-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 20 Jul 2023 23:42:41 +0300 Source: samba Architecture: source Version: 2:4.17.10+dfsg-0+deb12u1~bpo11+1 Distribution: bullseye-backports Urgency: medium Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Closes: 1041043 Changes: samba (2:4.17.10+dfsg-0+deb12u1~bpo11+1) bullseye-backports; urgency=medium . * Rebuild for bullseye-backports. . samba (2:4.17.10+dfsg-0+deb12u1) bookworm-security; urgency=medium . * new upstream stable/security release 4.17.10, including: o CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html o CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. https://www.samba.org/samba/security/CVE-2023-3347.html o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. https://www.samba.org/samba/security/CVE-2023-34966.html o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. https://www.samba.org/samba/security/CVE-2023-34967.html o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results. https://www.samba.org/samba/security/CVE-2023-34968.html o BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023. https://bugzilla.samba.org/show_bug.cgi?id=15418 (this has been patched in the previous upload; Closes: #1041043) Checksums-Sha1: 14c3f9a296f24f3875de204d96364447a1d4b842 4486 samba_4.17.10+dfsg-0+deb12u1~bpo11+1.dsc 6f7fc214069b0b7902c09dffa4b37459c2e755da 271680 samba_4.17.10+dfsg-0+deb12u1~bpo11+1.debian.tar.xz b605ab87790eb6a7310ffb83eedb5b3e9aa7fe33 6482 samba_4.17.10+dfsg-0+deb12u1~bpo11+1_source.buildinfo Checksums-Sha256: 29605af78415d0ed0352c115e8ce7c03662a2fb610381b01392d1ff92802dc7e 4486 samba_4.17.10+dfsg-0+deb12u1~bpo11+1.dsc 154bf939b6abcb8f8d7fd3e6768e59e5e85a0a96cfd1045783fdfc68022e38ae 271680 samba_4.17.10+dfsg-0+deb12u1~bpo11+1.debian.tar.xz d0348b58ea542d0c01296a04f69f136444143536450b59e012c2d99daead511e 6482 samba_4.17.10+dfsg-0+deb12u1~bpo11+1_source.buildinfo Files: 2dde2ee27a943f89b08779c0f90768a5 4486 net optional samba_4.17.10+dfsg-0+deb12u1~bpo11+1.dsc ed7387d6fc66881ed9ba753ce8c0eeb3 271680 net optional samba_4.17.10+dfsg-0+deb12u1~bpo11+1.debian.tar.xz 09804d2be4a107494416821390686b3c 6482 net optional samba_4.17.10+dfsg-0+deb12u1~bpo11+1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmTbUJcPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZPOIH+gO7UlzT8OiVgW+3BCwUMcn9cAyz/3mKdXxo 3IhMNaDacjZZLNjcX67HKPNcwD9SzvkYK04HRjNZbjNUcX8cxIc+IDwZewPE8Yb+ SkUl7ZZBQpnfeiLND9Sgl2LPxCJOvK43oG8AmpDKnbLEawtTwz7S/OG3Bmpu7rIM j3AZddO4Aa3a5mbcva9VENSHC4Ic40oOjgf0dE5ITalp5aHmAl/QyK+to4DQYZw3 CQId5MmcV3Vm7DpBcYHrF44XHktdHYkHvkeb+WE0xvwHyMfppG26RVvtaQU2MVWS jppUTurKFa49ObhQ3w9V6PINduNNEtZ4NojbLOo2PSYAHxpADYI= =qX5d -----END PGP SIGNATURE-----
