UbuntuUpdates.org

Package "libpam-winbind"

Name: libpam-winbind

Description:

Windows domain authentication integration plugin
Latest version: 2:4.15.13+dfsg-0ubuntu1.10
Release: jammy (22.04)
Level: security
Repository: main
Head package: samba
Homepage: http://www.samba.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libpam-winbind"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libpam-winbind" in Jammy

Repository Area Version
base main 2:4.15.5~dfsg-0ubuntu5
updates main 2:4.15.13+dfsg-0ubuntu1.10

Changelog

Version: 2:4.15.13+dfsg-0ubuntu1.10 2025-10-16 10:07:14 UTC

  samba (2:4.15.13+dfsg-0ubuntu1.10) jammy-security; urgency=medium

  * SECURITY UPDATE: uninitialized memory disclosure via vfs_streams_xattr
    - debian/patches/CVE-2025-9640-1.patch: add torture test for inserting
      hole in stream in source3/selftest/tests.py, source4/torture/*.
    - debian/patches/CVE-2025-9640-2.patch: fix unitialized write in
      source3/modules/vfs_streams_xattr.c.
    - CVE-2025-9640
  * SECURITY UPDATE: command injection via WINS server hook script
    - debian/patches/CVE-2025-10230-1.patch: check that wins hook sanitizes
      names in python/samba/tests/usage.py, selftest/*, source4/torture/*,
      testprogs/blackbox/wins_hook_test.
    - debian/patches/CVE-2025-10230-2.patch: restrict names fed to shell in
      source4/nbt_server/wins/wins_hook.c.
    - CVE-2025-10230

 -- Marc Deslauriers <email address hidden> Thu, 09 Oct 2025 09:51:42 -0400
Source diff to previous version
CVE-2025-9640 A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows
CVE-2025-10230 Command injection via WINS server hook script

Version: 2:4.15.13+dfsg-0ubuntu1.5 2023-10-10 16:07:30 UTC

  samba (2:4.15.13+dfsg-0ubuntu1.5) jammy-security; urgency=medium

  * SECURITY UPDATE: SMB clients can truncate files with read-only
    permissions
    - debian/patches/CVE-2023-4091-*.patch
    - CVE-2023-4091
  * SECURITY UPDATE: Samba AD DC password exposure to privileged users and
    RODCs
    - debian/patches/CVE-2023-4154-*.patch
    - CVE-2023-4154
  * SECURITY UPDATE: rpcecho development server allows Denial of Service
    via sleep() call on AD DC
    - debian/patches/CVE-2023-42669.patch
    - CVE-2023-42669

 -- Marc Deslauriers <email address hidden> Wed, 04 Oct 2023 08:38:27 -0400
Source diff to previous version

Version: 2:4.15.13+dfsg-0ubuntu1.2 2023-07-19 17:07:12 UTC

  samba (2:4.15.13+dfsg-0ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Out-Of-Bounds read in winbind AUTH_CRAP
    - debian/patches/CVE-2022-2127-*.patch
    - CVE-2022-2127
  * SECURITY UPDATE: Spotlight mdssvc RPC Request Infinite Loop DoS
    - debian/patches/CVE-2023-34966-*.patch
    - CVE-2023-34966
  * SECURITY UPDATE: Spotlight mdssvc RPC Request Type Confusion DoS
    - debian/patches/CVE-2023-34967-*.patch
    - CVE-2023-34967
  * SECURITY UPDATE: Spotlight server-side Share Path Disclosure
    - debian/patches/CVE-2023-34968-*.patch
    - CVE-2023-34968

 -- Marc Deslauriers <email address hidden> Tue, 11 Jul 2023 08:44:35 -0400
Source diff to previous version
CVE-2022-2127 RESERVED

Version: 2:4.15.13+dfsg-0ubuntu1.1 2023-04-03 15:06:58 UTC

  samba (2:4.15.13+dfsg-0ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Access controlled AD LDAP attributes can be discovered
    - debian/patches/CVE-2023-0614-*.patch: upstream patches to fix the
      issue (some of these aren't directly used in this package as they
      apply to the ldb library which is updated separately).
    - debian/control: bump ldb Build-Depends to security update version.
    - CVE-2023-0614
  * SECURITY UPDATE: admin tool samba-tool sends passwords in cleartext
    - debian/patches/CVE-2023-0922.patch: set default ldap client sasl
      wrapping to seal.
    - CVE-2023-0922

 -- Marc Deslauriers <email address hidden> Thu, 30 Mar 2023 09:25:19 -0400
Source diff to previous version
CVE-2023-0614 Access controlled AD LDAP attributes can be discovered
CVE-2023-0922 Samba AD DC admin tool samba-tool sends passwords in cleartext

Version: 2:4.15.13+dfsg-0ubuntu1 2023-01-24 15:07:42 UTC

  samba (2:4.15.13+dfsg-0ubuntu1) jammy-security; urgency=medium

  * Updated to upstream 4.15.13 to fix multiple security issues.
    - debian/patches/win-22H2-fix.patch: removed, included in new version.
    - CVE-2022-3437
    - CVE-2022-37966
    - CVE-2022-37967
    - CVE-2022-38023
    - CVE-2022-42898
    - CVE-2022-45141

 -- Marc Deslauriers <email address hidden> Tue, 10 Jan 2023 10:04:53 -0500
CVE-2022-3437 Buffer overflow in Heimdal unwrap_des3()
CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.
CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability.
CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability.
CVE-2022-42898 PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC,


About   -   Send Feedback to @ubuntu_updates