Package "samba"

Name:	samba
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: clustered database to store temporary data tools for viewing and manipulating the Windows registry test suite from Samba
Latest version:	2:4.15.13+dfsg-0ubuntu0.20.04.7
Release:	focal (20.04)
Level:	security
Repository:	universe

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "samba" in Focal

Repository	Area	Version
base	main	2:4.11.6+dfsg-0ubuntu1
base	universe	2:4.11.6+dfsg-0ubuntu1
security	main	2:4.15.13+dfsg-0ubuntu0.20.04.7
updates	main	2:4.15.13+dfsg-0ubuntu0.20.04.8
updates	universe	2:4.15.13+dfsg-0ubuntu0.20.04.8

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 2:4.15.13+dfsg-0ubuntu0.20.04.7 2023-10-11 21:06:49 UTC

samba (2:4.15.13+dfsg-0ubuntu0.20.04.7) focal-security; urgency=medium * No-change rebuild to fix build issue resulting in regressions. (LP: #2039031) -- Marc Deslauriers <email address hidden> Wed, 11 Oct 2023 13:30:13 -0400

Source diff to previous version

2039031

User Home directory not accessible after samba security update applied

Version: 2:4.15.13+dfsg-0ubuntu0.20.04.6 2023-10-10 16:07:28 UTC

Version: 2:4.15.13+dfsg-0ubuntu0.20.04.6	2023-10-10 16:07:28 UTC
samba (2:4.15.13+dfsg-0ubuntu0.20.04.6) focal-security; urgency=medium * SECURITY UPDATE: SMB clients can truncate files with read-only permissions - debian/patches/CVE-2023-4091-.patch - CVE-2023-4091 SECURITY UPDATE: Samba AD DC password exposure to privileged users and RODCs - debian/patches/CVE-2023-4154-.patch - CVE-2023-4154 SECURITY UPDATE: rpcecho development server allows Denial of Service via sleep() call on AD DC - debian/patches/CVE-2023-42669.patch - CVE-2023-42669 -- Marc Deslauriers <email address hidden> Wed, 04 Oct 2023 09:02:06 -0400
Source diff to previous version

samba (2:4.15.13+dfsg-0ubuntu0.20.04.6) focal-security; urgency=medium * SECURITY UPDATE: SMB clients can truncate files with read-only permissions - debian/patches/CVE-2023-4091-*.patch - CVE-2023-4091 * SECURITY UPDATE: Samba AD DC password exposure to privileged users and RODCs - debian/patches/CVE-2023-4154-*.patch - CVE-2023-4154 * SECURITY UPDATE: rpcecho development server allows Denial of Service via sleep() call on AD DC - debian/patches/CVE-2023-42669.patch - CVE-2023-42669 -- Marc Deslauriers <email address hidden> Wed, 04 Oct 2023 09:02:06 -0400

Source diff to previous version

Version: 2:4.15.13+dfsg-0ubuntu0.20.04.3 2023-07-19 17:07:09 UTC

samba (2:4.15.13+dfsg-0ubuntu0.20.04.3) focal-security; urgency=medium * SECURITY UPDATE: Out-Of-Bounds read in winbind AUTH_CRAP - debian/patches/CVE-2022-2127-*.patch - CVE-2022-2127 * SECURITY UPDATE: Spotlight mdssvc RPC Request Infinite Loop DoS - debian/patches/CVE-2023-34966-*.patch - CVE-2023-34966 * SECURITY UPDATE: Spotlight mdssvc RPC Request Type Confusion DoS - debian/patches/CVE-2023-34967-*.patch - CVE-2023-34967 * SECURITY UPDATE: Spotlight server-side Share Path Disclosure - debian/patches/CVE-2023-34968-*.patch - CVE-2023-34968 -- Marc Deslauriers <email address hidden> Tue, 11 Jul 2023 08:45:47 -0400

Source diff to previous version

CVE-2022-2127

RESERVED

Version: 2:4.15.13+dfsg-0ubuntu0.20.04.2 2023-04-03 15:06:55 UTC

samba (2:4.15.13+dfsg-0ubuntu0.20.04.2) focal-security; urgency=medium * SECURITY UPDATE: Access controlled AD LDAP attributes can be discovered - debian/patches/CVE-2023-0614-*.patch: upstream patches to fix the issue (some of these aren't directly used in this package as they apply to the ldb library which is updated separately). - debian/control: bump ldb Build-Depends to security update version. - CVE-2023-0614 * SECURITY UPDATE: admin tool samba-tool sends passwords in cleartext - debian/patches/CVE-2023-0922.patch: set default ldap client sasl wrapping to seal. - CVE-2023-0922 -- Marc Deslauriers <email address hidden> Thu, 30 Mar 2023 09:25:19 -0400

Source diff to previous version

CVE-2023-0614	Access controlled AD LDAP attributes can be discovered
CVE-2023-0922	Samba AD DC admin tool samba-tool sends passwords in cleartext

Version: 2:4.15.13+dfsg-0ubuntu0.20.04.1 2023-03-08 15:06:51 UTC

samba (2:4.15.13+dfsg-0ubuntu0.20.04.1) focal-security; urgency=medium * Update to 4.15.13 as a security update - Removed patches included in new version: + CVE-*.patch + win-22H2-fix*.patch + Rename-mdfind-to-mdsearch.patch + lp-1951490-fix-printing-KB5006743.patch - d/rules: remove --with-dnsupdate, it was merged with --with-ads. - debian/control: bump libldb-dev Build-Depends to 2.4.4, bump libtalloc to 2.3.3, libtdb to 1.4.4, and libtevent to 0.11.0. - debian/control: added python3-markdown to Build-Depends. - debian/{gpb.conf,watch,README.source}: updated for 4.15. - debian/{*.install,*.symbols,*.lintian-overrides}: updated for 4.15. - debian/rules: drop fixing of findsmb shebang. - debian/rules: drop removal of ctdb tests, they are no longer installed. - CVE-2022-3437, CVE-2022-37966, CVE-2022-37967, CVE-2022-38023, CVE-2022-42898, CVE-2022-45141 -- Marc Deslauriers <email address hidden> Fri, 24 Feb 2023 07:31:43 -0500

CVE-2022-3437	Buffer overflow in Heimdal unwrap_des3()
CVE-2022-37966	Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.
CVE-2022-37967	Windows Kerberos Elevation of Privilege Vulnerability.
CVE-2022-38023	Netlogon RPC Elevation of Privilege Vulnerability.
CVE-2022-42898	PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC,
CVE-2022-45141	Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that

About - Send Feedback to @ubuntu_updates

Package "samba"

Links

Other versions of "samba" in Focal

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

updates

proposed

security

PPA updates