Samba 4.16.10 Available for Download

Samba 4.16.10 (gzipped)

Patch (gzipped) against Samba 4.16.9

                   Release Notes for Samba 4.16.10
                           March 29, 2023

This is a security release in order to address the following defects:

o CVE-2023-0922: The Samba AD DC administration tool, when operating against a
                 remote LDAP server, will by default send new or reset
                 passwords over a signed-only connection.

o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
                 Confidential attribute disclosure via LDAP filters was
                 insufficient and an attacker may be able to obtain
                 confidential BitLocker recovery keys from a Samba AD DC.
                 Installations with such secrets in their Samba AD should
                 assume they have been obtained and need replacing.

Changes since 4.16.9

o  Andrew Bartlett <>
   * BUG 15270: VE-2023-0614.
   * BUG 15331: ldb wildcard matching makes excessive allocations.
   * BUG 15332: large_ldap test is inefficient.

o  Rob van der Linde <>
   * BUG 15315: CVE-2023-0922.

o  Joseph Sutton <>
   * BUG 15270: CVE-2023-0614.