Package libldb-modules-dc: Information

    Binary package: libldb-modules-dc
    Version: 4.16.8-alt1
    Architecture: x86_64
    Build time:  Dec 16, 2022, 02:52 AM in the task #311836
    Source package: samba
    Category: System/Libraries
    Report package bug
    Gear: https://git.altlinux.org/gears/s/samba.git?a=tree;hb=c1dffa5b531…
    Download: libldb-modules-dc-4.16.8-alt1.x86_64.rpm
    Build log: https://git.altlinux.org/tasks/311836/build/100/x86_64/log
    Home page: http://www.samba.org/
    License: GPLv3+ and LGPLv3+
    Summary: The LDB domain controller modules
    Description: 
    The libldb-modules-dc contains the ldb library modules from the Samba domain controller.
    Maintainer: Evgeny Sinelnikov
    List of contributors:
    Evgeny Sinelnikov
    Ivan A. Melnikov
    Michael Shigorin
    Grigory Ustinov
    Alexey Shabalin
    Alexey Sheplyakov
    Andrey Cherepanov
    Igor Vlasenko
    Vitaly Kuznetsov

    Last changed

    Dec. 15, 2022 Evgeny Sinelnikov 4.16.8-alt1
    - Update to maintenance release of Samba 4.16 with fixes of the Samba CVE for
  the Windows Kerberos Elevation of Privilege Vulnerability disclosed by
  Microsoft on Nov 8 2022 (CVE-2022-37967, CVE-2022-37966).
- Security fixes:
  + CVE-2022-37966: A Samba Active Directory DC will issue weak rc4-hmac
                    session keys for use between modern clients and servers
                    despite all modern Kerberos implementations supporting
                    the aes256-cts-hmac-sha1-96 cipher.
                    On Samba Active Directory DCs and members
                    'kerberos encryption types = legacy' would force
                    rc4-hmac as a client even if the server supports
                    aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96
                    (Samba#13135, Samba#15219, Samba#15237).
                     https://www.samba.org/samba/security/CVE-2022-37966.html

  + CVE-2022-37967: A service account with the special constrained
                    delegation permission could forge a more powerful
                    ticket than the one it was presented with (Samba#15231).
                     https://www.samba.org/samba/security/CVE-2022-37967.html

  + CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
                    same algorithms as rc4-hmac cryptography in Kerberos,
                    and so must also be assumed to be weak (Samba#15240).
                     https://www.samba.org/samba/security/CVE-2022-38023.html
    Dec. 12, 2022 Evgeny Sinelnikov 4.16.7-alt5
    - Update text of summary for role-usershares and smb-conf-usershares.
- Update default usershare prefix allow and deny lists:
  + usershare prefix deny list = /etc /dev /sys /proc
  + usershare prefix allow list = /home /srv /mnt /media /var
- Add new controls for samba-usershares:
  + smb-conf-usershare-allow-list
  + smb-conf-usershare-deny-list
  + smb-conf-usershare-owner-only
  + smb-conf-usershare-allow-guests
    Dec. 8, 2022 Evgeny Sinelnikov 4.16.7-alt4
    - Add role-sambashare control for compatibility during upgrade from previous
  manual managed settings of usershares.
- Trigger sambashare as role with privilege usershares (Closes: #44379).
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top