Changelog
samba (2:4.17.12+dfsg-0+deb12u1) bookworm-security; urgency=medium
* new stable security bugfix release:
o CVE-2023-3961: https://www.samba.org/samba/security/CVE-2023-3961.html
Unsanitized pipe names allow SMB clients to connect as root
to existing unix domain sockets on the file system.
o CVE-2023-4091: https://www.samba.org/samba/security/CVE-2023-4091.html
SMB client can truncate files to 0 bytes by opening files with OVERWRITE
disposition when using the acl_xattr Samba VFS module with the smb.conf
setting "acl_xattr:ignore system acls = yes"
o CVE-2023-4154: https://www.samba.org/samba/security/CVE-2023-4154.html
An RODC and a user with the GET_CHANGES right can view all attributes,
including secrets and passwords. Additionally, the access check fails
open on error conditions.
o CVE-2023-42669: https://www.samba.org/samba/security/CVE-2023-42669.html
Calls to the rpcecho server on the AD DC can request that the server
block for a user-defined amount of time, denying service.
o CVE-2023-42670: https://www.samba.org/samba/security/CVE-2023-42670.html
Samba can be made to start multiple incompatible RPC listeners,
disrupting service on the AD DC.
-- Michael Tokarev <email address hidden> Tue, 10 Oct 2023 18:17:19 +0300