enterprise-support team mailing list archive

Thread
Date

Re: [Question #709563]: Samba CVE-2021-44142 release for Jammy

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Manfred Hampl <question709563@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 13 Mar 2024 15:00:44 -0000
Reply-to: question709563@xxxxxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Question #709563 on samba in Ubuntu changed:
https://answers.launchpad.net/ubuntu/+source/samba/+question/709563

    Status: Open => Answered

Manfred Hampl proposed the following answer:
That CVE was already tackled during development and before publishing of Ubuntu jammy.
It seems to me that version 4.13.17~dfsg-0ubuntu1 was the first one that solved the problem, and already at publishing date of Ubuntu jammy, samba was provided in a higher version (2:4.15.5~dfsg-0ubuntu5) which is not vulnerable to CVE-2021-44142.

My understanding of the CVE listings in Ubuntu is, that the first
version that is not vulnerable to the CVE is shown on that page, and
later updates done on the software, are not shown any more.

In any case, I conclude from combining the information in
https://ubuntu.com/security/CVE-2021-44142 and in
https://launchpad.net/ubuntu/+source/samba that any version of samba in
Ubuntu jammy from the official repositories does not exhibit the problem
in that CVE.

Remark: It may be a bit confusing that sometimes the epoch number "2:"
is shown as part of the version numbers, and sometimes it is missing.

-- 
You received this question notification because your team Ubuntu
Server/Client Support Team is an answer contact for samba in Ubuntu.