-
samba (2:4.13.13+dfsg-1~deb11u5) bullseye-security; urgency=medium
* 3 patches:
- CVE-2022-32742-bug-15085-4.13.patch
- kpasswd_bugs_v15_4-13.patch
- ldb-memory-bug-15096-4.13-v3.patch
fixing:
o CVE-2022-2031: Samba AD users can bypass certain restrictions associated
with changing passwords.
https://www.samba.org/samba/security/CVE-2022-2031.html
o CVE-2022-32742: Server memory information leak via SMB1.
https://www.samba.org/samba/security/CVE-2022-32742.html
o CVE-2022-32744: Samba AD users can forge password change requests
for any user.
https://www.samba.org/samba/security/CVE-2022-32744.html
o CVE-2022-32745: Samba AD users can crash the server process with an LDAP
add or modify request.
https://www.samba.org/samba/security/CVE-2022-32745.html
o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
process with an LDAP add or modify request.
https://www.samba.org/samba/security/CVE-2022-32746.html
* Closes: #1016449, CVE-2022-2031 CVE-2022-32742, CVE-2022-32744,
CVE-2022-32745, CVE-2022-32746
* Build-Depend on libldb-dev >= 2.2.3-2~deb11u2
(which includes the new symbols in libldb used by this update)
* d/rules: use dpkg-query instead of pkg-config to find debian package
version of libldb-dev, since this is what we actually want, not the
internal version libldb thinks it is at.
-- Michael Tokarev <email address hidden> Wed, 10 Aug 2022 00:19:38 +0300
-
samba (2:4.13.13+dfsg-1~deb11u4) bullseye-proposed-updates; urgency=medium
* fix the order of everything during build by exporting PYTHONHASHSEED=1
for waf. This should fix the broken i386 build of the last security
upload. Closes: #1006935, #1009855
* Import the left-over patches from 4.13.17 upstream stable branch:
- s3-winbindd-fix-allow-trusted-domains-no-regression.patch
https://bugzilla.samba.org/show_bug.cgi?id=14899
Closes: #999876, winbind fails to start with `allow trusted domains: no`
- IPA-DC-add-missing-checks.patch
https://bugzilla.samba.org/show_bug.cgi?id=14903
- CVE-2020-25717-s3-auth-fix-MIT-Realm-regression.patch
https://bugzilla.samba.org/show_bug.cgi?id=14922
Closes: #1001053, MIT-kerberos auth broken after 4.13.13+dfsg-1~deb11u2
- dsdb-Use-DSDB_SEARCH_SHOW_EXTENDED_DN-when-searching.patch
https://bugzilla.samba.org/show_bug.cgi?id=14656
https://bugzilla.samba.org/show_bug.cgi?id=14902
- s3-smbd-Fix-mkdir-race-condition-allows-share-escape.patch
https://bugzilla.samba.org/show_bug.cgi?id=13979
Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape
* 4 patches from upstream to fix possible serious data corruption issue
with windows client cache poisoning, Closes: #1005642
https://bugzilla.samba.org/show_bug.cgi?id=14928
* two patches from upstream to fix coredump when connecting to shares
with var substitutions, Closes: #998423
https://bugzilla.samba.org/show_bug.cgi?id=14809
* samba-common-bin.postinst: mkdir /run/samba before invoking samba binaries
Closes: #953530
* remove file creation+deletion from previously applied combined patches
CVE-2021-23192-only-4.13-v2.patch & CVE-2021-3738-dsdb-crash-4.13-v03.patch
to make patch deapply happy (quilt does not notice this situation)
* d/salsa-ci.yml: target bullseye
-- Michael Tokarev <email address hidden> Sat, 28 May 2022 22:52:59 +0300
-
samba (2:4.13.13+dfsg-1~deb11u3) bullseye-security; urgency=high
* Non-maintainer upload by the Security Team.
* Add patches for CVE-2022-0336 (Closes: #1004694)
- CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added
SPN.
- CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is
re-added to an object.
* Add patches for CVE-2021-44142 (Closes: #1004693)
- CVE-2021-44142: libadouble: add defines for icon lengths.
- CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list
of private Samba xattrs.
- CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
- CVE-2021-44142: libadouble: add basic cmocka tests.
- CVE-2021-44142: libadouble: harden parsing code.
* Add patches to address "The CVE-2020-25717 username map [script] advice
has undesired side effects for the local nt token" (Closes: #1001068)
- CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to
the configured domain
- CVE-2020-25717: tests/krb5: Add method to automatically obtain server
credentials
- CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make
room for new accounts
- CVE-2020-25717: selftest: turn ad_member_no_nss_wb into
ad_member_idmap_nss
- CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to
SIDs
- CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the
named based lookup fails
-- Salvatore Bonaccorso <email address hidden> Thu, 03 Feb 2022 21:54:02 +0100
-
samba (2:4.13.13+dfsg-1~deb11u2) bullseye-security; urgency=high
* This is a security release in order to address the following defects:
- CVE-2016-2124: don't fallback to non spnego authentication if we require
kerberos
- MS CVE-2020-17049 in Samba: 'Bronze bit' S4U2Proxy Constrained Delegation
bypass
- CVE-2020-25717: A user on the domain can become root on domain members
- CVE-2020-25718: An RODC can issue (forge) administrator tickets to other
servers
+ Bump build-depends ldb >= 2.2.3
- CVE-2020-25719: AD DC Username based races when no PAC is given
- CVE-2020-25721: Kerberos acceptors need easy access to stable AD
identifiers (eg objectSid)
- CVE-2020-25722: AD DC UPN vs samAccountName not checked (top-level bug
for AD DC validation issues)
- CVE-2021-3738: crash in dsdb stack
- CVE-2021-23192: dcerpc requests don't check all fragments against the
first auth_state
+ Update d/samba-libs.install for libdcerpc-pkt-auth.so.0
-- Mathieu Parent <email address hidden> Thu, 04 Nov 2021 23:20:37 +0100
-
samba (2:4.13.5+dfsg-2) unstable; urgency=high
* CVE-2021-20254: Negative idmap cache entries can cause incorrect group
entries in the Samba file server process token (Closes: #987811)
* Add Breaks+Replaces: samba-dev (<< 2:4.11) (Closes: #987209)
-- Mathieu Parent <email address hidden> Thu, 06 May 2021 21:09:29 +0200
