Samba 4.9.8 Available for Download

Samba 4.9.8 (gzipped)
Signature

Patch (gzipped) against Samba 4.9.7
Signature

                   =============================
                   Release Notes for Samba 4.9.8
                            May 14, 2019
                   =============================


This is a security release in order to address the following defect:

o  CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum)


=======
Details
=======

o  CVE-2018-16860:
   The checksum validation in the S4U2Self handler in the embedded Heimdal KDC
   did not first confirm that the checksum was keyed, allowing replacement of
   the requested target (client) principal.

For more details and workarounds, please refer to the security advisory.


Changes since 4.9.7:
--------------------

o  Isaac Boukris <iboukris@gmail.com>
   * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed
     checksum.