samba-4.16.4

[Bruce Dubbs]

New point version.

[Douglas R. Reno]

                   ==============================
                   Release Notes for Samba 4.16.4
                           July 27, 2022
                   ==============================


This is a security release in order to address the following defects:

o CVE-2022-2031:  Samba AD users can bypass certain restrictions associated with
                  changing passwords.
                  https://www.samba.org/samba/security/CVE-2022-2031.html

o CVE-2022-32744: Samba AD users can forge password change requests for any user.
                  https://www.samba.org/samba/security/CVE-2022-32744.html

o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
                  or modify request.
                  https://www.samba.org/samba/security/CVE-2022-32745.html

o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
                  process with an LDAP add or modify request.
                  https://www.samba.org/samba/security/CVE-2022-32746.html

o CVE-2022-32742: Server memory information leak via SMB1.
                  https://www.samba.org/samba/security/CVE-2022-32742.html

Changes since 4.16.3
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15085: CVE-2022-32742.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 15009: CVE-2022-32746.

o  Andreas Schneider <asn@samba.org>
   * BUG 15047: CVE-2022-2031.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15008: CVE-2022-32745.
   * BUG 15009: CVE-2022-32746.
   * BUG 15047: CVE-2022-2031.
   * BUG 15074: CVE-2022-32744.

[Douglas R. Reno]

Fixed at 56bd9e34af3c1700649b49e52fb46ed2213a5ef4

I will file the advisory either tonight or once I return from vacation.