Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 859817 - net-fs/samba-4.15.9 version bump
Summary: net-fs/samba-4.15.9 version bump
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo's SAMBA Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 850082 CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746
  Show dependency tree
 
Reported: 2022-07-21 19:03 UTC by Joakim Tjernlund
Modified: 2022-07-29 06:19 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Joakim Tjernlund 2022-07-21 19:03:02 UTC
This is the latest stable release of the Samba 4.15 release series.


Changes since 4.15.7
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15042: Use pathref fd instead of io fd in vfs_default_durable_cookie.
   * BUG 15099: Setting fruit:resource = stream in vfs_fruit causes a panic.

o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
   * BUG 14986: Add support for bind 9.18.
   * BUG 15076: logging dsdb audit to specific files does not work.

o  Ralph Boehme <slow@samba.org>
   * BUG 15069: vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
     file had been deleted.

o  Samuel Cabrero <scabrero@samba.org>
   * BUG 15087: netgroups support removed.

o  Samuel Cabrero <scabrero@suse.de>
   * BUG 14674: net ads info shows LDAP Server: 0.0.0.0 depending on contacted
     server.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15071: waf produces incorrect names for python extensions with Python
     3.11.

o  Noel Power <noel.power@suse.com>
   * BUG 15100: smbclient commands del & deltree fail with
     NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS.

o  Christof Schmitt <cs@samba.org>
   * BUG 15055: vfs_gpfs recalls=no option prevents listing files.

o  Andreas Schneider <asn@samba.org>
   * BUG 15071: waf produces incorrect names for python extensions with Python
     3.11.
   * BUG 15091: Compile error in source3/utils/regedit_hexedit.c.
   * BUG 15108: ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link.

o  Andreas Schneider <asn@cryptomilk.org>
   * BUG 15054: smbd doesn't handle UPNs for looking up names.

o  Robert Sprowson <webpages@sprow.co.uk>
   * BUG 14443: Out-by-4 error in smbd read reply max_send clamp.
Comment 1 Joakim Tjernlund 2022-07-28 13:56:22 UTC
                 Release Notes for Samba 4.15.9
                           July 27, 2022
                   ==============================


This is a security release in order to address the following defects:

o CVE-2022-2031:  Samba AD users can bypass certain restrictions associated with
                  changing passwords.
                  https://www.samba.org/samba/security/CVE-2022-2031.html

o CVE-2022-32744: Samba AD users can forge password change requests for any user.
                  https://www.samba.org/samba/security/CVE-2022-32744.html

o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
                  or modify request.
                  https://www.samba.org/samba/security/CVE-2022-32745.html

o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
                  process with an LDAP add or modify request.
                  https://www.samba.org/samba/security/CVE-2022-32746.html

o CVE-2022-32742: Server memory information leak via SMB1.
                  https://www.samba.org/samba/security/CVE-2022-32742.html

Changes since 4.15.8
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15085: CVE-2022-32742.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 15009: CVE-2022-32746.

o  Isaac Boukris <iboukris@gmail.com>
   * BUG 15047: CVE-2022-2031.

o  Andreas Schneider <asn@samba.org>
   * BUG 15047: CVE-2022-2031.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15008: CVE-2022-32745.
   * BUG 15009: CVE-2022-32746.
   * BUG 15047: CVE-2022-2031.
   * BUG 15074: CVE-2022-32744.