Package libwbclient-devel: Information

  • Default inline alert: Version in the repository: 4.20.1-alt1

Binary package: libwbclient-devel
Version: 4.16.8-alt1
Architecture: i586
Build time:  Dec 16, 2022, 02:52 AM in the task #311836
Source package: samba
Category: Development/C
Report package bug
License: GPLv3+ and LGPLv3+
Summary: Developer tools for the winbind library
Description: 
The libwbclient-devel package provides developer tools for the wbclient library.

Maintainer: Evgeny Sinelnikov


Last changed


Dec. 15, 2022 Evgeny Sinelnikov 4.16.8-alt1
- Update to maintenance release of Samba 4.16 with fixes of the Samba CVE for
  the Windows Kerberos Elevation of Privilege Vulnerability disclosed by
  Microsoft on Nov 8 2022 (CVE-2022-37967, CVE-2022-37966).
- Security fixes:
  + CVE-2022-37966: A Samba Active Directory DC will issue weak rc4-hmac
                    session keys for use between modern clients and servers
                    despite all modern Kerberos implementations supporting
                    the aes256-cts-hmac-sha1-96 cipher.
                    On Samba Active Directory DCs and members
                    'kerberos encryption types = legacy' would force
                    rc4-hmac as a client even if the server supports
                    aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96
                    (Samba#13135, Samba#15219, Samba#15237).
                     https://www.samba.org/samba/security/CVE-2022-37966.html

  + CVE-2022-37967: A service account with the special constrained
                    delegation permission could forge a more powerful
                    ticket than the one it was presented with (Samba#15231).
                     https://www.samba.org/samba/security/CVE-2022-37967.html

  + CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
                    same algorithms as rc4-hmac cryptography in Kerberos,
                    and so must also be assumed to be weak (Samba#15240).
                     https://www.samba.org/samba/security/CVE-2022-38023.html
Dec. 12, 2022 Evgeny Sinelnikov 4.16.7-alt5
- Update text of summary for role-usershares and smb-conf-usershares.
- Update default usershare prefix allow and deny lists:
  + usershare prefix deny list = /etc /dev /sys /proc
  + usershare prefix allow list = /home /srv /mnt /media /var
- Add new controls for samba-usershares:
  + smb-conf-usershare-allow-list
  + smb-conf-usershare-deny-list
  + smb-conf-usershare-owner-only
  + smb-conf-usershare-allow-guests
Dec. 8, 2022 Evgeny Sinelnikov 4.16.7-alt4
- Add role-sambashare control for compatibility during upgrade from previous
  manual managed settings of usershares.
- Trigger sambashare as role with privilege usershares (Closes: #44379).