1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
5 <title>Samba 4.6.8 - Release Notes</title>
8 <H2>Samba 4.6.8 Available for Download</H2>
10 <a href="https://download.samba.org/pub/samba/stable/samba-4.6.8.tar.gz">Samba 4.6.8 (gzipped)</a><br>
11 <a href="https://download.samba.org/pub/samba/stable/samba-4.6.8.tar.asc">Signature</a>
14 <a href="https://download.samba.org/pub/samba/patches/samba-4.6.7-4.6.8.diffs.gz">Patch (gzipped) against Samba 4.6.7</a><br>
15 <a href="https://download.samba.org/pub/samba/patches/samba-4.6.7-4.6.8.diffs.asc">Signature</a>
19 =============================
20 Release Notes for Samba 4.6.8
22 =============================
25 This is a security release in order to address the following defects:
27 o CVE-2017-12150 (SMB1/2/3 connections may not require signing where they
29 o CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects)
30 o CVE-2017-12163 (Server memory information leak over SMB1)
38 A man in the middle attack may hijack client connections.
41 A man in the middle attack can read and may alter confidential
42 documents transferred via a client connection, which are reached
43 via DFS redirect when the original connection used SMB3.
46 Client with write access to a share can cause server memory contents to be
47 written into a file or printer.
49 For more details and workarounds, please see the security advisories:
51 o https://www.samba.org/samba/security/CVE-2017-12150.html
52 o https://www.samba.org/samba/security/CVE-2017-12151.html
53 o https://www.samba.org/samba/security/CVE-2017-12163.html
59 o Jeremy Allison <jra@samba.org>
60 * BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes
62 * BUG 13020: CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from
63 writing server memory to file.
65 o Ralph Boehme <slow@samba.org>
66 * BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories
69 o Stefan Metzmacher <metze@samba.org>
70 * BUG 12996: CVE-2017-12151: Keep required encryption across SMB3 dfs
72 * BUG 12997: CVE-2017-12150: Some code path don't enforce smb signing