Samba 4.6.16 Available for Download

Samba 4.6.16 (gzipped)

Patch (gzipped) against Samba 4.6.15

                   Release Notes for Samba 4.6.16
                           August 14, 2018

This is a security release in order to address the following defects:

o  CVE-2018-10858 (Insufficient input validation on client directory
		   listing in libsmbclient.)
o  CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP


o  CVE-2018-10858:
   A malicious server could return a directory entry that could corrupt
   libsmbclient memory.

o  CVE-2018-10919:
   Missing access control checks allow discovery of confidential attribute
   values via authenticated LDAP search expressions.

Changes since 4.6.15:

o  Jeremy Allison <>
   * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
     returns from malicious servers.

o  Tim Beale <>
   * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via