enterprise-support team mailing list archive

Thread
Date

[Bug 2028265] [NEW] Merge samba from Debian unstable for mantic Edit

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Andreas Hasenack <2028265@xxxxxxxxxxxxxxxxxx>
Date: Thu, 20 Jul 2023 13:11:40 -0000
Reply-to: Bug 2028265 <2028265@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

    2:4.18.5+dfsg-1 (patches unapplied)
    
    Imported using git-ubuntu import.

Notes (changelog):
      * new upstream stable/security release 4.18.5, including:
       o CVE-2022-2127:  When winbind is used for NTLM authentication,
         a maliciously crafted request can trigger an out-of-bounds read
         in winbind and possibly crash it.
         https://www.samba.org/samba/security/CVE-2022-2127.html
       o CVE-2023-3347:  SMB2 packet signing is not enforced if an admin
         configured "server signing = required" or for SMB2 connections to
         Domain Controllers where SMB2 packet signing is mandatory.
         https://www.samba.org/samba/security/CVE-2023-3347.html
       o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service
         for Spotlight can be triggered by an unauthenticated attacker by
         issuing a malformed RPC request.
         https://www.samba.org/samba/security/CVE-2023-34966.html
       o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service
         for Spotlight can be used by an unauthenticated attacker to trigger
         a process crash in a shared RPC mdssvc worker process.
         https://www.samba.org/samba/security/CVE-2023-34967.html
       o CVE-2023-34968: As part of the Spotlight protocol Samba discloses
         the server-side absolute path of shares and files and directories
         in search results.
         https://www.samba.org/samba/security/CVE-2023-34968.html
       o BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
         https://bugzilla.samba.org/show_bug.cgi?id=15418
         (this has been patched in the previous upload; Closes: #1041043)

** Affects: samba (Ubuntu)
     Importance: High
         Status: In Progress


** Tags: needs-merge

** Changed in: samba (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2028265

Title:
  Merge samba from Debian unstable for mantic Edit

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2028265/+subscriptions

Follow ups

[Bug 2028265] Re: Merge samba from Debian unstable for mantic
From: Launchpad Bug Tracker, 2023-07-27