Package "libsmbclient"
Name: |
libsmbclient
|
Description: |
shared library for communication with SMB/CIFS servers
|
Latest version: |
2:4.15.13+dfsg-0ubuntu1.5 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
main |
Head package: |
samba |
Homepage: |
http://www.samba.org |
Links
Download "libsmbclient"
Other versions of "libsmbclient" in Jammy
Changelog
samba (2:4.15.13+dfsg-0ubuntu1.5) jammy-security; urgency=medium
* SECURITY UPDATE: SMB clients can truncate files with read-only
permissions
- debian/patches/CVE-2023-4091-*.patch
- CVE-2023-4091
* SECURITY UPDATE: Samba AD DC password exposure to privileged users and
RODCs
- debian/patches/CVE-2023-4154-*.patch
- CVE-2023-4154
* SECURITY UPDATE: rpcecho development server allows Denial of Service
via sleep() call on AD DC
- debian/patches/CVE-2023-42669.patch
- CVE-2023-42669
-- Marc Deslauriers <email address hidden> Wed, 04 Oct 2023 08:38:27 -0400
|
Source diff to previous version |
samba (2:4.15.13+dfsg-0ubuntu1.2) jammy-security; urgency=medium
* SECURITY UPDATE: Out-Of-Bounds read in winbind AUTH_CRAP
- debian/patches/CVE-2022-2127-*.patch
- CVE-2022-2127
* SECURITY UPDATE: Spotlight mdssvc RPC Request Infinite Loop DoS
- debian/patches/CVE-2023-34966-*.patch
- CVE-2023-34966
* SECURITY UPDATE: Spotlight mdssvc RPC Request Type Confusion DoS
- debian/patches/CVE-2023-34967-*.patch
- CVE-2023-34967
* SECURITY UPDATE: Spotlight server-side Share Path Disclosure
- debian/patches/CVE-2023-34968-*.patch
- CVE-2023-34968
-- Marc Deslauriers <email address hidden> Tue, 11 Jul 2023 08:44:35 -0400
|
Source diff to previous version |
|
samba (2:4.15.13+dfsg-0ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: Access controlled AD LDAP attributes can be discovered
- debian/patches/CVE-2023-0614-*.patch: upstream patches to fix the
issue (some of these aren't directly used in this package as they
apply to the ldb library which is updated separately).
- debian/control: bump ldb Build-Depends to security update version.
- CVE-2023-0614
* SECURITY UPDATE: admin tool samba-tool sends passwords in cleartext
- debian/patches/CVE-2023-0922.patch: set default ldap client sasl
wrapping to seal.
- CVE-2023-0922
-- Marc Deslauriers <email address hidden> Thu, 30 Mar 2023 09:25:19 -0400
|
Source diff to previous version |
CVE-2023-0614 |
Access controlled AD LDAP attributes can be discovered |
CVE-2023-0922 |
Samba AD DC admin tool samba-tool sends passwords in cleartext |
|
samba (2:4.15.13+dfsg-0ubuntu1) jammy-security; urgency=medium
* Updated to upstream 4.15.13 to fix multiple security issues.
- debian/patches/win-22H2-fix.patch: removed, included in new version.
- CVE-2022-3437
- CVE-2022-37966
- CVE-2022-37967
- CVE-2022-38023
- CVE-2022-42898
- CVE-2022-45141
-- Marc Deslauriers <email address hidden> Tue, 10 Jan 2023 10:04:53 -0500
|
Source diff to previous version |
CVE-2022-3437 |
Buffer overflow in Heimdal unwrap_des3() |
CVE-2022-37966 |
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. |
CVE-2022-37967 |
Windows Kerberos Elevation of Privilege Vulnerability. |
CVE-2022-38023 |
Netlogon RPC Elevation of Privilege Vulnerability. |
CVE-2022-42898 |
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, |
|
samba (2:4.15.9+dfsg-0ubuntu0.2) jammy-security; urgency=medium
* Updated to 2.15.9 to fix multiple security issues.
- debian/control: require ldb 2.4.4.
- debian/*install: install libsmbconf.so*.
- debian/libwbclient0.symbols: updated symbols for new version.
- CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745,
CVE-2022-32746
* Removed patches included in new version:
- lp-1951490-fix-printing-KB5006743.patch
- add-support-for-bind-918.patch
- add-support-for-bind-918-2.patch
- lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch
- lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch
-- Marc Deslauriers <email address hidden> Thu, 28 Jul 2022 08:07:32 -0400
|
CVE-2022-2031 |
Samba AD users can bypass certain restrictions associated with changing passwords |
CVE-2022-32742 |
Server memory information leak via SMB1 |
CVE-2022-32744 |
Samba AD users can forge password change requests for any user |
CVE-2022-32745 |
Samba AD users can crash the server process with an LDAP add or modify request |
CVE-2022-32746 |
Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request |
|
About
-
Send Feedback to @ubuntu_updates