Package "samba"
Name: |
samba
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- clustered database to store temporary data
- tools for viewing and manipulating the Windows registry
- test suite from Samba
|
Latest version: |
2:4.15.13+dfsg-0ubuntu0.20.04.7 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "samba" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
samba (2:4.13.17~dfsg-0ubuntu1.20.04.5) focal-security; urgency=medium
* SECURITY UPDATE: Multiple regressions (LP: #2003867) (LP: #2003891)
- debian/patches/series: disable all security fixes from the previous
update pending further investigation. This reverts the following
CVEs: CVE-2022-3437, CVE-2022-42898, CVE-2022-45141, CVE-2022-38023,
CVE-2022-37966, CVE-2022-37967.
-- Marc Deslauriers <email address hidden> Thu, 26 Jan 2023 09:03:40 -0500
|
Source diff to previous version |
2003867 |
Samba user home path not accessible if directory added after %U - canonicalize_connect_path failed |
2003891 |
Can not authenticate on Windows after upgrading samba AD packages to version 2:4.13.17~dfsg-0ubuntu1.20.04.4 |
CVE-2022-3437 |
Buffer overflow in Heimdal unwrap_des3() |
CVE-2022-42898 |
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, |
CVE-2022-38023 |
Netlogon RPC Elevation of Privilege Vulnerability. |
CVE-2022-37966 |
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. |
CVE-2022-37967 |
Windows Kerberos Elevation of Privilege Vulnerability. |
|
samba (2:4.13.17~dfsg-0ubuntu1.20.04.4) focal-security; urgency=medium
* SECURITY UPDATE: Buffer overflow in Heimdal unwrap_des3()
- debian/patches/CVE-2022-3437-*.patch
- CVE-2022-3437
* SECURITY UPDATE: Buffer overflow vulnerabilities on 32-bit systems
- debian/patches/CVE-2022-42898-*.patch
- CVE-2022-42898
* SECURITY UPDATE: Samba AD DC can be forced to issue rc4-hmac encrypted
Kerberos tickets
- debian/patches/CVE-2022-45141-*.patch
- CVE-2022-45141
* SECURITY UPDATE: RC4/HMAC-MD5 NetLogon Secure Channel is weak and
should be avoided
- debian/patches/CVE-2022-38023-*.patch
- CVE-2022-38023
* SECURITY UPDATE: rc4-hmac Kerberos session keys issued to modern servers
- debian/patches/CVE-2022-3796x-*.patch
- CVE-2022-37966
* SECURITY UPDATE: Kerberos constrained delegation ticket forgery
possible against Samba AD DC
- debian/patches/CVE-2022-3796x-*.patch
- CVE-2022-37967
* debian/patches/win-22H2-fix.patch: split git-style patch into three
individual patches so that it can be manipulated properly with quilt.
* debian/patches/CVE-2022-44640-*.patch: Heimdal issue that did not
affect Samba, but patches included for completeness.
-- Marc Deslauriers <email address hidden> Wed, 11 Jan 2023 11:12:16 -0500
|
Source diff to previous version |
CVE-2022-3437 |
Buffer overflow in Heimdal unwrap_des3() |
CVE-2022-42898 |
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, |
CVE-2022-38023 |
Netlogon RPC Elevation of Privilege Vulnerability. |
CVE-2022-3796 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that i |
CVE-2022-37966 |
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. |
CVE-2022-37967 |
Windows Kerberos Elevation of Privilege Vulnerability. |
CVE-2022-44640 |
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Cen |
|
samba (2:4.13.17~dfsg-0ubuntu1.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: MaxQueryDuration not honoured in Samba AD DC LDAP
- debian/patches/CVE-2021-3670-*.patch
- CVE-2021-3670
* SECURITY UPDATE: Samba AD users can bypass certain restrictions
associated with changing passwords
- debian/patches/CVE-2022-2031-*.patch
- CVE-2022-2031
* SECURITY UPDATE: Server memory information leak via SMB1
- debian/patches/CVE-2022-32742-*.patch
- CVE-2022-32742
* SECURITY UPDATE: Samba AD users can forge password change requests for
any user
- debian/patches/CVE-2022-2031-*.patch
- CVE-2022-32744
* SECURITY UPDATE: Samba AD users can crash the server process with an
LDAP add or modify request
- debian/patches/CVE-2022-32745_6-*.patch
- CVE-2022-32745
* SECURITY UPDATE: Samba AD users can induce a use-after-free in the
server process with an LDAP add or modify request
- debian/patches/CVE-2022-32745_6-*.patch
- CVE-2022-32746
* debian/control: Build-Depends on ldb security update.
* Fix version string to match focal.
-- Marc Deslauriers <email address hidden> Mon, 18 Jul 2022 08:52:26 -0400
|
Source diff to previous version |
CVE-2021-3670 |
MaxQueryDuration not honoured in Samba AD DC LDAP |
CVE-2022-2031 |
Samba AD users can bypass certain restrictions associated with changing passwords |
CVE-2022-32742 |
Server memory information leak via SMB1 |
CVE-2022-32744 |
Samba AD users can forge password change requests for any user |
CVE-2022-32745 |
Samba AD users can crash the server process with an LDAP add or modify request |
CVE-2022-32746 |
Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request |
|
samba (2:4.13.17~dfsg-0ubuntu0.21.04.1) focal-security; urgency=medium
* Update to 4.13.17 as a security update
- CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
* Removed patches included in new version:
- debian/patches/trusted_domain_regression_fix.patch
- debian/patches/bug14901-*.patch
- debian/patches/bug14922.patch
-- Marc Deslauriers <email address hidden> Mon, 31 Jan 2022 08:11:13 -0500
|
Source diff to previous version |
CVE-2021-43566 |
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area o |
CVE-2021-44142 |
Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution |
CVE-2022-0336 |
Samba AD users with permission to write to an account can impersonate arbitrary services |
|
samba (2:4.13.14+dfsg-0ubuntu0.20.04.4) focal-security; urgency=medium
* SECURITY REGRESSION: Kerberos authentication on standalone server in
MIT realm broken
- debian/patches/bug14922.patch: fix MIT Realm regression in
source3/auth/user_krb5.c.
-- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:12:25 -0500
|
About
-
Send Feedback to @ubuntu_updates