+ ==============================
+ Release Notes for Samba 4.8.12
+ May 14, 2019
+ ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum)
+
+
+=======
+Details
+=======
+
+o CVE-2018-16860:
+ The checksum validation in the S4U2Self handler in the embedded Heimdal KDC
+ did not first confirm that the checksum was keyed, allowing replacement of
+ the requested target (client) principal.
+
+For more details and workarounds, please refer to the security advisory.
+
+
+Changes since 4.8.11:
+---------------------
+
+o Isaac Boukris <iboukris@gmail.com>
+ * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed
+ checksum.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
==============================
Release Notes for Samba 4.8.11
April 8, 2019
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
==============================
Release Notes for Samba 4.8.10