-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 Oct 2023 18:02:05 +0300 Source: samba Architecture: source Version: 2:4.19.1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Closes: 1053202 Changes: samba (2:4.19.1+dfsg-1) unstable; urgency=medium . * new stable security bugfix release: o CVE-2023-3961: https://www.samba.org/samba/security/CVE-2023-3961.html Unsanitized pipe names allow SMB clients to connect as root to existing unix domain sockets on the file system. o CVE-2023-4091: https://www.samba.org/samba/security/CVE-2023-4091.html SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes" o CVE-2023-4154: https://www.samba.org/samba/security/CVE-2023-4154.html An RODC and a user with the GET_CHANGES right can view all attributes, including secrets and passwords. Additionally, the access check fails open on error conditions. o CVE-2023-42669: https://www.samba.org/samba/security/CVE-2023-42669.html Calls to the rpcecho server on the AD DC can request that the server block for a user-defined amount of time, denying service. o CVE-2023-42670: https://www.samba.org/samba/security/CVE-2023-42670.html Samba can be made to start multiple incompatible RPC listeners, disrupting service on the AD DC. * remove debconf questions and wins dhcp hooks together with po files (wins is not relevant today anymore) * d/control: bump mit-krb5 build-dep (on mitkrb5 profile) to 1.20 * d/control: disable ceph (libcephfs-dev, librados-dev) on 32bit architectures (Closes: #1053202) * d/control: enable rados on riscv64 once it's available there * d/control: samba-libs: depend on libldb of the same version since libldb symbols might appear during previous stable series but they don't propagate to next releases with previous minor version numbers. This is ABI breakage but the symbols are mostly internal to samba itself * debian/libldb2.symbols: update * drop attempts to keep ldb ABI versioning Checksums-Sha1: d2b3d1681fe2fd6d2cdcf4f52ace95474bba0d4f 4416 samba_4.19.1+dfsg-1.dsc e80b3bf25250b6e26aba1b92622ed9b8366d8f82 24530072 samba_4.19.1+dfsg.orig.tar.xz 10b689cda2ceff42785ef2cd89e68c861d3940da 172940 samba_4.19.1+dfsg-1.debian.tar.xz 0a7fbe521f398d5d33ff4174601a04ada043afa8 6272 samba_4.19.1+dfsg-1_source.buildinfo Checksums-Sha256: 0484e3c68833a0efb6014581aba965dae22d234720c38207b0064edfb439ae30 4416 samba_4.19.1+dfsg-1.dsc 0947b2b4f2793537f51c3d92302cbb044b956e1803bd3aba0ff9d8668e5cbdbb 24530072 samba_4.19.1+dfsg.orig.tar.xz a9ea34f49b00390783d939bae04a141cddea9d2903ead385b4de5161a24cf4b5 172940 samba_4.19.1+dfsg-1.debian.tar.xz 34ce41e5eb5146aee074626bff670b99a78f0d0101d470673eb10818c2182343 6272 samba_4.19.1+dfsg-1_source.buildinfo Files: 86c447b4ad18f08efce1c15883a094cc 4416 net optional samba_4.19.1+dfsg-1.dsc 6151e94a605ac06b4982d37174f193cc 24530072 net optional samba_4.19.1+dfsg.orig.tar.xz 2c7f2aa33930a7e63899f4e99da4eb1e 172940 net optional samba_4.19.1+dfsg-1.debian.tar.xz 3ead2aaa2915ed0b45d68a6dc06cf947 6272 net optional samba_4.19.1+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmUlZ8gPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZhCAH+wS1DWbqYFCtxo7Ipz4rTJlcjgMDcSA/nB0f a2gmE1k6n1ZfggPt4LXat4czn3TivKEC18KbIbQeUVzSe/gzXX4DlRdxzDRR17wP Y5gWnmZ5GsP6dp/Py2Xm1w/5cj8irYaeYCFC05C38A4YZX8n8tj2kSMALX4lSWfZ odGFdgF4LO597qtrYLsU1K42PJ9QFujuvC0b8+r7A21m0gh5dr8IvwsC5Adm2Hy/ xqAvWsZhq5TNhAnmrvgpwZvPmSlr64Tmy9lQXtYhzd3t5gSIxPA9TAiMtXVKDIU4 zXkjqnvbCvIBH8yRwp0WRQoOfOFOpCBRMAcjADHLQKz44by1t5E= =IrT3 -----END PGP SIGNATURE-----
