UbuntuUpdates.org

Package "samba"

Name: samba

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • clustered database to store temporary data
  • tools for viewing and manipulating the Windows registry
  • test suite from Samba

Latest version: 2:4.15.13+dfsg-0ubuntu1.6
Release: jammy (22.04)
Level: updates
Repository: universe

Links



Other versions of "samba" in Jammy

Repository Area Version
base main 2:4.15.5~dfsg-0ubuntu5
base universe 2:4.15.5~dfsg-0ubuntu5
security main 2:4.15.13+dfsg-0ubuntu1.5
security universe 2:4.15.13+dfsg-0ubuntu1.5
updates main 2:4.15.13+dfsg-0ubuntu1.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:4.15.13+dfsg-0ubuntu1.1 2023-04-03 17:07:05 UTC

  samba (2:4.15.13+dfsg-0ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Access controlled AD LDAP attributes can be discovered
    - debian/patches/CVE-2023-0614-*.patch: upstream patches to fix the
      issue (some of these aren't directly used in this package as they
      apply to the ldb library which is updated separately).
    - debian/control: bump ldb Build-Depends to security update version.
    - CVE-2023-0614
  * SECURITY UPDATE: admin tool samba-tool sends passwords in cleartext
    - debian/patches/CVE-2023-0922.patch: set default ldap client sasl
      wrapping to seal.
    - CVE-2023-0922

 -- Marc Deslauriers <email address hidden> Thu, 30 Mar 2023 09:25:19 -0400

Source diff to previous version
CVE-2023-0614 Access controlled AD LDAP attributes can be discovered
CVE-2023-0922 Samba AD DC admin tool samba-tool sends passwords in cleartext

Version: 2:4.15.13+dfsg-0ubuntu1 2023-01-24 15:07:44 UTC

  samba (2:4.15.13+dfsg-0ubuntu1) jammy-security; urgency=medium

  * Updated to upstream 4.15.13 to fix multiple security issues.
    - debian/patches/win-22H2-fix.patch: removed, included in new version.
    - CVE-2022-3437
    - CVE-2022-37966
    - CVE-2022-37967
    - CVE-2022-38023
    - CVE-2022-42898
    - CVE-2022-45141

 -- Marc Deslauriers <email address hidden> Tue, 10 Jan 2023 10:04:53 -0500

Source diff to previous version
CVE-2022-3437 Buffer overflow in Heimdal unwrap_des3()
CVE-2022-37966 Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.
CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability.
CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability.
CVE-2022-42898 PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC,

Version: 2:4.15.9+dfsg-0ubuntu0.3 2022-12-07 23:06:35 UTC

  samba (2:4.15.9+dfsg-0ubuntu0.3) jammy; urgency=medium

  * d/p/win-22H2-fix.patch: fix interoperability with Windows 22H2
    clients (LP: #1993934)

 -- Andreas Hasenack <email address hidden> Tue, 08 Nov 2022 10:59:27 -0300

Source diff to previous version
1993934 Windows 11 22H2 and Samba-AD login issue

Version: 2:4.15.9+dfsg-0ubuntu0.2 2022-08-01 15:06:28 UTC

  samba (2:4.15.9+dfsg-0ubuntu0.2) jammy-security; urgency=medium

  * Updated to 2.15.9 to fix multiple security issues.
    - debian/control: require ldb 2.4.4.
    - debian/*install: install libsmbconf.so*.
    - debian/libwbclient0.symbols: updated symbols for new version.
    - CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745,
      CVE-2022-32746
  * Removed patches included in new version:
    - lp-1951490-fix-printing-KB5006743.patch
    - add-support-for-bind-918.patch
    - add-support-for-bind-918-2.patch
    - lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch
    - lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch

 -- Marc Deslauriers <email address hidden> Thu, 28 Jul 2022 08:07:32 -0400

Source diff to previous version
CVE-2022-2031 Samba AD users can bypass certain restrictions associated with changing passwords
CVE-2022-32742 Server memory information leak via SMB1
CVE-2022-32744 Samba AD users can forge password change requests for any user
CVE-2022-32745 Samba AD users can crash the server process with an LDAP add or modify request
CVE-2022-32746 Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request

Version: 2:4.15.5~dfsg-0ubuntu5.1 2022-07-12 23:06:25 UTC

  samba (2:4.15.5~dfsg-0ubuntu5.1) jammy; urgency=medium

  * Fix abort when deleting a file and "fruit:resource = stream" is
    used. (LP: #1977491)
    - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-01.patch:
      Add test that shows smbd crashing when deleting a file while using
      vfs_fruit with "fruit:resource = stream".
    - d/p/lp1977491-dont-crash-on-vfs_fruit-resource-stream-02.patch:
      Handle file deleting when "fruit:resource = stream" is used.

 -- Sergio Durigan Junior <email address hidden> Tue, 21 Jun 2022 16:31:40 -0400

1977491 Samba aborts when deleting a file and \



About   -   Send Feedback to @ubuntu_updates