Samba 4.6.6 (gzipped)
Signature
Patch (gzipped) against Samba 4.6.5
Signature
=============================
Release Notes for Samba 4.6.6
July 12, 2017
=============================
This is a security release in order to address the following defect:
o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass)
=======
Details
=======
o CVE-2017-11103 (Heimdal):
All versions of Samba from 4.0.0 onwards using embedded Heimdal
Kerberos are vulnerable to a man-in-the-middle attack impersonating
a trusted server, who may gain elevated access to the domain by
returning malicious replication or authorization data.
Samba binaries built against MIT Kerberos are not vulnerable.
Changes since 4.6.5:
---------------------
o Jeffrey Altman <jaltman@secure-endpoints.com>
* BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation