Package samba-winbind-krb5-locator: Information

    Binary package: samba-winbind-krb5-locator
    Version: 4.16.11-alt2
    Architecture: i586
    Build time:  Jul 28, 2023, 06:39 PM in the task #325413
    Source package: samba
    Category: System/Servers
    Report package bug
    Gear: https://git.altlinux.org/gears/s/samba.git?a=tree;hb=b632ce68b22…
    Download: samba-winbind-krb5-locator-4.16.11-alt2.i586.rpm
    Build log: https://git.altlinux.org/tasks/325413/build/200/i586/log
    Home page: http://www.samba.org/
    License: GPLv3+ and LGPLv3+
    Summary: Samba winbind krb5 locator
    Description: 
    The winbind krb5 locator is a plugin for the system kerberos library to allow
the local kerberos library to use the same KDC as samba and winbind use
    Maintainer: Evgeny Sinelnikov
    List of contributors:
    Evgeny Sinelnikov
    Ivan A. Melnikov
    Michael Shigorin
    Grigory Ustinov
    Alexey Shabalin
    Alexey Sheplyakov
    Andrey Cherepanov
    Igor Vlasenko
    Vitaly Kuznetsov

    Last changed

    July 23, 2023 Evgeny Sinelnikov 4.16.11-alt2
    - Add check with admx-lint for group policy templates validation.
    July 23, 2023 Evgeny Sinelnikov 4.16.11-alt1
    - Update to security release of Samba 4.16 (Closes: 46966):
  + Secure channel faulty since Windows 10/11 update 07/2023 (KB5028166).

- Security fixes (Samba#15418):
  + CVE-2022-2127:  When winbind is used for NTLM authentication, a maliciously
                    crafted request can trigger an out-of-bounds read in winbind
                    and possibly crash it.
                    https://www.samba.org/samba/security/CVE-2022-2127.html

  + CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
                    Spotlight can be triggered by an unauthenticated attacker by
                    issuing a malformed RPC request.
                    https://www.samba.org/samba/security/CVE-2023-34966.html

  + CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
                    Spotlight can be used by an unauthenticated attacker to
                    trigger a process crash in a shared RPC mdssvc worker process.
                    https://www.samba.org/samba/security/CVE-2023-34967.html

  + CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
                    side absolute path of shares and files and directories in
                    search results.
                    https://www.samba.org/samba/security/CVE-2023-34968.html
    March 29, 2023 Evgeny Sinelnikov 4.16.10-alt1
    - Update to security release of Samba 4.16 with update libldb to 2.5.3:
  + ldb wildcard matching makes excessive allocations (Samba#15331).

- Security fixes (Samba#15270, Samba#15315):
  + CVE-2023-0922: The Samba AD DC administration tool, when operating against a
                   remote LDAP server, will by default send new or reset
                   passwords over a signed-only connection.
                   https://www.samba.org/samba/security/CVE-2023-0922.html

  + CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
                   Confidential attribute disclosure via LDAP filters was
                   insufficient and an attacker may be able to obtain
                   confidential BitLocker recovery keys from a Samba AD DC.
                   Installations with such secrets in their Samba AD should
                   assume they have been obtained and need replacing.
                   https://www.samba.org/samba/security/CVE-2023-0614.html
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top