Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 878273 (CVE-2022-3592) - <net-fs/samba-4.15.11[-system-mitkrb5]: heap buffer overflow in GSAAPI
Summary: <net-fs/samba-4.15.11[-system-mitkrb5]: heap buffer overflow in GSAAPI
Status: RESOLVED FIXED
Alias: CVE-2022-3592
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 882897
Blocks: CVE-2022-3437
  Show dependency tree
 
Reported: 2022-10-25 16:24 UTC by John Helmert III
Modified: 2023-09-17 05:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-25 16:24:12 UTC
"o CVE-2022-3437:  There is a limited write heap buffer overflow in the GSSAPI
                  unwrap_des() and unwrap_des3() routines of Heimdal (included
                  in Samba).
https://www.samba.org/samba/security/CVE-2022-3437.html

o CVE-2022-3592:  A malicious client can use a symlink to escape the exported
                  directory. (4.17 only)
https://www.samba.org/samba/security/CVE-2022-3592.html"

CVE-2022-3592 only affects 4.17, so we're unaffected there.

CVE-2022-3437 says the vulnerability is in Heimdal. System Heimdal is
used with USE=system-heimdal, but I guess it's bundled too? Fix in
4.15.11, and 4.16.6.
Comment 1 Larry the Git Cow gentoo-dev 2022-10-27 05:08:04 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16d822f449de1edd1a797b4b9f6af789811518d5

commit 16d822f449de1edd1a797b4b9f6af789811518d5
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-10-27 05:02:17 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-10-27 05:07:24 +0000

    net-fs/samba: add 4.16.6
    
    Bug: https://bugs.gentoo.org/864983
    Bug: https://bugs.gentoo.org/878273
    Signed-off-by: Sam James <sam@gentoo.org>

 net-fs/samba/Manifest            |   1 +
 net-fs/samba/samba-4.16.6.ebuild | 368 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 369 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a2eb5a5f9eff7a82f1865b7d1b42db3a3be3623

commit 6a2eb5a5f9eff7a82f1865b7d1b42db3a3be3623
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-10-27 04:55:51 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-10-27 05:07:24 +0000

    net-fs/samba: add 4.15.11
    
    Bug: https://bugs.gentoo.org/864983
    Bug: https://bugs.gentoo.org/878273
    Signed-off-by: Sam James <sam@gentoo.org>

 net-fs/samba/Manifest             |   1 +
 net-fs/samba/samba-4.15.11.ebuild | 333 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 334 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2022-11-18 20:32:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=113dac10d0faa5b579d59cc8f9f17061b9208c6a

commit 113dac10d0faa5b579d59cc8f9f17061b9208c6a
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-11-18 20:24:11 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-11-18 20:24:18 +0000

    net-fs/samba: drop 4.14.13, 4.14.14
    
    Bug: https://bugs.gentoo.org/861512
    Bug: https://bugs.gentoo.org/866225
    Bug: https://bugs.gentoo.org/878273
    Bug: https://bugs.gentoo.org/880437
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-fs/samba/Manifest             |   2 -
 net-fs/samba/samba-4.14.13.ebuild | 342 --------------------------------------
 net-fs/samba/samba-4.14.14.ebuild | 333 -------------------------------------
 3 files changed, 677 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2023-09-17 05:56:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=5bfe8198b2352fa0ac46dbc59d078650dc544a7e

commit 5bfe8198b2352fa0ac46dbc59d078650dc544a7e
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-09-17 05:56:23 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-09-17 05:56:46 +0000

    [ GLSA 202309-06 ] Samba: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/820566
    Bug: https://bugs.gentoo.org/821688
    Bug: https://bugs.gentoo.org/830983
    Bug: https://bugs.gentoo.org/832433
    Bug: https://bugs.gentoo.org/861512
    Bug: https://bugs.gentoo.org/866225
    Bug: https://bugs.gentoo.org/869122
    Bug: https://bugs.gentoo.org/878273
    Bug: https://bugs.gentoo.org/880437
    Bug: https://bugs.gentoo.org/886153
    Bug: https://bugs.gentoo.org/903621
    Bug: https://bugs.gentoo.org/905320
    Bug: https://bugs.gentoo.org/910334
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202309-06.xml | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 86 insertions(+)