UbuntuUpdates.org

Package "samba"

Name: samba

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • clustered database to store temporary data
  • tools for viewing and manipulating the Windows registry
  • test suite from Samba

Latest version: 2:4.13.17~dfsg-0ubuntu1.20.04.1
Release: focal (20.04)
Level: updates
Repository: universe

Links



Other versions of "samba" in Focal

Repository Area Version
base main 2:4.11.6+dfsg-0ubuntu1
base universe 2:4.11.6+dfsg-0ubuntu1
security main 2:4.13.17~dfsg-0ubuntu1.20.04.1
security universe 2:4.13.17~dfsg-0ubuntu1.20.04.1
updates main 2:4.13.17~dfsg-0ubuntu1.20.04.1
proposed universe 2:4.13.17~dfsg-0ubuntu1.20.04.2
proposed main 2:4.13.17~dfsg-0ubuntu1.20.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:4.13.17~dfsg-0ubuntu1.20.04.1 2022-08-01 15:06:26 UTC

  samba (2:4.13.17~dfsg-0ubuntu1.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: MaxQueryDuration not honoured in Samba AD DC LDAP
    - debian/patches/CVE-2021-3670-*.patch
    - CVE-2021-3670
  * SECURITY UPDATE: Samba AD users can bypass certain restrictions
    associated with changing passwords
    - debian/patches/CVE-2022-2031-*.patch
    - CVE-2022-2031
  * SECURITY UPDATE: Server memory information leak via SMB1
    - debian/patches/CVE-2022-32742-*.patch
    - CVE-2022-32742
  * SECURITY UPDATE: Samba AD users can forge password change requests for
    any user
    - debian/patches/CVE-2022-2031-*.patch
    - CVE-2022-32744
  * SECURITY UPDATE: Samba AD users can crash the server process with an
    LDAP add or modify request
    - debian/patches/CVE-2022-32745_6-*.patch
    - CVE-2022-32745
  * SECURITY UPDATE: Samba AD users can induce a use-after-free in the
    server process with an LDAP add or modify request
    - debian/patches/CVE-2022-32745_6-*.patch
    - CVE-2022-32746
  * debian/control: Build-Depends on ldb security update.
  * Fix version string to match focal.

 -- Marc Deslauriers <email address hidden> Mon, 18 Jul 2022 08:52:26 -0400

Source diff to previous version
CVE-2021-3670 MaxQueryDuration not honoured in Samba AD DC LDAP
CVE-2022-2031 Samba AD users can bypass certain restrictions associated with changing passwords
CVE-2022-32742 Server memory information leak via SMB1
CVE-2022-32744 Samba AD users can forge password change requests for any user
CVE-2022-32745 Samba AD users can crash the server process with an LDAP add or modify request
CVE-2022-32746 Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request

Version: 2:4.13.17~dfsg-0ubuntu0.21.04.2 2022-04-04 10:06:26 UTC

  samba (2:4.13.17~dfsg-0ubuntu0.21.04.2) focal; urgency=medium

  * d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
    Windows 2021-10 Monthly Rollup patch (LP: #1951490)

 -- Andreas Hasenack <email address hidden> Thu, 10 Mar 2022 10:48:01 -0300

Source diff to previous version
1951490 Can't print after update to 4.13

Version: 2:4.13.17~dfsg-0ubuntu0.21.04.1 2022-02-01 14:06:37 UTC

  samba (2:4.13.17~dfsg-0ubuntu0.21.04.1) focal-security; urgency=medium

  * Update to 4.13.17 as a security update
    - CVE-2021-43566, CVE-2021-44142, CVE-2022-0336
  * Removed patches included in new version:
    - debian/patches/trusted_domain_regression_fix.patch
    - debian/patches/bug14901-*.patch
    - debian/patches/bug14922.patch

 -- Marc Deslauriers <email address hidden> Mon, 31 Jan 2022 08:11:13 -0500

Source diff to previous version
CVE-2021-43566 All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area o
CVE-2021-44142 Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution
CVE-2022-0336 Samba AD users with permission to write to an account can impersonate arbitrary services

Version: 2:4.13.14+dfsg-0ubuntu0.20.04.4 2021-12-13 22:06:23 UTC

  samba (2:4.13.14+dfsg-0ubuntu0.20.04.4) focal-security; urgency=medium

  * SECURITY REGRESSION: Kerberos authentication on standalone server in
    MIT realm broken
    - debian/patches/bug14922.patch: fix MIT Realm regression in
      source3/auth/user_krb5.c.

 -- Marc Deslauriers <email address hidden> Mon, 13 Dec 2021 07:12:25 -0500

Source diff to previous version

Version: 2:4.13.14+dfsg-0ubuntu0.20.04.3 2021-12-06 17:07:34 UTC

  samba (2:4.13.14+dfsg-0ubuntu0.20.04.3) focal-security; urgency=medium

  * SECURITY REGRESSION: undesired side effects for the local nt token
    - debian/patches/bug14901-*.patch: upstream patches to fix some
      mapping issues.
  * SECURITY REGRESSION: backup command raises FileNotFoundError
    (LP: #1952187)
    - debian/patches/bug14918-*.patch: upstream patches to properly handle
      dangling symlinks.

 -- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 08:03:56 -0500

1952187 backup command raises FileNotFoundError



About   -   Send Feedback to @ubuntu_updates