Samba 4.6.16 Available for Download

Samba 4.6.16 (gzipped)
Signature

Patch (gzipped) against Samba 4.6.15
Signature

                   ==============================
                   Release Notes for Samba 4.6.16
                           August 14, 2018
                   ==============================


This is a security release in order to address the following defects:

o  CVE-2018-10858 (Insufficient input validation on client directory
		   listing in libsmbclient.)
o  CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
		   server.)


=======
Details
=======

o  CVE-2018-10858:
   A malicious server could return a directory entry that could corrupt
   libsmbclient memory.

o  CVE-2018-10919:
   Missing access control checks allow discovery of confidential attribute
   values via authenticated LDAP search expressions.


Changes since 4.6.15:
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
     returns from malicious servers.

o  Tim Beale <timbeale@catalyst.net.nz>
   * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via
     searches.