CVE-2020-17049: Kerberos Security Feature Bypass Vulnerability Fixed in 4.14.9 and 4.15.1 according to: https://www.samba.org/samba/history/samba-4.14.9.html https://www.samba.org/samba/history/samba-4.15.1.html Doesn't seem to be a recent release for 4.13, is it affected?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb0840131262148d5088478b43c607758e10e22c commit cb0840131262148d5088478b43c607758e10e22c Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2021-10-28 08:13:59 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2021-10-28 08:22:22 +0000 net-fs/samba: Security bumps to version 4.14.9 and 4.15.1 Bug: https://bugs.gentoo.org/820566 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-fs/samba/Manifest | 2 + net-fs/samba/samba-4.14.9.ebuild | 339 +++++++++++++++++++++++++++++++++++++++ net-fs/samba/samba-4.15.1.ebuild | 336 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 677 insertions(+)
(In reply to John Helmert III from comment #0) > [...] > Doesn't seem to be a recent release for 4.13, is it affected?
Now need 4.13.13: https://www.samba.org/samba/history/samba-4.13.13.html
If we're depending on the 4.14 stablereq, I'll assume we're dropping 4.13 in favor of newer branches then?
(In reply to John Helmert III from comment #4) > If we're depending on the 4.14 stablereq, I'll assume we're dropping 4.13 in > favor of newer branches then? Yes
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1877182404b65b802baa3b0e493bed2ad4a8f024 commit 1877182404b65b802baa3b0e493bed2ad4a8f024 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2021-11-05 12:13:00 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2021-11-05 12:15:18 +0000 net-fs/samba: Security cleanup Bug: https://bugs.gentoo.org/820566 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-fs/samba/Manifest | 3 - net-fs/samba/samba-4.13.12.ebuild | 335 ----------------------------------- net-fs/samba/samba-4.13.9-r3.ebuild | 335 ----------------------------------- net-fs/samba/samba-4.14.8.ebuild | 339 ------------------------------------ 4 files changed, 1012 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=5bfe8198b2352fa0ac46dbc59d078650dc544a7e commit 5bfe8198b2352fa0ac46dbc59d078650dc544a7e Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-17 05:56:23 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-17 05:56:46 +0000 [ GLSA 202309-06 ] Samba: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/820566 Bug: https://bugs.gentoo.org/821688 Bug: https://bugs.gentoo.org/830983 Bug: https://bugs.gentoo.org/832433 Bug: https://bugs.gentoo.org/861512 Bug: https://bugs.gentoo.org/866225 Bug: https://bugs.gentoo.org/869122 Bug: https://bugs.gentoo.org/878273 Bug: https://bugs.gentoo.org/880437 Bug: https://bugs.gentoo.org/886153 Bug: https://bugs.gentoo.org/903621 Bug: https://bugs.gentoo.org/905320 Bug: https://bugs.gentoo.org/910334 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202309-06.xml | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+)
