-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 19 Jul 2023 17:55:58 +0300 Source: samba Binary: samba-ad-dc samba-ad-provision samba-common Architecture: all Version: 2:4.17.10+dfsg-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Michael Tokarev Description: samba-ad-dc - Samba control files to run AD Domain Controller samba-ad-provision - Samba files needed for AD domain provision samba-common - common files used by both the Samba server and client Closes: 1041043 Changes: samba (2:4.17.10+dfsg-0+deb12u1) bookworm-security; urgency=medium . * new upstream stable/security release 4.17.10, including: o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. https://www.samba.org/samba/security/CVE-2023-3347.html o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. https://www.samba.org/samba/security/CVE-2023-34966.html o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. https://www.samba.org/samba/security/CVE-2023-34967.html o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results. https://www.samba.org/samba/security/CVE-2023-34968.html o BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023. https://bugzilla.samba.org/show_bug.cgi?id=15418 (this has been patched in the previous upload; Closes: #1041043) Checksums-Sha1: bd2a86ab4a0661e468557770a13b069bb3b94cab 28684 samba-ad-dc_4.17.10+dfsg-0+deb12u1_all.deb 62b703b53491bc346f2332eac619d86856a9cc4a 413940 samba-ad-provision_4.17.10+dfsg-0+deb12u1_all.deb 03e6bbe874d75d280fee6eda7556ac270a39c109 85364 samba-common_4.17.10+dfsg-0+deb12u1_all.deb ad5c85f4966c6bf178f3a54fe125bceb13288e89 6356 samba_4.17.10+dfsg-0+deb12u1_all-buildd.buildinfo Checksums-Sha256: 0ae5d40ee42c637e8bc7e2b196d07a273842acdba11a43f94511ea2612c570cd 28684 samba-ad-dc_4.17.10+dfsg-0+deb12u1_all.deb b76522298742bd1a2cf86513c99231c007e23d794f1ed0151ba26211f19cd853 413940 samba-ad-provision_4.17.10+dfsg-0+deb12u1_all.deb 5e9436e4b1b2eecf2675e49254dc68de6e20209e7193eb57cf0196e73b13e797 85364 samba-common_4.17.10+dfsg-0+deb12u1_all.deb cecddc31d5ff0f6c6a272336df536e2ca62a3737a893b4d947db5980467ba763 6356 samba_4.17.10+dfsg-0+deb12u1_all-buildd.buildinfo Files: 60e132a763983ee561bc2faa5a34c737 28684 net optional samba-ad-dc_4.17.10+dfsg-0+deb12u1_all.deb e2a7345dd8661edd4f10d47e99927e98 413940 net optional samba-ad-provision_4.17.10+dfsg-0+deb12u1_all.deb 6fdc00f561dcc8a53a6691e589ca7d17 85364 net optional samba-common_4.17.10+dfsg-0+deb12u1_all.deb 6449fd230a780654ad86ffdc556075ff 6356 net optional samba_4.17.10+dfsg-0+deb12u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzW1K1578DQd6MDTQEbLkkg2OS0oFAmS5p4QACgkQEbLkkg2O S0obAw//USmG5vDWJGRLc0qn0oQrSdWOIfq9t0FUo1EOSkMUVMjhkPyGdesIPsPT m18+474r6HENmjSmEJp/WLYW/Q9Qp29RwU/YSMADDaSLBbUkfz05yinIOdoV/gmy Q9EMHBzXZeHpBfi/SvhPrJmccuQAhfjTt7E0cRWA+/MWmZWCAP2CCl8I2P7j/Hxf 6UsFloPEROL7vOEUDD9E58AVIgeJJLQrcQV1UEAtE79H1buVIm4qWUAwkOiMzUgD 57GXQwk2+fBSXQ8AmUQdv5cqA2Zl0PHSqzMw7gZLxBvuMy9TSmXQHFoDD5FwBDrN ytPJHzcmaKVObz7OsYBWzAQVwUBZMqdl2b0TfRa3Ktkrtyo8R4gWSdVruymp5XHe WQjrEuFsgr4yZPgXU9WGhy3dau/VxgPptu4kdzeuknLt7PznEkXSh6QT72jwlOVE xAye/Wt7RT7u7dual6C0ovNruPa/vf2aBDzHPIvKKvgv8lvwmO+mb95KjGtPFppa DBSMuamr7ttyYqA8L8RHqF4/9cbPMx7h+SDdbNqZAUboHOEYVsNuDzCCSdsyAMbt he7vc2OUVgpR4kFwlZidWIfqAQvd007oTD0hILPRrdh0V57/u6agpE9zMhigu58U LfQeT8dDSA4BmyTv807ju5hz5iYd2+LSmoepf5gKk6vKx/0kSgI= =3fcf -----END PGP SIGNATURE-----