2017</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.x.y-CVE-2017-11103.patch">
+ patch for Samba 4.x.y</a><br />
+ <td>Orpheus' Lyre mutual authentication validation bypass.
+ </td>
+ <td>All versions between Samba 4.0.0 and 4.6.6/4.5.12/4.4.15</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103">CVE-2017-11103</a>
+ </td>
+ <td><a href="/samba/security/CVE-2017-11103.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>24 May 2017</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.6.3-4.5.9-4.4.13-CVE-2017-7494.patch">
+ patch for Samba 4.6.3, 4.5.9, 4.4.13</a><br />
+ <td>Remote code execution from a writable share.
+ </td>
+ <td>All versions between Samba 3.5.0 and 4.6.4/4.5.10/4.4.14</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494">CVE-2017-7494</a>
+ </td>
+ <td><a href="/samba/security/CVE-2017-7494.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>23 Mar 2017</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.6.0-CVE-2017-2619.patch">
+ patch for Samba 4.6.0</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.5.6-CVE-2017-2619.patch">
+ patch for Samba 4.5.6</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.4.11-CVE-2017-2619.patch">
+ patch for Samba 4.4.11</a><br />
+ <td>Symlink race allows access outside share definition.
+ </td>
+ <td>All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2619">CVE-2017-2619</a>
+ </td>
+ <td><a href="/samba/security/CVE-2017-2619.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>19 Dec 2016</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.5.2-security-20016-12-19.patch">
+ patch for Samba 4.5.2</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.4.7-security-20016-12-19.patch">
+ patch for Samba 4.4.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.3.12-security-20016-12-19.patch">
+ patch for Samba 4.3.12</a><br />
+ <td>Numerous CVEs. Please see the announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2123">CVE-2016-2123</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2125">CVE-2016-2125</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2126">CVE-2016-2126</a>
+ </td>
+ <td><a href="/samba/security/CVE-2016-2123.html">Announcement</a>,
+ <a href="/samba/security/CVE-2016-2125.html">Announcement</a>,
+ <a href="/samba/security/CVE-2016-2126.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>07 Jul 2016</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.4.4-CVE-2016-2119.patch">
+ patch for Samba 4.4.4</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.3.10-CVE-2016-2119.patch">
+ patch for Samba 4.3.10</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.2.13-CVE-2016-2119.patch">
+ patch for Samba 4.2.13</a><br />
+ <td>Client side SMB2/3 required signing can be downgraded.
+ </td>
+ <td>4.0.0 - 4.4.4</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119">CVE-2016-2119</a>
+ </td>
+ <td><a href="/samba/security/CVE-2016-2119.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>12 Apr 2016</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.4.0-security-2016-04-12-final.patch">
+ patch for Samba 4.4.0</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.3.6-security-2016-04-12-final.patch">
+ patch for Samba 4.3.6</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.2.9-security-2016-04-12-final.patch">
+ patch for Samba 4.2.9</a><br />
+ <a href="/samba/ftp/patches/security/samba-v4-0-security-2016-04-12-fileserver-only.patch.xz">
+ patch for Samba 4.0.26 (fileserver only! no client! no domain controller!)</a><br />
+ <a href="/samba/ftp/patches/security/samba-v3-6-security-2016-04-12.tar.xz">
+ patch for Samba 3.6.25 (only related CVEs)</a><br />
+ <td>Numerous CVEs. Please see the announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370">CVE-2015-5370</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110">CVE-2016-2110</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111">CVE-2016-2111</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112">CVE-2016-2112</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113">CVE-2016-2113</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114">CVE-2016-2114</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115">CVE-2016-2115</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118">CVE-2016-2118</a>
+ </td>
+ <td><a href="/samba/security/CVE-2015-5370.html">Announcement</a>
+ <a href="/samba/security/CVE-2016-2110.html">Announcement</a>
+ <a href="/samba/security/CVE-2016-2111.html">Announcement</a>
+ <a href="/samba/security/CVE-2016-2112.html">Announcement</a>
+ <a href="/samba/security/CVE-2016-2113.html">Announcement</a>
+ <a href="/samba/security/CVE-2016-2114.html">Announcement</a>
+ <a href="/samba/security/CVE-2016-2115.html">Announcement</a>
+ <a href="/samba/security/CVE-2016-2118.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>08 Mar 2016</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.3.5-security-2016-03-08.patch">
+ patch for Samba 4.3.5</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.2.8-security-2016-03-08.patch">
+ patch for Samba 4.2.8</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.1.22-security-2016-03-08.patch">
+ patch for Samba 4.1.22</a><br />
+ <td>Incorrect ACL get/set allowed on symlink path, Out-of-bounds read in internal DNS server.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7560">CVE-2015-7560</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0771">CVE-2016-0771</a>,
+ </td>
+ <td><a href="/samba/security/CVE-2015-7560.html">Announcement</a>
+ <a href="/samba/security/CVE-2016-0771.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>16 Dec 2015</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.3.2-security-2015-12-16.patch">
+ patch for Samba 4.3.2</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.2.6-security-2015-12-16.patch">
+ patch for Samba 4.2.6</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.1.21-security-2015-12-16.patch">
+ patch for Samba 4.1.21</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.6.25-security-2015-12-16.patch">
+ patch for Samba 3.6.25</a><br />
+ <td>Numerous CVEs. Please see the announcements for details.
+ </td>
+ <td>3.0.0 to 4.3.2</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223">CVE-2015-3223</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252">CVE-2015-5252</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296">CVE-2015-5296</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299">CVE-2015-5299</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330">CVE-2015-5330</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7540">CVE-2015-7540</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8467">CVE-2015-8467</a>
+ </td>
+ <td><a href="/samba/security/CVE-2015-3223.html">Announcement</a>
+ <a href="/samba/security/CVE-2015-5252.html">Announcement</a>
+ <a href="/samba/security/CVE-2015-5296.html">Announcement</a>
+ <a href="/samba/security/CVE-2015-5299.html">Announcement</a>
+ <a href="/samba/security/CVE-2015-5330.html">Announcement</a>
+ <a href="/samba/security/CVE-2015-7540.html">Announcement</a>
+ <a href="/samba/security/CVE-2015-8467.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>23 Feb 2015</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.1.16-CVE-2015-0240.patch">
+ patch for Samba 4.1.16</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.0.24-CVE-2015-0240.patch">
+ patch for Samba 4.0.24</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.6.24-CVE-2015-0240.patch">
+ patch for Samba 3.6.24</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.5.22-CVE-2015-0240.patch">
+ patch for Samba 3.5.22</a><br />
+ <td>Unexpected code execution in smbd.
+ </td>
+ <td>3.5.0 - 4.2.0rc4</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240">CVE-2015-0240</a>
+ </td>
+ <td><a href="/samba/security/CVE-2015-0240.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>15 Jan 2015</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.1.15-CVE-2014-8143.patch">
+ patch for Samba 4.1.15</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.0.23-CVE-2014-8143.patch">
+ patch for Samba 4.0.23</a><br />
+ <td>Elevation of privilege to Active Directory Domain Controller.
+ </td>
+ <td>4.0.0 - 4.1.15</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143">CVE-2014-8143</a>
+ </td>
+ <td><a href="/samba/security/CVE-2014-8143.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>01 Aug 2014</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.1.10-CVE-2014-3560.patch">
+ patch for Samba 4.1.10</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.0.20-CVE-2014-3560.patch">
+ patch for Samba 4.0.20</a><br />
+ <td>Remote code execution in nmbd.
+ </td>
+ <td>4.0.0 - 4.1.10</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560">CVE-2014-3560</a>
+ </td>
+ <td><a href="/samba/security/CVE-2014-3560.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>23 Jun 2014</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.1.8-CVE-2014-0244-CVE-2014-3493.patch">
+ patch for Samba 4.1.8</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.0.18-CVE-2014-0244-CVE-2014-3493.patch">
+ patch for Samba 4.0.18</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.6.23-CVE-2014-0244-CVE-2014-3493.patch">
+ patch for Samba 3.6.23</a><br />
+ <td>Denial of service - CPU loop, Denial of service - Server crash/memory corruption.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244">CVE-2014-0244</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493">CVE-2014-3493</a>
+ </td>
+ <td><a href="/samba/security/CVE-2014-0244.html">Announcement</a>
+ <a href="/samba/security/CVE-2014-3493.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>03 June 2014</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.0.17-CVE-2014-0178-CVE-2014-0239.patch">
+ patch for Samba 4.0.17</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.1.7-CVE-2014-0178-CVE-2014-0239.patch">
+ patch for Samba 4.1.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.6.23-CVE-2014-0178.patch">
+ patch for Samba 3.6.23 (CVE-2014-0178 only)</a><br />
+ <td>Uninitialized memory exposure, Potential DOS in Samba internal DNS server.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178">CVE-2014-0178</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0239">CVE-2014-0239</a>
+ </td>
+ <td><a href="/samba/security/CVE-2014-0178.html">Announcement</a>
+ <a href="/samba/security/CVE-2014-0239.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>11 Mar 2014</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.1.5-CVE-2013-4496-CVE-2013-6442.patch">
+ patch for Samba 4.1.5</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.0.15-CVE-2013-4496-CVE-2013-6442.patch">
+ patch for Samba 4.0.15</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.6.22-CVE-2013-4496.patch">
+ patch for Samba 3.6.22</a><br />
+ <td>Password lockout not enforced for SAMR password changes, smbcacls can remove a file
+ or directory ACL by mistake.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496">CVE-2013-4496</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442">CVE-2013-6442</a>
+ </td>
+ <td><a href="/samba/security/CVE-2013-4496.html">Announcement</a>
+ <a href="/samba/security/CVE-2013-6442.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>09 Dec 2013</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.1.2-CVE-2013-4408-CVE-2012-6150.patch">
+ patch for Samba 4.1.2</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.0.12-CVE-2013-4408-CVE-2012-6150.patch">
+ patch for Samba 4.0.12</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.6.21-CVE-2013-4408-CVE-2012-6150.patch">
+ patch for Samba 3.6.21</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.5.22-CVE-2013-4408.patch">
+ patch for Samba 3.5.22</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.4.17-CVE-2013-4408.patch">
+ patch for Samba 3.4.17</a>
+ <td>DCE-RPC fragment length field is incorrectly checked, pam_winbind
+ login without require_membership_of restrictions.</td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408">CVE-2013-4408</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150">CVE-2012-6150</a>
+ </td>
+ <td><a href="/samba/security/CVE-2013-4408.html">Announcement</a>
+ <a href="/samba/security/CVE-2012-6150.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>11 Nov 2013</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.1.0-CVE-2013-4475-CVE-2013-4476.patch">
+ patch for Samba 4.1.0</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.0.10-CVE-2013-4475-CVE-2013-4476.patch">
+ patch for Samba 4.0.10</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.6.19-CVE-2013-4475.patch">
+ patch for Samba 3.6.19</a><br />
+ <td>ACLs are not checked on opening an alternate data stream on a file
+ or directory, Private key in key.pem world readable.</td>
+ <td>3.2.0 - 4.1.0, 4.0.0 - 4.0.10, 4.1.0</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475">CVE-2013-4475</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4476">CVE-2013-4476</a>
+ </td>
+ <td><a href="/samba/security/CVE-2013-4475.html">Announcement</a>
+ <a href="/samba/security/CVE-2013-4476.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>05 Aug 2013</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.0.7-CVE-2013-4124.patch">
+ patch for Samba 4.0.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.6.16-CVE-2013-4124.patch">
+ patch for Samba 3.6.16</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.5.21-CVE-2013-4124.patch">
+ patch for Samba 3.5.21</a><br />
+ <td>Denial of service - CPU loop and memory allocation.</td>
+ <td>3.0.x-4.0.7</td>
+ <td><a
+ href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124">CVE-2013-4124</a>
+ </td>
+ <td><a href="/samba/security/CVE-2013-4124.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>02 Apr 2013</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.6-CVE-2013-0454.patch">
+ patch for Samba 3.6.5</a>
+ <td>A writable configured share might get read only</td>
+ <td>3.6.0 - 3.6.5 (inclusive)</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454">CVE-2013-0454</a>
+ </td>
+ <td><a href="/samba/security/CVE-2013-0454.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>19 Mar 2013</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.0.3-CVE-2013-1863.patch">
+ patch for Samba 4.0.3</a>
+ <td>World-writeable files may be created in additional shares on a Samba
+ 4.0 AD DC.</td>
+ <td>4.0.0rc6-4.0.3</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1863">CVE-2013-1863</a>
+ </td>
+ <td><a href="/samba/security/CVE-2013-1863.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>30 Jan 2013</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.0.1-CVE-2013-0213-CVE-2013-0214.patch">
+ patch for Samba 4.0.1</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.6.11-CVE-2013-0213-CVE-2013-0214.patch">
+ patch for Samba 3.6.11</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.5.20-CVE-2013-0213-CVE-2013-0214.patch">
+ patch for Samba 3.5.20</a><br />
+ <td>Clickjacking issue and potential XSRF in SWAT.</td>
+ <td>3.0.x-4.0.1</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213">CVE-2013-0213</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214">CVE-2013-0214</a>
+ </td>
+ <td><a href="/samba/security/CVE-2013-0213.html">Announcement</a>
+ <a href="/samba/security/CVE-2013-0214.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
+ <td>15 Jan 2013</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.0.0-CVE-2013-0172.patch">
+ patch for Samba 4.0.0</a>
+ <td>Samba 4.0 as an AD DC may provide authenticated users with write
+ access to LDAP directory objects.</td>
+ <td>4.0.0</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0172">CVE-2013-0172</a></td>
+ <td><a href="/samba/security/CVE-2013-0172.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>30 Apr 2012</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.4.16-CVE-2012-2111.patch">
+ patch for Samba 3.4.16</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.5.14-CVE-2012-2111.patch">
+ patch for Samba 3.5.14</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.6.4-CVE-2012-2111.patch">
+ patch for Samba 3.6.4</a><br />
+ <td>Incorrect permission checks when granting/removing privileges can
+ compromise file server security.</td>
+ <td>3.4.x-3.6.4</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111">CVE-2012-2111</a></td>
+ <td><a href="/samba/security/CVE-2012-2111.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>10 Apr 2012</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.0.37-CVE-2012-1182.patch">
+ patch for Samba 3.0.37</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.2.15-CVE-2012-1182.patch">
+ patch for Samba 3.2.15</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.3.16-CVE-2012-1182.patch">
+ patch for Samba 3.3.16</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.4.15-CVE-2012-1182.patch">
+ patch for Samba 3.4.15</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.5.13-CVE-2012-1182.patch">
+ patch for Samba 3.5.13</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.6.3-CVE-2012-1182.patch">
+ patch for Samba 3.6.3</a><br />
+ <td>"root" credential remote code execution</td>
+ <td>all current releases</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182">CVE-2012-1182</a></td>
+ <td><a href="/samba/security/CVE-2012-1182.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>23 Feb 2012</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.0-CVE-2012-0870.patch">
+ patch for Samba 3.0</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.2-CVE-2012-0870.patch">
+ patch for Samba 3.2</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.3-CVE-2012-0870.patch">
+ patch for Samba 3.3</a><br />
+ <td>Remote code execution vulnerability in smbd</td>
+ <td>pre-3.4</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0870">CVE-2012-0870</a></td>
+ <td><a href="/samba/security/CVE-2012-0870.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>29 Jan 2012</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.6.2-CVE-2012-0817.patch">
+ patch for Samba 3.6.2</a>
+ <td>Memory leak/Denial of service</td>
+ <td>3.6.0-3.6.2</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0817">CVE-2012-0817</a></td>
+ <td><a href="/samba/security/CVE-2012-0817.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>26 Jul 2011</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.3.15-CVE-2011-2522.patch">
+ patch for Samba 3.3.15</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.4.13-CVE-2011-2522.patch">
+ patch for Samba 3.4.13</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.5.9-CVE-2011-2522.patch">
+ patch for Samba 3.5.9</a><br />
+ <td>Cross-Site Request Forgery in SWAT</td>
+ <td>all current releases</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522">CVE-2011-2522</a></td>
+ <td><a href="/samba/security/CVE-2011-2522.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>26 Jul 2011</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.3.15-CVE-2011-2694.patch">
+ patch for Samba 3.3.15</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.4.13-CVE-2011-2694.patch">
+ patch for Samba 3.4.13</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.5.9-CVE-2011-2694.patch">
+ patch for Samba 3.5.9</a><br />
+ <td>Cross-Site Scripting vulnerability in SWAT</td>
+ <td>all current releases</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694">CVE-2011-2694</a></td>
+ <td><a href="/samba/security/CVE-2011-2694.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>18 Feb 2011</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.3.14-CVE-2011-0719.patch">
+ patch for Samba 3.3.14</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.4.11-CVE-2011-0719.patch">
+ patch for Samba 3.4.11</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.5.6-CVE-2011-0719.patch">
+ patch for Samba 3.5.6</a><br />
+ <td>Denial of service - memory corruption</td>
+ <td>all current releases</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719">CVE-2011-0719</a></td>
+ <td><a href="/samba/security/CVE-2011-0719.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>14 Sep 2010</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.3.13-CVE-2010-3069.patch">
+ patch for Samba 3.3.13</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.4.8-CVE-2010-3069.patch">
+ patch for Samba 3.4.8</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.5.4-CVE-2010-3069.patch">
+ patch for Samba 3.5.4</a><br />
+ <td>Buffer Overrun Vulnerability</td>
+ <td>all current releases</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069">CVE-2010-3069</a></td>
+ <td><a href="/samba/security/CVE-2010-3069.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>16 Jun 2010</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch">
+ patch for Samba 3.3.12 and 3.2.15</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch">
+ patch for Samba 3.0.37</a><br />
+ <td>Memory Corruption Vulnerability</td>
+ <td>3.0.x, 3.2.x, 3.3.0-3.3.12</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-CVE-2010-2063">CVE-2010-2063</a></td>
+ <td><a href="/samba/security/CVE-2010-2063.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>08 Mar 2010</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.5.0-CVE-2010-0728.patch">
+ patch for Samba 3.5.0</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.4.6-CVE-2010-0728.patch">
+ patch for Samba 3.4.6</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.3.11-CVE-2010-0728.patch">
+ patch for Samba 3.3.11</a><br />
+ <td>Permission ignored</td>
+ <td>3.3.11, 3.4.6, 3.5.0</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0728">CVE-2010-0728</a></td>
+ <td><a href="/samba/security/CVE-2010-0728.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>02 Feb 2010</td>
+ <td>not available</td>
+ <td>Change parameter "wide links" to default to "no"</td>
+ <td>pre-3.4.6</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0926">CVE-2010-0926</a></td>
+ <td><a href="/samba/security/CVE-2010-0926.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>01 Oct 2009</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2948-1.patch">
+ patch 1 for Samba 3.4.1</a>
+ <a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2948-2.patch">
+ patch 2 for Samba 3.4.1</a>
+ <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2948-1.patch">
+ patch 1 for Samba 3.3.7</a>
+ <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2948-2.patch">
+ patch 2 for Samba 3.3.7</a>
+ <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2948-1.patch">
+ patch 1 for Samba 3.2.14</a>
+ <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2948-2.patch">
+ patch 2 for Samba 3.2.14</a>
+ <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2948-1.patch">
+ patch 1 for Samba 3.0.36</a>
+ <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2948-2.patch">
+ patch 2 for Samba 3.0.36</a>
+ <td>Information disclosure by setuid mount.cifs</td>
+ <td>all releases</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906">CVE-2009-2948</a></td>
+ <td><a href="/samba/security/CVE-2009-2948.html">Announcement</a></td>
+ </tr>
+
+ <tr>
+ <td>01 Oct 2009</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2906.patch">
+ patch for Samba 3.4.1</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2906.patch">
+ patch for Samba 3.3.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2906.patch">
+ patch for Samba 3.2.14</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2906.patch">
+ patch for Samba 3.0.36</a><br />
+ <td>Remote DoS against smbd on authenticated connections</td>
+ <td>all releases</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906">CVE-2009-2906</a></td>
+ <td><a href="/samba/security/CVE-2009-2906.html">Announcement</a></td>
+ </tr>
+ <tr>
+
+ <tr>
+ <td>01 Oct 2009</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.4.1-CVE-2009-2813.patch">
+ patch for Samba 3.4.1</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.3.7-CVE-2009-2813.patch">
+ patch for Samba 3.3.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.2.14-CVE-2009-2813.patch">
+ patch for Samba 3.2.14</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.0.36-CVE-2009-2813.patch">
+ patch for Samba 3.0.36</a><br />
+ <td>Misconfigured /etc/passwd file may share folders unexpectedly</td>
+ <td>> 3.0.11</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813">CVE-2009-2813</a></td>
+ <td><a href="/samba/security/CVE-2009-2813.html">Announcement</a></td>
+ </tr>
+ <tr>
+
+ <tr>
+ <td>23 Jun 2009</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.3.5-CVE-2009-1888.patch">
+ patch for Samba 3.3.5</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1888.patch">
+ patch for Samba 3.2.12</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.0.34-CVE-2009-1888.patch">
+ patch for Samba 3.0.34</a><br />
+ <td>Uninitialized read of a data value</td>
+ <td>Samba 3.0.31 - 3.3.5</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888">CVE-2009-1888</a></td>
+ <td><a href="/samba/security/CVE-2009-1888.html">Announcement</a></td>
+ </tr>
+ <tr>
+
+ <tr>
+ <td>23 Jun 2009</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch">
+ patch for Samba 3.2.12</a>
+ <td>Formatstring vulnerability in smbclient</td>
+ <td>Samba 3.2.0 - 3.2.12</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886">CVE-2009-1886</a></td>
+ <td><a href="/samba/security/CVE-2009-1886.html">Announcement</a></td>
+ </tr>
+ <tr>
+
<tr>
<td>05 Jan 2009</td>
<td><a href="/samba/ftp/patches/security/samba-3.2.6-CVE-2009-0022.patch">
patch for Samba 3.2.6</a>
<td>Potential access to "/" in setups with registry shares enabled</td>
<td>Samba 3.2.0 - 3.2.6</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022">CVE-2009-0022</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0022">CVE-2009-0022</a></td>
<td><a href="/samba/security/CVE-2009-0022.html">Announcement</a></td>
</tr>
<tr>
patch for Samba 3.2.4</a></td>
<td>Potential leak of arbitrary memory contents</td>
<td>Samba 3.0.29 - 3.2.4</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314">CVE-2008-4314</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314">CVE-2008-4314</a></td>
<td><a href="/samba/security/CVE-2008-4314.html">Announcement</a></td>
</tr>
patch 2 for Samba 3.2.2</a></td>
<td>Wrong permissions of group_mapping.ldb</td>
<td>Samba 3.2.0 - 3.2.2</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3789">CVE-2008-3789</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3789">CVE-2008-3789</a></td>
<td><a href="/samba/security/CVE-2008-3789.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch">patch for Samba 3.0.29</a></td>
<td>Boundary failure when parsing SMB responses</td>
<td>Samba 3.0.0 - 3.0.29</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105">CVE-2008-1105</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105">CVE-2008-1105</a></td>
<td><a href="/samba/security/CVE-2008-1105.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.27a-CVE-2007-6015.patch">patch for Samba 3.0.27a</a></td>
<td>Remote Code Execution in Samba's nmbd (send_mailslot())</td>
<td>Samba 3.0.0 - 3.0.27a</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015">CVE-2007-6015</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015">CVE-2007-6015</a></td>
<td><a href="/samba/security/CVE-2007-6015.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-5398.patch">patch for Samba 3.0.26a</a></td>
<td>Remote Code Execution in Samba's nmbd</td>
<td>Samba 3.0.0 - 3.0.26a</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398">CVE-2007-5398</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398">CVE-2007-5398</a></td>
<td><a href="/samba/security/CVE-2007-5398.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.26a-CVE-2007-4572.patch">patch for Samba 3.0.26a</a></td>
<td>GETDC mailslot processing buffer overrun in nmbd</td>
<td>Samba 3.0.0 - 3.0.26a</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572">CVE-2007-4572</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572">CVE-2007-4572</a></td>
<td><a href="/samba/security/CVE-2007-4572.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.25-CVE-2007-4138.patch">patch for Samba 3.0.25</a></td>
<td>Incorrect primary group assignment for users using the rfc2307 or sfu nss info plugin.</td>
<td>Samba 3.0.25 - 3.0.25c</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138">CVE-2007-4138</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138">CVE-2007-4138</a></td>
<td><a href="/samba/security/CVE-2007-4138.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2447_v2.patch">patch for Samba 3.0.24</a></td>
<td>Remote Command Injection Vulnerability (Updated June 5 to include missing "c" character from INCLUDE list).</td>
<td>Samba 3.0.0 - 3.0.25rc3</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447">CVE-2007-2447</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447">CVE-2007-2447</a></td>
<td><a href="/samba/security/CVE-2007-2447.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2446_v2.patch">patch for Samba 3.0.24</a></td>
<td>Multiple Heap Overflows Allow Remote Code Execution (Updated May 25 to fix regression in Samba domain controller logon code).</td>
<td>Samba 3.0.0 - 3.0.25rc3</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446">CVE-2007-2446</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446">CVE-2007-2446</a></td>
<td><a href="/samba/security/CVE-2007-2446.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2444_v2.patch">patch for Samba 3.0.24</a></td>
<td>Local SID/Name translation bug can result in user privilege elevation (Updated May 25 to fix regression in the "force group" parameter).</td>
<td>Samba 3.0.23d - 3.0.25pre2</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444">CVE-2007-2444</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444">CVE-2007-2444</a></td>
<td><a href="/samba/security/CVE-2007-2444.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0452.patch">patch for Samba 3.0.23d</a></td>
<td>Potential Denial of Service bug in smbd</td>
<td>Samba 3.0.6 - 3.0.23d</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452">CVE-2007-0452</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452">CVE-2007-0452</a></td>
<td><a href="/samba/security/CVE-2007-0452.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0453.patch">patch for Samba 3.0.23d</a></td>
<td>Buffer overrun in NSS host lookup Winbind library on Solaris</td>
<td>Samba 3.0.21 - 3.0.23d</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453">CVE-2007-0453</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453">CVE-2007-0453</a></td>
<td><a href="/samba/security/CVE-2007-0453.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0454.patch">patch for Samba 3.0.23d</a></td>
<td>Format string bug in afsacl.so VFS plugin</td>
<td>Samba 3.0.6 - 3.0.23d</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454">CVE-2007-0454</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454">CVE-2007-0454</a></td>
<td><a href="/samba/security/CVE-2007-0454.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0-CVE-2006-3403.patch">patch for Samba 3.0.1 - 3.0.22</a></td>
<td>Memory exhaustion DoS against smbd</td>
<td>Samba 3.0.1 - 3.0.22</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403">CVE-2006-3403</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403">CVE-2006-3403</a></td>
<td><a href="/samba/security/CVE-2006-3403.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.21-CVE-2006-1059.patch">patch for Samba 3.0.21[a-c]</a></td>
<td>Exposure of machine account credentials in winbind log files</td>
<td>Samba 3.0.21 - 3.0.21c</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1059">CVE-2006-1059</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1059">CVE-2006-1059</a></td>
<td><a href="/samba/security/CVE-2006-1059.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.9-CVE-2004-1154.patch">patch for Samba 3.0.9</a></td>
<td>Integer Overflow in security descriptor parsing</td>
<td>Samba 2.x, 3.0.x <= 3.0.9</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1154">CVE-2004-1154</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1154">CVE-2004-1154</a></td>
<td><a href="/samba/security/CVE-2004-1154.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.7-CVE-2004-0882.patch">patch for <=Samba 3.0.7</a></td>
<td>Buffer Overrun in smbd</td>
<td>Samba 3.0.x <= 3.0.7</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0882">CVE-2004-0882</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0882">CVE-2004-0882</a></td>
<td><a href="/samba/security/CVE-2004-0882.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.7-CVE-2004-0930.patch">patch for <=Samba 3.0.7</a></td>
<td>Remote DoS</td>
<td>Samba 3.0.x <= 3.0.7</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0930">CVE-2004-0930</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0930">CVE-2004-0930</a></td>
<td><a href="/samba/security/CVE-2004-0930.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/stable/samba-2.2.12.tar.gz">Samba 2.2.12</a> and/or <a href="/samba/ftp/patches/security/samba-3.0.2a-reduce_name.patch">patch for <=Samba 3.0.2a</a></td>
<td>Potential arbitrary file access</td>
<td>Samba 2.2.x <=2.2.11 and Samba 3.0.x <=3.0.2a</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815">CVE-2004-0815</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815">CVE-2004-0815</a></td>
<td><a href="/samba/security/CVE-2004-0815.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/patches/security/samba-3.0.5-DoS.patch">3.0.5 patch</a></td>
<td>Two DoS bugs; one affecting smbd, the other nmbd.</td>
<td>3.0.x <= 3.0.6</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0807">CVE-2004-0807</a>, <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0808">CVE-2004-0808</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0807">CVE-2004-0807</a>, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0808">CVE-2004-0808</a></td>
<td><a href="/samba/security/CVE-2004-0807_CVE-2004-0808.html">Announcement</a></td>
</tr>
<td><a href="/samba/ftp/stable/samba-3.0.5.tar.gz">3.0.5</a></td>
<td>Two potential buffer overruns</td>
<td>>=3.0.2</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0600">CVE-2004-0600</a>,
- <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0600">CVE-2004-0600</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a>
</td>
<td><a href="/samba/security/CVE-2004-0600.html">CVE-2004-0600 Announcement</a>
<a href="/samba/security/CVE-2004-0686.html">CVE-2004-0686 Announcement</a></td>
<td><a href="/samba/ftp/stable/samba-2.2.10.tar.gz">2.2.10</a></td>
<td>Buffer overrun in hash mangling method</td>
<td>all 2.2 releases</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686">CVE-2004-0686</a>
</td>
<td><a href="/samba/history/samba-2.2.10.html">release notes</a></td>
</tr>
access to a user account created by the mksmbpasswd.sh shell script.</td>
<td>>=3.0.0</td>
<td><a
- href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0082">CVE-2004-0082</a></td>
+ href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0082">CVE-2004-0082</a></td>
<td><a href="/samba/security/CVE-2004-0082.html">Announcement</a></td>
</tr>
<td>Buffer overrun condition in the SMB/CIFS packet fragment
re-assembly code.</td>
<td>all 2.0 releases and <= 2.2.8</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0196">CVE-2003-0196</a>,
- <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0201">CVE-2003-0201</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0196">CVE-2003-0196</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0201">CVE-2003-0201</a></td>
<td><a href="/samba/history/samba-2.2.8a.html">release notes</a></td>
</tr>
<td>Bug in the length checking for encrypted password change
requests from clients.</td>
<td>2.2.2 - 2.2.6</td>
- <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0085">CVE-2003-0085</a></td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0085">CVE-2003-0085</a></td>
<td><a href="/samba/history/samba-2.2.7a.html">release notes</a></td>
</tr>
git.samba.org / samba-web.git / blobdiff