From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] samba: Update to 4.19.2
Date: Thu, 19 Oct 2023 23:36:17 +0200 [thread overview]
Message-ID: <7f30373f-861b-4f47-b378-d8dc6ded2022@ipfire.org> (raw)
In-Reply-To: <20231019170324.3594584-1-matthias.fischer@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 4917 bytes --]
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
On 19/10/2023 19:03, Matthias Fischer wrote:
> For details see:
>
> v4.19.1. => https://www.samba.org/samba/history/samba-4.19.1.html
> "
> ==============================
> Release Notes for Samba 4.19.1
> October 10, 2023
> ==============================
>
> This is a security release in order to address the following defects:
>
> o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to
> existing unix domain sockets on the file system.
> https://www.samba.org/samba/security/CVE-2023-3961.html
>
> o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with
> OVERWRITE disposition when using the acl_xattr Samba VFS
> module with the smb.conf setting
> "acl_xattr:ignore system acls = yes"
> https://www.samba.org/samba/security/CVE-2023-4091.html
>
> o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
> attributes, including secrets and passwords. Additionally,
> the access check fails open on error conditions.
> https://www.samba.org/samba/security/CVE-2023-4154.html
>
> o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
> server block for a user-defined amount of time, denying
> service.
> https://www.samba.org/samba/security/CVE-2023-42669.html
>
> o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
> listeners, disrupting service on the AD DC.
> https://www.samba.org/samba/security/CVE-2023-42670.html"
>
> v4.19.2 => https://www.samba.org/samba/history/samba-4.19.2.html
> "Changes since 4.19.1
> --------------------
>
> o Jeremy Allison <jra(a)samba.org>
> * BUG 15423: Use-after-free in aio_del_req_from_fsp during smbd shutdown
> after failed IPC FSCTL_PIPE_TRANSCEIVE.
> * BUG 15426: clidfs.c do_connect() missing a "return" after a cli_shutdown()
> call.
>
> o Ralph Boehme <slow(a)samba.org>
> * BUG 15463: macOS mdfind returns only 50 results.
>
> o Volker Lendecke <vl(a)samba.org>
> * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
> previous cache entry value.
>
> o Stefan Metzmacher <metze(a)samba.org>
> * BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
> impacts sendmail, zabbix, potentially more.
>
> o Martin Schwenke <mschwenke(a)ddn.com>
> * BUG 15479: ctdbd: setproctitle not initialized messages flooding logs.
>
> o Joseph Sutton <josephsutton(a)catalyst.net.nz>
> * BUG 15491: CVE-2023-5568 Heap buffer overflow with freshness tokens in the
> Heimdal KDC in Samba 4.19
> * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
> in use."
>
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> config/rootfiles/packages/x86_64/samba | 1 -
> lfs/samba | 6 +++---
> 2 files changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba
> index 4e5cee3a8..7a44b9cdb 100644
> --- a/config/rootfiles/packages/x86_64/samba
> +++ b/config/rootfiles/packages/x86_64/samba
> @@ -923,7 +923,6 @@ usr/libexec/samba/rpcd_epmapper
> usr/libexec/samba/rpcd_fsrvp
> usr/libexec/samba/rpcd_lsad
> usr/libexec/samba/rpcd_mdssvc
> -usr/libexec/samba/rpcd_rpcecho
> usr/libexec/samba/rpcd_spoolss
> usr/libexec/samba/rpcd_winreg
> usr/libexec/samba/samba-bgqd
> diff --git a/lfs/samba b/lfs/samba
> index 77bb569cd..2f2184ecc 100644
> --- a/lfs/samba
> +++ b/lfs/samba
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 4.19.0
> +VER = 4.19.2
> SUMMARY = A SMB/CIFS File, Print, and Authentication Server
>
> THISAPP = samba-$(VER)
> @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE)
> DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
> PROG = samba
> -PAK_VER = 96
> +PAK_VER = 97
>
> DEPS = avahi cups perl-Parse-Yapp perl-JSON
>
> @@ -47,7 +47,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = 4e0db41d7d06e195cee994c5ec02a37892c1a7dd99ea9defb845fe2fbf96446846c469007218b6b0d6077c0886f0d08b2a4376acba1ed455b641daacd9018f12
> +$(DL_FILE)_BLAKE2 = cb3747f1be6e712c6e68f3720e68aee7db2e4dcc48a9210d002337d6690ed8b027919f333dc4a7c1e74b716ebceeff1d8071463899513edfe51da967d71d8148
>
> install : $(TARGET)
>
--
Sent from my laptop
prev parent reply other threads:[~2023-10-19 21:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-19 17:03 Matthias Fischer
2023-10-19 21:36 ` Adolf Belka [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7f30373f-861b-4f47-b378-d8dc6ded2022@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox