"Hi, this is a heads-up that there will be Samba security updates for 4.15, 4.16 and 4.17 on Tuesday, November 15 2022. Please make sure that your Samba servers will be updated soon after the release! Impacted components: - AD DC (CVSS 6.4, Medium)"
o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap. https://www.samba.org/samba/security/CVE-2022-42898.html Please bump to 4.15.12, 4.16.7.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0dbd7cff1334ebb85af0a5caea1bd58fee01ae89 commit 0dbd7cff1334ebb85af0a5caea1bd58fee01ae89 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-11-16 01:40:37 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-11-16 02:39:01 +0000 net-fs/samba: add 4.16.7 Add addc? ( !system-mitkrb5 ) to REQUIRED_USE. Bug: https://bugs.gentoo.org/880437 Closes: https://bugs.gentoo.org/864983 Signed-off-by: John Helmert III <ajak@gentoo.org> net-fs/samba/Manifest | 1 + net-fs/samba/samba-4.16.7.ebuild | 368 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 369 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d65168e4aaf4142844c19d1e4808e6c762456dbf commit d65168e4aaf4142844c19d1e4808e6c762456dbf Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-11-16 01:10:04 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-11-16 02:39:00 +0000 net-fs/samba: add 4.15.12 Add addc? ( !system-mitkrb5 ) to REQUIRED_USE. Bug: https://bugs.gentoo.org/864983 Bug: https://bugs.gentoo.org/880437 Signed-off-by: John Helmert III <ajak@gentoo.org> net-fs/samba/Manifest | 1 + net-fs/samba/samba-4.15.12.ebuild | 333 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 334 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=113dac10d0faa5b579d59cc8f9f17061b9208c6a commit 113dac10d0faa5b579d59cc8f9f17061b9208c6a Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-11-18 20:24:11 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-11-18 20:24:18 +0000 net-fs/samba: drop 4.14.13, 4.14.14 Bug: https://bugs.gentoo.org/861512 Bug: https://bugs.gentoo.org/866225 Bug: https://bugs.gentoo.org/878273 Bug: https://bugs.gentoo.org/880437 Signed-off-by: John Helmert III <ajak@gentoo.org> net-fs/samba/Manifest | 2 - net-fs/samba/samba-4.14.13.ebuild | 342 -------------------------------------- net-fs/samba/samba-4.14.14.ebuild | 333 ------------------------------------- 3 files changed, 677 deletions(-)
Note that there is a regression in 4.15.12 on 32-bit platforms due to this fix, which was somewhat funnily targeting 32-bit platforms originally. https://bugzilla.samba.org/show_bug.cgi?id=15203#c47 https://github.com/heimdal/heimdal/pull/1025
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=5bfe8198b2352fa0ac46dbc59d078650dc544a7e commit 5bfe8198b2352fa0ac46dbc59d078650dc544a7e Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-17 05:56:23 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-17 05:56:46 +0000 [ GLSA 202309-06 ] Samba: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/820566 Bug: https://bugs.gentoo.org/821688 Bug: https://bugs.gentoo.org/830983 Bug: https://bugs.gentoo.org/832433 Bug: https://bugs.gentoo.org/861512 Bug: https://bugs.gentoo.org/866225 Bug: https://bugs.gentoo.org/869122 Bug: https://bugs.gentoo.org/878273 Bug: https://bugs.gentoo.org/880437 Bug: https://bugs.gentoo.org/886153 Bug: https://bugs.gentoo.org/903621 Bug: https://bugs.gentoo.org/905320 Bug: https://bugs.gentoo.org/910334 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202309-06.xml | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+)
