Summary: | net-fs/samba-4.15.9 version bump | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Joakim Tjernlund <joakim.tjernlund> |
Component: | Current packages | Assignee: | Gentoo's SAMBA Team <samba> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bkohler, opal |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 850082, 861512 |
Description
Joakim Tjernlund
2022-07-21 19:03:02 UTC
Release Notes for Samba 4.15.9 July 27, 2022 ============================== This is a security release in order to address the following defects: o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords. https://www.samba.org/samba/security/CVE-2022-2031.html o CVE-2022-32744: Samba AD users can forge password change requests for any user. https://www.samba.org/samba/security/CVE-2022-32744.html o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32745.html o CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32746.html o CVE-2022-32742: Server memory information leak via SMB1. https://www.samba.org/samba/security/CVE-2022-32742.html Changes since 4.15.8 -------------------- o Jeremy Allison <jra@samba.org> * BUG 15085: CVE-2022-32742. o Andrew Bartlett <abartlet@samba.org> * BUG 15009: CVE-2022-32746. o Isaac Boukris <iboukris@gmail.com> * BUG 15047: CVE-2022-2031. o Andreas Schneider <asn@samba.org> * BUG 15047: CVE-2022-2031. o Joseph Sutton <josephsutton@catalyst.net.nz> * BUG 15008: CVE-2022-32745. * BUG 15009: CVE-2022-32746. * BUG 15047: CVE-2022-2031. * BUG 15074: CVE-2022-32744. |