Samba

Samba Security Releases

Security releases for Samba are listed below by their release date. The previously affected versions of Samba are listed alongside the appropriate security concern. For complete information, follow the link to full release notes for each release.

Samba's coordinated security release and disclosure process is followed and new versions of Samba are released for supported Samba versions.

Samba Security Releases
Date Issued Download Known Issue(s) Affected Releases CVE ID # Details
29 Oct 2019 patch for Samba 4.11.1
patch for Samba 4.10.9
patch for Samba 4.9.14
CVE-2019-10218, CVE-2019-14833 and CVE-2019-14847. Please see announcements for details. please refer to the advisories CVE-2019-10218, CVE-2019-14833, CVE-2019-14847 Announcement, Announcement, Announcement
03 Sep 2019 patch for Samba 4.10.7
patch for Samba 4.9.12
Combination of parameters and permissions can allow user to escape from the share path definition. All versions between Samba 4.9.0 and 4.9.12/4.10.7 (incl.). CVE-2019-10197 Announcement
19 Jun 2019 patch for Samba 4.10.4 (both CVEs)
patch for Samba 4.9.8 (CVE-2019-12435 only)
CVE-2019-12435 and CVE-2019-12436. Please see the announcements for details. please refer to the advisories CVE-2019-12435, CVE-2019-12436 Announcement, Announcement
14 May 2019 patch for Samba 4.10.2
patch for Samba 4.9.7
patch for Samba 4.8.11
CVE-2018-16860. Please see the announcements for details. All versions of Samba prior to 4.10.3, 4.9.8, 4.8.12. CVE-2018-16860 Announcement
08 Apr 2019 patch for Samba 4.10.1 (both CVEs)
patch for Samba 4.9.5 (both CVEs)
patch for Samba 4.8.10 (CVE-2019-3880 only)
CVE-2019-3870 and CVE-2019-3880. Please see the announcements for details. please refer to the advisories CVE-2019-3870, CVE-2019-3880 Announcement, Announcement
27 Nov 2018 patch for Samba 4.9.2 (all CVEs)
patch for Samba 4.8.6 (all CVEs except CVE-2018-16852 and CVE-2018-16857)
patch for Samba 4.7.11 (all CVEs except CVE-2018-16852 and CVE-2018-16857)
Numerous CVEs. Please see the announcements for details. please refer to the advisories CVE-2018-14629, CVE-2018-16841, CVE-2018-16851, CVE-2018-16852, CVE-2018-16853, CVE-2018-16857 Announcement, Announcement, Announcement, Announcement, Announcement, Announcement
14 Aug 2018 patch for Samba 4.8.3 (all CVEs)
patch for Samba 4.7.8 (all CVEs except CVE-2018-1140)
patch for Samba 4.6.15 (CVE-2018-10858 and CVE-2018-10919)
Numerous CVEs. Please see the announcements for details. please refer to the advisories CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140 Announcement, Announcement, Announcement, Announcement, Announcement
13 Mar 2018 patch for Samba 4.7.5
patch for Samba 4.6.13
patch for Samba 4.5.15
patch for Samba 4.4.16 (only CVE-2018-1057)
patch for Samba 4.3.13 (only CVE-2018-1057)
Numerous CVEs. Please see the announcements for details. please refer to the advisories CVE-2018-1050, CVE-2018-1057 Announcement, Announcement
21 Nov 2017 patch for Samba 4.7.2
patch for Samba 4.6.10
patch for Samba 4.5.14
Numerous CVEs. Please see the announcements for details. please refer to the advisories CVE-2017-14746, CVE-2017-15275 Announcement, Announcement
20 Sep 2017 patch for Samba 4.6.7
patch for Samba 4.5.13
patch for Samba 4.4.15
Numerous CVEs. Please see the announcements for details. please refer to the advisories CVE-2017-12150, CVE-2017-12151, CVE-2017-12163 Announcement, Announcement, Announcement
12 July 2017 patch for Samba 4.x.y
Orpheus' Lyre mutual authentication validation bypass. All versions between Samba 4.0.0 and 4.6.6/4.5.12/4.4.15 CVE-2017-11103 Announcement
24 May 2017 patch for Samba 4.6.3, 4.5.9, 4.4.13
Remote code execution from a writable share. All versions between Samba 3.5.0 and 4.6.4/4.5.10/4.4.14 CVE-2017-7494 Announcement
23 Mar 2017 patch for Samba 4.6.0
patch for Samba 4.5.6
patch for Samba 4.4.11
Symlink race allows access outside share definition. All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 CVE-2017-2619 Announcement
19 Dec 2016 patch for Samba 4.5.2
patch for Samba 4.4.7
patch for Samba 4.3.12
Numerous CVEs. Please see the announcements for details. please refer to the advisories CVE-2016-2123, CVE-2016-2125, CVE-2016-2126 Announcement, Announcement, Announcement
07 Jul 2016 patch for Samba 4.4.4
patch for Samba 4.3.10
patch for Samba 4.2.13
Client side SMB2/3 required signing can be downgraded. 4.0.0 - 4.4.4 CVE-2016-2119 Announcement
12 Apr 2016 patch for Samba 4.4.0
patch for Samba 4.3.6
patch for Samba 4.2.9
patch for Samba 4.0.26 (fileserver only! no client! no domain controller!)
patch for Samba 3.6.25 (only related CVEs)
Numerous CVEs. Please see the announcements for details. please refer to the advisories CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118 Announcement Announcement Announcement Announcement Announcement Announcement Announcement Announcement
08 Mar 2016 patch for Samba 4.3.5
patch for Samba 4.2.8
patch for Samba 4.1.22
Incorrect ACL get/set allowed on symlink path, Out-of-bounds read in internal DNS server. please refer to the advisories CVE-2015-7560, CVE-2016-0771, Announcement Announcement
16 Dec 2015 patch for Samba 4.3.2
patch for Samba 4.2.6
patch for Samba 4.1.21
patch for Samba 3.6.25
Numerous CVEs. Please see the announcements for details. 3.0.0 to 4.3.2 CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540, CVE-2015-8467 Announcement Announcement Announcement Announcement Announcement Announcement Announcement
23 Feb 2015 patch for Samba 4.1.16
patch for Samba 4.0.24
patch for Samba 3.6.24
patch for Samba 3.5.22
Unexpected code execution in smbd. 3.5.0 - 4.2.0rc4 CVE-2015-0240 Announcement
15 Jan 2015 patch for Samba 4.1.15
patch for Samba 4.0.23
Elevation of privilege to Active Directory Domain Controller. 4.0.0 - 4.1.15 CVE-2014-8143 Announcement
01 Aug 2014 patch for Samba 4.1.10
patch for Samba 4.0.20
Remote code execution in nmbd. 4.0.0 - 4.1.10 CVE-2014-3560 Announcement
23 Jun 2014 patch for Samba 4.1.8
patch for Samba 4.0.18
patch for Samba 3.6.23
Denial of service - CPU loop, Denial of service - Server crash/memory corruption. please refer to the advisories CVE-2014-0244, CVE-2014-3493 Announcement Announcement
03 June 2014 patch for Samba 4.0.17
patch for Samba 4.1.7
patch for Samba 3.6.23 (CVE-2014-0178 only)
Uninitialized memory exposure, Potential DOS in Samba internal DNS server. please refer to the advisories CVE-2014-0178, CVE-2014-0239 Announcement Announcement
11 Mar 2014 patch for Samba 4.1.5
patch for Samba 4.0.15
patch for Samba 3.6.22
Password lockout not enforced for SAMR password changes, smbcacls can remove a file or directory ACL by mistake. please refer to the advisories CVE-2013-4496, CVE-2013-6442 Announcement Announcement
09 Dec 2013 patch for Samba 4.1.2
patch for Samba 4.0.12
patch for Samba 3.6.21
patch for Samba 3.5.22
patch for Samba 3.4.17
DCE-RPC fragment length field is incorrectly checked, pam_winbind login without require_membership_of restrictions. please refer to the advisories CVE-2013-4408, CVE-2012-6150 Announcement Announcement
11 Nov 2013 patch for Samba 4.1.0
patch for Samba 4.0.10
patch for Samba 3.6.19
ACLs are not checked on opening an alternate data stream on a file or directory, Private key in key.pem world readable. 3.2.0 - 4.1.0, 4.0.0 - 4.0.10, 4.1.0 CVE-2013-4475, CVE-2013-4476 Announcement Announcement
05 Aug 2013 patch for Samba 4.0.7
patch for Samba 3.6.16
patch for Samba 3.5.21
Denial of service - CPU loop and memory allocation. 3.0.x-4.0.7 CVE-2013-4124 Announcement
02 Apr 2013 patch for Samba 3.6.5 A writable configured share might get read only 3.6.0 - 3.6.5 (inclusive) CVE-2013-0454 Announcement
19 Mar 2013 patch for Samba 4.0.3 World-writeable files may be created in additional shares on a Samba 4.0 AD DC. 4.0.0rc6-4.0.3 CVE-2013-1863 Announcement
30 Jan 2013 patch for Samba 4.0.1
patch for Samba 3.6.11
patch for Samba 3.5.20
Clickjacking issue and potential XSRF in SWAT. 3.0.x-4.0.1 CVE-2013-0213, CVE-2013-0214 Announcement Announcement
15 Jan 2013 patch for Samba 4.0.0 Samba 4.0 as an AD DC may provide authenticated users with write access to LDAP directory objects. 4.0.0 CVE-2013-0172 Announcement
30 Apr 2012 patch for Samba 3.4.16
patch for Samba 3.5.14
patch for Samba 3.6.4
Incorrect permission checks when granting/removing privileges can compromise file server security. 3.4.x-3.6.4 CVE-2012-2111 Announcement
10 Apr 2012 patch for Samba 3.0.37
patch for Samba 3.2.15
patch for Samba 3.3.16
patch for Samba 3.4.15
patch for Samba 3.5.13
patch for Samba 3.6.3
"root" credential remote code execution all current releases CVE-2012-1182 Announcement
23 Feb 2012 patch for Samba 3.0
patch for Samba 3.2
patch for Samba 3.3
Remote code execution vulnerability in smbd pre-3.4 CVE-2012-0870 Announcement
29 Jan 2012 patch for Samba 3.6.2 Memory leak/Denial of service 3.6.0-3.6.2 CVE-2012-0817 Announcement
26 Jul 2011 patch for Samba 3.3.15
patch for Samba 3.4.13
patch for Samba 3.5.9
Cross-Site Request Forgery in SWAT all current releases CVE-2011-2522 Announcement
26 Jul 2011 patch for Samba 3.3.15
patch for Samba 3.4.13
patch for Samba 3.5.9
Cross-Site Scripting vulnerability in SWAT all current releases CVE-2011-2694 Announcement
18 Feb 2011 patch for Samba 3.3.14
patch for Samba 3.4.11
patch for Samba 3.5.6
Denial of service - memory corruption all current releases CVE-2011-0719 Announcement
14 Sep 2010 patch for Samba 3.3.13
patch for Samba 3.4.8
patch for Samba 3.5.4
Buffer Overrun Vulnerability all current releases CVE-2010-3069 Announcement
16 Jun 2010 patch for Samba 3.3.12 and 3.2.15
patch for Samba 3.0.37
Memory Corruption Vulnerability 3.0.x, 3.2.x, 3.3.0-3.3.12 CVE-2010-2063 Announcement
08 Mar 2010 patch for Samba 3.5.0
patch for Samba 3.4.6
patch for Samba 3.3.11
Permission ignored 3.3.11, 3.4.6, 3.5.0 CVE-2010-0728 Announcement
02 Feb 2010 not available Change parameter "wide links" to default to "no" pre-3.4.6 CVE-2010-0926 Announcement
01 Oct 2009 patch 1 for Samba 3.4.1 patch 2 for Samba 3.4.1 patch 1 for Samba 3.3.7 patch 2 for Samba 3.3.7 patch 1 for Samba 3.2.14 patch 2 for Samba 3.2.14 patch 1 for Samba 3.0.36 patch 2 for Samba 3.0.36 Information disclosure by setuid mount.cifs all releases CVE-2009-2948 Announcement
01 Oct 2009 patch for Samba 3.4.1
patch for Samba 3.3.7
patch for Samba 3.2.14
patch for Samba 3.0.36
Remote DoS against smbd on authenticated connections all releases CVE-2009-2906 Announcement
01 Oct 2009 patch for Samba 3.4.1
patch for Samba 3.3.7
patch for Samba 3.2.14
patch for Samba 3.0.36
Misconfigured /etc/passwd file may share folders unexpectedly > 3.0.11 CVE-2009-2813 Announcement
23 Jun 2009 patch for Samba 3.3.5
patch for Samba 3.2.12
patch for Samba 3.0.34
Uninitialized read of a data value Samba 3.0.31 - 3.3.5 CVE-2009-1888 Announcement
23 Jun 2009 patch for Samba 3.2.12 Formatstring vulnerability in smbclient Samba 3.2.0 - 3.2.12 CVE-2009-1886 Announcement
05 Jan 2009 patch for Samba 3.2.6 Potential access to "/" in setups with registry shares enabled Samba 3.2.0 - 3.2.6 CVE-2009-0022 Announcement
27 Nov 2008 patch for Samba 3.0.32 patch for Samba 3.2.4 Potential leak of arbitrary memory contents Samba 3.0.29 - 3.2.4 CVE-2008-4314 Announcement
27 Aug 2008 patch 1 for Samba 3.2.2 patch 2 for Samba 3.2.2 Wrong permissions of group_mapping.ldb Samba 3.2.0 - 3.2.2 CVE-2008-3789 Announcement
29 May 2008 patch for Samba 3.0.29 Boundary failure when parsing SMB responses Samba 3.0.0 - 3.0.29 CVE-2008-1105 Announcement
10 Dec 2007 patch for Samba 3.0.27a Remote Code Execution in Samba's nmbd (send_mailslot()) Samba 3.0.0 - 3.0.27a CVE-2007-6015 Announcement
15 Nov 2007 patch for Samba 3.0.26a Remote Code Execution in Samba's nmbd Samba 3.0.0 - 3.0.26a CVE-2007-5398 Announcement
15 Nov 2007 patch for Samba 3.0.26a GETDC mailslot processing buffer overrun in nmbd Samba 3.0.0 - 3.0.26a CVE-2007-4572 Announcement
11 Sep 2007 patch for Samba 3.0.25 Incorrect primary group assignment for users using the rfc2307 or sfu nss info plugin. Samba 3.0.25 - 3.0.25c CVE-2007-4138 Announcement
14 May 2007 patch for Samba 3.0.24 Remote Command Injection Vulnerability (Updated June 5 to include missing "c" character from INCLUDE list). Samba 3.0.0 - 3.0.25rc3 CVE-2007-2447 Announcement
14 May 2007 patch for Samba 3.0.24 Multiple Heap Overflows Allow Remote Code Execution (Updated May 25 to fix regression in Samba domain controller logon code). Samba 3.0.0 - 3.0.25rc3 CVE-2007-2446 Announcement
14 May 2007 patch for Samba 3.0.24 Local SID/Name translation bug can result in user privilege elevation (Updated May 25 to fix regression in the "force group" parameter). Samba 3.0.23d - 3.0.25pre2 CVE-2007-2444 Announcement
5 Feb 2007 patch for Samba 3.0.23d Potential Denial of Service bug in smbd Samba 3.0.6 - 3.0.23d CVE-2007-0452 Announcement
5 Feb 2007 patch for Samba 3.0.23d Buffer overrun in NSS host lookup Winbind library on Solaris Samba 3.0.21 - 3.0.23d CVE-2007-0453 Announcement
5 Feb 2007 patch for Samba 3.0.23d Format string bug in afsacl.so VFS plugin Samba 3.0.6 - 3.0.23d CVE-2007-0454 Announcement
10 July 2006 patch for Samba 3.0.1 - 3.0.22 Memory exhaustion DoS against smbd Samba 3.0.1 - 3.0.22 CVE-2006-3403 Announcement
30 March 2006 patch for Samba 3.0.21[a-c] Exposure of machine account credentials in winbind log files Samba 3.0.21 - 3.0.21c CVE-2006-1059 Announcement
16 December 2004 patch for Samba 3.0.9 Integer Overflow in security descriptor parsing Samba 2.x, 3.0.x <= 3.0.9 CVE-2004-1154 Announcement
15 November 2004 patch for <=Samba 3.0.7 Buffer Overrun in smbd Samba 3.0.x <= 3.0.7 CVE-2004-0882 Announcement
8 November 2004 patch for <=Samba 3.0.7 Remote DoS Samba 3.0.x <= 3.0.7 CVE-2004-0930 Announcement
30 September 2004 Samba 2.2.12 and/or patch for <=Samba 3.0.2a Potential arbitrary file access Samba 2.2.x <=2.2.11 and Samba 3.0.x <=3.0.2a CVE-2004-0815 Announcement
13 Sept 2004 3.0.5 patch Two DoS bugs; one affecting smbd, the other nmbd. 3.0.x <= 3.0.6 CVE-2004-0807, CVE-2004-0808 Announcement
22 Jul 2004 3.0.5 Two potential buffer overruns >=3.0.2 CVE-2004-0600, CVE-2004-0686 CVE-2004-0600 Announcement CVE-2004-0686 Announcement
22 Jul 2004 2.2.10 Buffer overrun in hash mangling method all 2.2 releases CVE-2004-0686 release notes
9 Feb 2004 3.0.2a Password initialization bug that could grant an attacker unauthorized access to a user account created by the mksmbpasswd.sh shell script. >=3.0.0 CVE-2004-0082 Announcement
7 Apr 2003 2.2.8a Buffer overrun condition in the SMB/CIFS packet fragment re-assembly code. all 2.0 releases and <= 2.2.8 CVE-2003-0196, CVE-2003-0201 release notes
10 Dec 2002 2.2.7a Bug in the length checking for encrypted password change requests from clients. 2.2.2 - 2.2.6 CVE-2003-0085 release notes
23 Jun 2001 2.2.0a Bug in expansion of certain smb.conf variables such as %m that could grant an attacker the capability to overwrite arbitrary files on the server. Bug that causes smbd not to honor the hosts allow and deny smb.conf directives. 2.2.0   release notes
23 Jun 2001 2.0.10 Bug in the handling of temporary files that allows local users to destroy data on local devices. >= 2.0.0   release notes

If you suspect you have discovered a serious security hole in a Samba release, please send an email to security@samba.org.

Donations


Nowadays, the Samba Team needs a dollar instead of pizza ;-)

Beyond Samba

Commercial Support

Global · By Country

Conferences

sambaXP by SerNet
SDC by SNIA

Releases

Current stable release

Samba 4.11.2 (gzipped)
Release Notes · Signature

Release History

Versions & Notes

Maintenance

Patches · Security Updates · GPG Key

Future

Release Planning · Roadmap