543733c830
Release notes: https://www.samba.org/samba/history/samba-4.18.5.html
Fixes the following CVEs:
o CVE-2022-2127:
When winbind is used for NTLM authentication, a maliciously
crafted request can trigger an out-of-bounds read in winbind
and possibly crash it.
https://www.samba.org/samba/security/CVE-2022-2127.html
o CVE-2023-3347:
SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain
Controllers where SMB2 packet signing is mandatory.
https://www.samba.org/samba/security/CVE-2023-3347.html
o CVE-2023-34966:
An infinite loop bug in Samba's mdssvc RPC service for
Spotlight can be triggered by an unauthenticated attacker by
issuing a malformed RPC request.
https://www.samba.org/samba/security/CVE-2023-34966.html
o CVE-2023-34967:
Missing type validation in Samba's mdssvc RPC service for
Spotlight can be used by an unauthenticated attacker to
trigger a process crash in a shared RPC mdssvc worker process.
https://www.samba.org/samba/security/CVE-2023-34967.html
o CVE-2023-34968:
As part of the Spotlight protocol Samba discloses the server-
side absolute path of shares and files and directories in
search results.
https://www.samba.org/samba/security/CVE-2023-34968.html
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| 0001-libreplace-disable-libbsd-support.patch | ||
| 0002-build-find-pre-built-heimdal-build-tools-in-case-of-.patch | ||
| 0003-ldap_message_test.c-include-stdint.h-before-cmoka.h.patch | ||
| 0004-3rdparty-heindal-Use-perl-module-JSON-part-of-core-i.patch | ||
| Config.in | ||
| S91smb | ||
| samba4-cache.txt | ||
| samba4.hash | ||
| samba4.mk | ||