Publishing details

• Published on 2022-09-10

Changelog

samba (2:4.13.13+dfsg-1~deb11u5) bullseye-security; urgency=medium

  * 3 patches:
    - CVE-2022-32742-bug-15085-4.13.patch
    - kpasswd_bugs_v15_4-13.patch
    - ldb-memory-bug-15096-4.13-v3.patch
    fixing:
    o CVE-2022-2031: Samba AD users can bypass certain restrictions associated
      with changing passwords.
      https://www.samba.org/samba/security/CVE-2022-2031.html
    o CVE-2022-32742: Server memory information leak via SMB1.
      https://www.samba.org/samba/security/CVE-2022-32742.html
    o CVE-2022-32744: Samba AD users can forge password change requests
      for any user.
      https://www.samba.org/samba/security/CVE-2022-32744.html
    o CVE-2022-32745: Samba AD users can crash the server process with an LDAP
      add or modify request.
      https://www.samba.org/samba/security/CVE-2022-32745.html
    o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
      process with an LDAP add or modify request.
      https://www.samba.org/samba/security/CVE-2022-32746.html
   * Closes: #1016449, CVE-2022-2031 CVE-2022-32742, CVE-2022-32744,
     CVE-2022-32745, CVE-2022-32746
   * Build-Depend on libldb-dev >= 2.2.3-2~deb11u2
     (which includes the new symbols in libldb used by this update)
   * d/rules: use dpkg-query instead of pkg-config to find debian package
     version of libldb-dev, since this is what we actually want, not the
     internal version libldb thinks it is at.

 -- Michael Tokarev <email address hidden>  Wed, 10 Aug 2022 00:19:38 +0300

Builds

Package files

• samba_4.13.13+dfsg-1~deb11u5.debian.tar.xz (519.6 KiB)
• samba_4.13.13+dfsg-1~deb11u5.dsc (3.9 KiB)
• samba_4.13.13+dfsg.orig.tar.xz (11.2 MiB)