Ubuntu
samba package

Merge samba from Debian unstable for mantic

Bug #2028265 reported by Andreas Hasenack
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Fix Released
High
Andreas Hasenack
Ubuntu ubuntu-23.07

Bug Description

    2:4.18.5+dfsg-1 (patches unapplied)

    Imported using git-ubuntu import.

Notes (changelog):
      * new upstream stable/security release 4.18.5, including:
       o CVE-2022-2127: When winbind is used for NTLM authentication,
         a maliciously crafted request can trigger an out-of-bounds read
         in winbind and possibly crash it.
         https://www.samba.org/samba/security/CVE-2022-2127.html
       o CVE-2023-3347: SMB2 packet signing is not enforced if an admin
         configured "server signing = required" or for SMB2 connections to
         Domain Controllers where SMB2 packet signing is mandatory.
         https://www.samba.org/samba/security/CVE-2023-3347.html
       o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service
         for Spotlight can be triggered by an unauthenticated attacker by
         issuing a malformed RPC request.
         https://www.samba.org/samba/security/CVE-2023-34966.html
       o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service
         for Spotlight can be used by an unauthenticated attacker to trigger
         a process crash in a shared RPC mdssvc worker process.
         https://www.samba.org/samba/security/CVE-2023-34967.html
       o CVE-2023-34968: As part of the Spotlight protocol Samba discloses
         the server-side absolute path of shares and files and directories
         in search results.
         https://www.samba.org/samba/security/CVE-2023-34968.html
       o BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
         https://bugzilla.samba.org/show_bug.cgi?id=15418
         (this has been patched in the previous upload; Closes: #1041043)

Tags: needs-merge

Related branches

~ahasenack/ubuntu/+source/samba:mantic-samba-merge-2
git-ubuntu bot: Approve
Lucas Kanashiro (community): Approve
Canonical Server Reporter: Pending requested
Diff: 3405 lines (+3029/-6)
5 files modified
debian/changelog (+2510/-0)
debian/control (+6/-5)
debian/tests/control (+4/-0)
debian/tests/samba-ad-dc-provisioning-internal-dns (+398/-0)
debian/tests/util (+111/-1)
Andreas Hasenack (ahasenack)
Changed in samba (Ubuntu):
importance: Undecided → High
Andreas Hasenack (ahasenack)
summary: - Merge samba from Debian unstable for mantic Edit
+ Merge samba from Debian unstable for mantic
Andreas Hasenack (ahasenack)
Changed in samba (Ubuntu):
assignee: nobody → Andreas Hasenack (ahasenack)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:4.18.5+dfsg-1ubuntu1

---------------
samba (2:4.18.5+dfsg-1ubuntu1) mantic; urgency=medium

  * Merge with Debian unstable (LP: #2028265, LP: #2027716). Remaining
    changes:
    - debian/control: Ubuntu i386 binary compatibility:
      + drop ceph support
      + enable the liburing vfs module, except on i386 where liburing is
        not available
      + build-depend on libglusterfs-dev only on !i386 arches
    - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
      samba AD DC provisioning and domain join tests with internal DNS
      (LP #1977746, LP #2011745)
    - d/t/util: reload instead of restarting samba, as it's quicker and
      has the same effect we want in this test

 -- Andreas Hasenack <email address hidden> Thu, 20 Jul 2023 10:15:22 -0300

Changed in samba (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.