Changelog
samba (2:4.13.13+dfsg-1~deb11u3) bullseye-security; urgency=high
* Non-maintainer upload by the Security Team.
* Add patches for CVE-2022-0336 (Closes: #1004694)
- CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added
SPN.
- CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is
re-added to an object.
* Add patches for CVE-2021-44142 (Closes: #1004693)
- CVE-2021-44142: libadouble: add defines for icon lengths.
- CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list
of private Samba xattrs.
- CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
- CVE-2021-44142: libadouble: add basic cmocka tests.
- CVE-2021-44142: libadouble: harden parsing code.
* Add patches to address "The CVE-2020-25717 username map [script] advice
has undesired side effects for the local nt token" (Closes: #1001068)
- CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to
the configured domain
- CVE-2020-25717: tests/krb5: Add method to automatically obtain server
credentials
- CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make
room for new accounts
- CVE-2020-25717: selftest: turn ad_member_no_nss_wb into
ad_member_idmap_nss
- CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to
SIDs
- CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the
named based lookup fails
-- Salvatore Bonaccorso <email address hidden> Thu, 03 Feb 2022 21:54:02 +0100
