Package samba: Information

Source package: samba
Version: 4.17.10-alt1
Build time:  Jul 25, 2023, 11:54 AM
Category: System/Servers
Report package bug
License: GPLv3+ and LGPLv3+
Summary: The Samba4 CIFS and AD client and server suite
Description: 
Samba is the standard Windows interoperability suite of programs for Linux and Unix.

List of rpms provided by this srpm:
admx-samba (noarch)
libldb-modules-ldap (mipsel)
libldb-modules-ldap-debuginfo (mipsel)
libsmbclient (mipsel)
libsmbclient-debuginfo (mipsel)
libsmbclient-devel (mipsel)
libwbclient (mipsel)
libwbclient-debuginfo (mipsel)
libwbclient-devel (mipsel)
python3-module-samba (mipsel)
python3-module-samba-debuginfo (mipsel)
python3-module-samba-devel (mipsel)
samba (mipsel)
samba-client (mipsel)
samba-client-debuginfo (mipsel)
samba-common (noarch)
samba-common-client (noarch)
samba-common-libs (mipsel)
samba-common-libs-debuginfo (mipsel)
samba-common-tools (mipsel)
samba-common-tools-debuginfo (mipsel)
samba-ctdb (mipsel)
samba-ctdb-debuginfo (mipsel)
samba-dc (mipsel)
samba-dc-client (mipsel)
samba-dc-common (noarch)
samba-dc-debuginfo (mipsel)
samba-dc-libs (mipsel)
samba-dc-libs-debuginfo (mipsel)
samba-dc-mitkrb5 (mipsel)
samba-dc-mitkrb5-debuginfo (mipsel)
samba-dcerpc (mipsel)
samba-dcerpc-debuginfo (mipsel)
samba-debuginfo (mipsel)
samba-devel (mipsel)
samba-doc (noarch)
samba-gpupdate (mipsel)
samba-krb5-printing (mipsel)
samba-krb5-printing-debuginfo (mipsel)
samba-libs (mipsel)
samba-libs-debuginfo (mipsel)
samba-pidl (noarch)
samba-test (mipsel)
samba-test-debuginfo (mipsel)
samba-usershares (mipsel)
samba-util-private-headers (mipsel)
samba-vfs-glusterfs (mipsel)
samba-vfs-glusterfs-debuginfo (mipsel)
samba-vfs-snapper (mipsel)
samba-vfs-snapper-debuginfo (mipsel)
samba-winbind (mipsel)
samba-winbind-clients (mipsel)
samba-winbind-clients-debuginfo (mipsel)
samba-winbind-common (mipsel)
samba-winbind-debuginfo (mipsel)
samba-winbind-krb5-localauth (mipsel)
samba-winbind-krb5-localauth-debuginfo (mipsel)
samba-winbind-krb5-locator (mipsel)
samba-winbind-krb5-locator-debuginfo (mipsel)
task-samba-dc (noarch)
task-samba-dc-mitkrb5 (noarch)

Maintainer: Evgeny Sinelnikov


    1. libxslt
    2. libncurses-devel
    3. /proc
    4. glibc-devel
    5. /usr/bin/rpcgen
    6. docbook-style-xsl
    7. glibc-kernheaders
    8. netpbm
    9. libcap-devel
    10. libpam-devel
    11. html2text
    12. flex
    13. libcups-devel
    14. libdbus-devel
    15. gawk
    16. libpopt-devel
    17. admx-lint
    18. libe2fs-devel
    19. libacl-devel
    20. ceph-devel
    21. libarchive-devel >= 3.1.2
    22. libattr-devel
    23. libavahi-devel
    24. python3-devel
    25. dblatex
    26. python3-module-dns
    27. libreadline-devel
    28. python3-module-pyldb-devel
    29. python3-module-markdown
    30. python3-module-talloc-devel
    31. python3-module-tdb
    32. python3-module-tevent
    33. perl-JSON
    34. libglusterfs-api-devel
    35. perl-Parse-Yapp
    36. perl-devel
    37. libgnutls-devel
    38. libgpgme-devel
    39. krb5-kdc
    40. rpm-build-python3
    41. libgtk+2-devel
    42. tracker-devel
    43. libssl-devel
    44. libiniparser-devel
    45. libjansson-devel
    46. xsltproc
    47. zlib-devel
    48. libldap-devel
    49. libkrb5-devel
    50. libldb-devel = 2.6.2
    51. libtevent-devel >= 0.13.0
    52. libsystemd-devel
    53. libtirpc-devel
    54. libuuid-devel
    55. libtalloc-devel >= 2.3.4
    56. libtasn1-devel
    57. libtasn1-utils
    58. libtdb-devel >= 1.4.7

Last changed


July 23, 2023 Evgeny Sinelnikov 4.17.10-alt1
- Update to maintenance release of Samba 4.17:
  + Secure channel faulty since Windows 10/11 update 07/2023 (KB5028166).

- Security fixes (Samba#15418):
  + CVE-2022-2127:  When winbind is used for NTLM authentication, a maliciously
                    crafted request can trigger an out-of-bounds read in winbind
                    and possibly crash it.
                    https://www.samba.org/samba/security/CVE-2022-2127.html

  + CVE-2023-3347:  SMB2 packet signing is not enforced if an admin configured
                    "server signing = required" or for SMB2 connections to Domain
                    Controllers where SMB2 packet signing is mandatory.
                    https://www.samba.org/samba/security/CVE-2023-3347.html

  + CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
                    Spotlight can be triggered by an unauthenticated attacker by
                    issuing a malformed RPC request.
                    https://www.samba.org/samba/security/CVE-2023-34966.html

  + CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
                    Spotlight can be used by an unauthenticated attacker to
                    trigger a process crash in a shared RPC mdssvc worker process.
                    https://www.samba.org/samba/security/CVE-2023-34967.html

  + CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
                    side absolute path of shares and files and directories in
                    search results.
                    https://www.samba.org/samba/security/CVE-2023-34968.html
July 10, 2023 Evgeny Sinelnikov 4.17.9-alt1
- Update to maintenance release of Samba 4.17:
  + smbd_scavenger crashes when service smbd is stopped (Samba#15275).
  + vfs_fruit might cause a failing open for delete (Samba#15378).
  + named crashes on DLZ zone update (Samba#14030).
  + winbind recurses into itself via rpcd_lsad (Samba#15361).
  + cli_list loops 100% CPU against pre-lanman2 servers (Samba#15382).
  + smbclient leaks fds with showacls (Samba#15391).
  + aes256 smb3 encryption algorithms are not allowed in
    smb3_sid_parse() (Samba#15374).
  + winbindd gets stuck on NT_STATUS_RPC_SEC_PKG_ERROR (Samba#15413).
  + smbget memory leak if failed to download files recursively (Samba#15403).
- Add check with admx-lint for group policy templates validation.
May 21, 2023 Evgeny Sinelnikov 4.17.8-alt1
- Update to maintenance release of Samba 4.17:
  + log flood: smbd_calculate_access_mask_fsp: Access denied: message level
    should be lower (Samba#15302).
  + Floating point exception (FPE) via cli_pull_send at
    source3/libsmb/clireadwrite.c (Samba#15306).
  + Reduce flapping of ridalloc test (Samba#15329).
  + large_ldap test is unreliable (Samba#15351).
  + New filename parser doesn't check veto files smb.conf parameter (Samba#15143).
  + mdssvc may crash when initializing (Samba#15354).
  + Large directory optimization broken for non-lcomp path elements (Samba#15313).
  + streams_depot fails to create streams (Samba#15357).
  + shadow_copy2 and streams_depot don't play well together (Samba#15358).
  + wbinfo -u fails on ad dc with >1000 users (Samba#15366).
  + winbindd idmap child contacts the domain controller without a
    need (Samba#15317).
  + idmap_autorid may fail to map sids of trusted domains for the first
    time (Samba#15318).
  + idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings (Samba#15319).
  + net ads search -P doesn't work against servers in other domains (Samba#15323).
  + DS ACEs might be inherited to unrelated object classes (Samba#15338).
  + Temporary smbXsrv_tcon_global.tdb can't be parsed (Samba#15353).
  + Setting veto files = /.*/ break listing directories (Samba#15360).
  + CVE-2020-25720 [SECURITY] Create Child permission should not
    allow full write to all attributes (additional changes) (Samba#14810).
  + Reduce flapping of ridalloc test (Samba#15329).
  + dsgetdcname: assumes local system uses IPv4 (Samba#15325).