Samba 4.4.15 (gzipped)
Signature
Patch (gzipped) against Samba 4.4.14
Signature
==============================
Release Notes for Samba 4.4.15
July 12, 2017
==============================
This is a security release in order to address the following defect:
o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass)
=======
Details
=======
o CVE-2017-11103 (Heimdal):
All versions of Samba from 4.0.0 onwards using embedded Heimdal
Kerberos are vulnerable to a man-in-the-middle attack impersonating
a trusted server, who may gain elevated access to the domain by
returning malicious replication or authorization data.
Samba binaries built against MIT Kerberos are not vulnerable.
Changes since 4.4.14:
---------------------
o Jeffrey Altman <jaltman@secure-endpoints.com>
* BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation