-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 19 Jul 2023 17:55:58 +0300 Source: samba Architecture: source Version: 2:4.17.10+dfsg-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Closes: 1041043 Changes: samba (2:4.17.10+dfsg-0+deb12u1) bookworm-security; urgency=medium . * new upstream stable/security release 4.17.10, including: o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. https://www.samba.org/samba/security/CVE-2023-3347.html o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. https://www.samba.org/samba/security/CVE-2023-34966.html o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. https://www.samba.org/samba/security/CVE-2023-34967.html o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results. https://www.samba.org/samba/security/CVE-2023-34968.html o BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023. https://bugzilla.samba.org/show_bug.cgi?id=15418 (this has been patched in the previous upload; Closes: #1041043) Checksums-Sha1: 0c4f92a3408fb816863a239df3c3cdda27089ae9 4454 samba_4.17.10+dfsg-0+deb12u1.dsc d02a6567d4cab387d3d3107ba65dbc5bbf3c3cca 18206276 samba_4.17.10+dfsg.orig.tar.xz 01a5edeabcc2d20e764499693eb84e3cfaf41c64 271772 samba_4.17.10+dfsg-0+deb12u1.debian.tar.xz a0ad79e8fead1344ef4fd4fc507b61f4fd17698e 6384 samba_4.17.10+dfsg-0+deb12u1_source.buildinfo Checksums-Sha256: e9490e4a8aee1d17c5e71a46809d89f2a5a0bdd1fe21893d86d28bf3652cb982 4454 samba_4.17.10+dfsg-0+deb12u1.dsc 79cdf385091b96aa53fac0cbd5946ba0f0f051ed323f71e69990a25019e1fc94 18206276 samba_4.17.10+dfsg.orig.tar.xz ebcbac3e7a3045ac06a1d18f22b7f529aa502f377d30685df119aca954ac2f0a 271772 samba_4.17.10+dfsg-0+deb12u1.debian.tar.xz b58a38f380a70f5c8803a2725e6470f2253837beba189256d192e0c55e2cf62e 6384 samba_4.17.10+dfsg-0+deb12u1_source.buildinfo Files: 5c36bd1df04a72c068f1f6625d3bb6b1 4454 net optional samba_4.17.10+dfsg-0+deb12u1.dsc e01fdb78ab4887d2001e1b3d0545a7de 18206276 net optional samba_4.17.10+dfsg.orig.tar.xz 8c4a830743ff198634f1981914984d8c 271772 net optional samba_4.17.10+dfsg-0+deb12u1.debian.tar.xz 45be04c34016238c434ccc9ee3f008f7 6384 net optional samba_4.17.10+dfsg-0+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmS3/ioPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZX84H/jd3fmepwqzUoQZLL//tX6SVvEm7XGdIgnPC 9aFwsIbH/kBFtGe2/tpAFN6UawwWqiXynKsbBe8rlpOgclDKmauUENVsZZVgIHZH 5ZkTguzO4D4dgi9OWqx+mAjdyWopHyVVIjXGvpF+6sI31eVlkeXRfwfYykl4pIK4 fXOVZbIdS83L/1RUzs6PZdzSCfIOmzCizA+F2X8K+/+d9z8EANk0BbNER92OS82C Dr53Rz6JmwQRzSAiDRRwj/xucGXczDcTurE7pLazOntslfXC+Ty7XdLY9x79uH+t toTWaRSErpzBezv1h/8+jkPJhfmEfKI20jITuSWt8T+ojSi5QF4= =hXEQ -----END PGP SIGNATURE-----