UbuntuUpdates.org

Package "libnss-winbind"

Name: libnss-winbind

Description:

Samba nameservice integration plugins

Latest version: 2:4.15.13+dfsg-0ubuntu0.20.04.8
Release: focal (20.04)
Level: updates
Repository: main
Head package: samba
Homepage: http://www.samba.org

Links


Download "libnss-winbind"


Other versions of "libnss-winbind" in Focal

Repository Area Version
base main 2:4.11.6+dfsg-0ubuntu1
security main 2:4.15.13+dfsg-0ubuntu0.20.04.7

Changelog

Version: 2:4.15.13+dfsg-0ubuntu0.20.04.3 2023-07-19 17:07:08 UTC

  samba (2:4.15.13+dfsg-0ubuntu0.20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: Out-Of-Bounds read in winbind AUTH_CRAP
    - debian/patches/CVE-2022-2127-*.patch
    - CVE-2022-2127
  * SECURITY UPDATE: Spotlight mdssvc RPC Request Infinite Loop DoS
    - debian/patches/CVE-2023-34966-*.patch
    - CVE-2023-34966
  * SECURITY UPDATE: Spotlight mdssvc RPC Request Type Confusion DoS
    - debian/patches/CVE-2023-34967-*.patch
    - CVE-2023-34967
  * SECURITY UPDATE: Spotlight server-side Share Path Disclosure
    - debian/patches/CVE-2023-34968-*.patch
    - CVE-2023-34968

 -- Marc Deslauriers <email address hidden> Tue, 11 Jul 2023 08:45:47 -0400

Source diff to previous version
CVE-2022-2127 RESERVED

Version: 2:4.15.13+dfsg-0ubuntu0.20.04.2 2023-04-03 17:07:00 UTC

  samba (2:4.15.13+dfsg-0ubuntu0.20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: Access controlled AD LDAP attributes can be discovered
    - debian/patches/CVE-2023-0614-*.patch: upstream patches to fix the
      issue (some of these aren't directly used in this package as they
      apply to the ldb library which is updated separately).
    - debian/control: bump ldb Build-Depends to security update version.
    - CVE-2023-0614
  * SECURITY UPDATE: admin tool samba-tool sends passwords in cleartext
    - debian/patches/CVE-2023-0922.patch: set default ldap client sasl
      wrapping to seal.
    - CVE-2023-0922

 -- Marc Deslauriers <email address hidden> Thu, 30 Mar 2023 09:25:19 -0400

Source diff to previous version
CVE-2023-0614 Access controlled AD LDAP attributes can be discovered
CVE-2023-0922 Samba AD DC admin tool samba-tool sends passwords in cleartext

Version: 2:4.15.13+dfsg-0ubuntu0.20.04.1 2023-03-08 17:06:54 UTC

  samba (2:4.15.13+dfsg-0ubuntu0.20.04.1) focal-security; urgency=medium

  * Update to 4.15.13 as a security update
    - Removed patches included in new version:
      + CVE-*.patch
      + win-22H2-fix*.patch
      + Rename-mdfind-to-mdsearch.patch
      + lp-1951490-fix-printing-KB5006743.patch
    - d/rules: remove --with-dnsupdate, it was merged with --with-ads.
    - debian/control: bump libldb-dev Build-Depends to 2.4.4, bump
      libtalloc to 2.3.3, libtdb to 1.4.4, and libtevent to 0.11.0.
    - debian/control: added python3-markdown to Build-Depends.
    - debian/{gpb.conf,watch,README.source}: updated for 4.15.
    - debian/{*.install,*.symbols,*.lintian-overrides}: updated for 4.15.
    - debian/rules: drop fixing of findsmb shebang.
    - debian/rules: drop removal of ctdb tests, they are no longer
      installed.
    - CVE-2022-3437, CVE-2022-37966, CVE-2022-37967, CVE-2022-38023,
      CVE-2022-42898, CVE-2022-45141

 -- Marc Deslauriers <email address hidden> Fri, 24 Feb 2023 07:31:43 -0500

Source diff to previous version
CVE-2022-3437 Buffer overflow in Heimdal unwrap_des3()
CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.
CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability.
CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability.
CVE-2022-42898 PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC,
CVE-2022-45141 Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that

Version: 2:4.13.17~dfsg-0ubuntu1.20.04.5 2023-01-27 00:07:05 UTC

  samba (2:4.13.17~dfsg-0ubuntu1.20.04.5) focal-security; urgency=medium

  * SECURITY UPDATE: Multiple regressions (LP: #2003867) (LP: #2003891)
    - debian/patches/series: disable all security fixes from the previous
      update pending further investigation. This reverts the following
      CVEs: CVE-2022-3437, CVE-2022-42898, CVE-2022-45141, CVE-2022-38023,
      CVE-2022-37966, CVE-2022-37967.

 -- Marc Deslauriers <email address hidden> Thu, 26 Jan 2023 09:03:40 -0500

Source diff to previous version
2003867 Samba user home path not accessible if directory added after %U - canonicalize_connect_path failed
2003891 Can not authenticate on Windows after upgrading samba AD packages to version 2:4.13.17~dfsg-0ubuntu1.20.04.4
CVE-2022-3437 Buffer overflow in Heimdal unwrap_des3()
CVE-2022-42898 PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC,
CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability.
CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.
CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability.

Version: 2:4.13.17~dfsg-0ubuntu1.20.04.4 2023-01-24 15:07:39 UTC

  samba (2:4.13.17~dfsg-0ubuntu1.20.04.4) focal-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow in Heimdal unwrap_des3()
    - debian/patches/CVE-2022-3437-*.patch
    - CVE-2022-3437
  * SECURITY UPDATE: Buffer overflow vulnerabilities on 32-bit systems
    - debian/patches/CVE-2022-42898-*.patch
    - CVE-2022-42898
  * SECURITY UPDATE: Samba AD DC can be forced to issue rc4-hmac encrypted
    Kerberos tickets
    - debian/patches/CVE-2022-45141-*.patch
    - CVE-2022-45141
  * SECURITY UPDATE: RC4/HMAC-MD5 NetLogon Secure Channel is weak and
    should be avoided
    - debian/patches/CVE-2022-38023-*.patch
    - CVE-2022-38023
  * SECURITY UPDATE: rc4-hmac Kerberos session keys issued to modern servers
    - debian/patches/CVE-2022-3796x-*.patch
    - CVE-2022-37966
  * SECURITY UPDATE: Kerberos constrained delegation ticket forgery
    possible against Samba AD DC
    - debian/patches/CVE-2022-3796x-*.patch
    - CVE-2022-37967
  * debian/patches/win-22H2-fix.patch: split git-style patch into three
    individual patches so that it can be manipulated properly with quilt.
  * debian/patches/CVE-2022-44640-*.patch: Heimdal issue that did not
    affect Samba, but patches included for completeness.

 -- Marc Deslauriers <email address hidden> Wed, 11 Jan 2023 11:12:16 -0500

CVE-2022-3437 Buffer overflow in Heimdal unwrap_des3()
CVE-2022-42898 PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC,
CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability.
CVE-2022-3796 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that i
CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.
CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability.
CVE-2022-44640 Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Cen



About   -   Send Feedback to @ubuntu_updates