14 DAY TRIAL // Samba 4.1.6, an app that seamlessly integrates Linux/Unix servers and desktops into Active Directory environments using the winbind daemon, has been officially released to fix a couple of very annoying problems.
This is just a maintenance build in the 4.1.x branch, featuring only a couple of fixes that have been shared with the 4.0.x build.
The most important of the two changes is about a password lockout that was not enforced for SAMR password changes.
“Samba versions 3.4.0 and above allow the administrator to implement locking out Samba accounts after a number of bad password attempts. However, all released versions of Samba did not implement this check for password changes, such as are available over multiple SAMR and RAP interfaces, allowing password guessing attacks,” reads the security announcement.
Also, all the Samba releases in the 4.0 branch had a flaw in the smbcacls command, which needed to be corrected. According to the developers, when smbcacls was used with the “-C|--chown name” or “-G|--chgrp name” options, the existing ACL would be removed, possibly leaving a folder unprotected.
More details about this release can be found in the official announcement, where you can also study the exact issues mentioned in the security advisory.