Package libldb-modules-dc: Information
Binary package: libldb-modules-dc
Version: 4.16.10-alt1
Architecture: x86_64
Build time: Apr 14, 2023, 06:47 PM in the task #317735
Source package: samba
Category: System/Libraries
Report package bugHome page: http://www.samba.org/
Summary: The LDB domain controller modules
Description:
The libldb-modules-dc contains the ldb library modules from the Samba domain controller.
Maintainer: Evgeny Sinelnikov
List of contributors:
Evgeny Sinelnikov
Ivan A. Melnikov
Michael Shigorin
Grigory Ustinov
Alexey Shabalin
Alexey Sheplyakov
Andrey Cherepanov
Igor Vlasenko
Vitaly Kuznetsov
Evgeny Sinelnikov
Ivan A. Melnikov
Michael Shigorin
Grigory Ustinov
Alexey Shabalin
Alexey Sheplyakov
Andrey Cherepanov
Igor Vlasenko
Vitaly Kuznetsov
Last changed
March 29, 2023 Evgeny Sinelnikov 4.16.10-alt1
- Update to security release of Samba 4.16 with update libldb to 2.5.3: + ldb wildcard matching makes excessive allocations (Samba#15331). - Security fixes (Samba#15270, Samba#15315): + CVE-2023-0922: The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. https://www.samba.org/samba/security/CVE-2023-0922.html + CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assume they have been obtained and need replacing. https://www.samba.org/samba/security/CVE-2023-0614.html
Feb. 20, 2023 Evgeny Sinelnikov 4.16.9-alt1
- Update to maintenance release of Samba 4.16 - Security fixes: + CVE-2022-38023: Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (Samba#15240). - Major fixes: + smbc_getxattr() return value is incorrect (Samba#14808). + samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS (Samba#15226). + smbd crashes if an FSCTL request is done on a stream handle (Samba#15236). + auth3_generate_session_info_pac leaks wbcAuthUserInfo (Samba#15286). + Leak in wbcCtxPingDc2 (Samba#15164). + irpc_destructor may crash during shutdown (Samba#15280). - Share enumeration (netshareenum) fixes: + %U for include directive doesn't work for share listing (Samba#15243). + Shares missing from netshareenum response in samba 4.17.4 (Samba#15266). + Access based share enum does not work in Samba 4.16+ (Samba#15265). + Crash during share enumeration (Samba#15267).
Dec. 15, 2022 Evgeny Sinelnikov 4.16.8-alt1
- Update to maintenance release of Samba 4.16 with fixes of the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022 (CVE-2022-37967, CVE-2022-37966). - Security fixes: + CVE-2022-37966: A Samba Active Directory DC will issue weak rc4-hmac session keys for use between modern clients and servers despite all modern Kerberos implementations supporting the aes256-cts-hmac-sha1-96 cipher. On Samba Active Directory DCs and members 'kerberos encryption types = legacy' would force rc4-hmac as a client even if the server supports aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96 (Samba#13135, Samba#15219, Samba#15237). https://www.samba.org/samba/security/CVE-2022-37966.html + CVE-2022-37967: A service account with the special constrained delegation permission could forge a more powerful ticket than the one it was presented with (Samba#15231). https://www.samba.org/samba/security/CVE-2022-37967.html + CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak (Samba#15240). https://www.samba.org/samba/security/CVE-2022-38023.html