1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5205-1] samba security update

    From Salvatore Bonaccorso@21:1/5 to All on Thu Aug 11 21:20:02 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5205-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : samba
    CVE ID : CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745
    CVE-2022-32746
    Debian Bug : 1016449

    Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
    print, and login server for Unix.

    CVE-2022-2031

    Luke Howard reported that Samba AD users can bypass certain
    restrictions associated with changing passwords. A user who has been
    requested to change their password can exploit this to obtain and
    use tickets to other services.

    CVE-2022-32742

    Luca Moro reported that a SMB1 client with write access to a share
    can cause server memory content to be leaked.

    CVE-2022-32744

    Joseph Sutton reported that Samba AD users can forge password change
    requests for any user, resulting in privilege escalation.

    CVE-2022-32745

    Joseph Sutton reported that Samba AD users can crash the server
    process with a specially crafted LDAP add or modify request.

    CVE-2022-32746

    Joseph Sutton and Andrew Bartlett reported that Samba AD users can
    cause a use-after-free in the server process with a specially
    crafted LDAP add or modify request.

    For the stable distribution (bullseye), these problems have been fixed in version 2:4.13.13+dfsg-1~deb11u5. The fix for CVE-2022-32745 required an
    update to ldb 2:2.2.3-2~deb11u2 to correct the defect.

    We recommend that you upgrade your samba packages.

    For the detailed security status of samba please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/samba

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmL1VV1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TBdA/8DjZejOP7Ua0TRFptzLHoHXNY6DFMIvokNUN3sE17ZGOX8muoaOYFVOzh rVLSXauFQvCce70rPFI/jCvNFnm5sVF7xAQpf1UaOKGcYGyggEqUCABrxEctRwhS 6dJlJkmK69h+SIYT/aHMs1EftCWb9PFrIfP07G+0bdwzTzbUdBM3ZMPspP9AuiAX Wp1utSOrISsQRDf88ejqMgwsg6ZO3cs30kB4E1PcwECct0tTP4Ls+yxiP71amkbI uUuEkPvHTTsoDt9RBd6XRfvggcaKvY1I3jsGDF5MhxD8nAdANdDl7bNAhvYe31p8 pX/PQeT2CnzhbqSyEZhiIg4UXep2Y8F6azyM8rkUqBkOimkVHXVwhgBtXZWgqpfw KhVT5/rVNUAeZik2not2X9wKTtv/NVv8CT+2iexxaf9BeRTwluOw6mqrCq3TxjZE bD3eryaPQbKsOT6TPa1rXFGILXsYSTIn7XsgK/SI1ytd6UIH11t46Fbk73kuPfcf +tFozfL/FNCw6vsgB5xrjWiRXmE7k9hlqdnsrZp8iS9B+pL29XblPuDGa8vXBnTE dHIz5aCiarPwu3k8BKzf9oYDEp84kbrgiZT8duxqDw7yo9vCAWitBRj5JvHRbe+J PNElqI7MJ+4RXPDE4qdiPLQ8lrJqG+NJtj868W9KQNiIaEhXsT8=
    =Vvk4
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)