The Slackware Linux Project: Slackware Security Advisories

Slackware Security Advisories
News
Security Advisories
FAQ
Book
General Info
Get Slack
Install Help
Configuration
Packages
ChangeLogs
Propaganda
Ports
Other Sites
Support
Contact
Mailing Lists
About
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] samba (SSA:2023-216-02)
Date: Fri, 4 Aug 2023 13:53:11 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  samba (SSA:2023-216-02)

New samba packages are available for Slackware 15.0 and -current to
fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/samba-4.18.5-i586-1_slack15.0.txz:  Upgraded.
  PLEASE NOTE: We are taking the unusual step of moving to the latest Samba
  branch because Windows has made changes that break Samba 4.15.x. The last
  4.15.x will be retained in /pasture as a fallback. There may be some
  required configuration changes with this, but we've kept using MIT Kerberos
  to try to have the behavior change as little as possible. Upgrade carefully.
  This update fixes security issues:
  When winbind is used for NTLM authentication, a maliciously crafted request
  can trigger an out-of-bounds read in winbind and possibly crash it.
  SMB2 packet signing is not enforced if an admin configured
  "server signing = required" or for SMB2 connections to Domain Controllers
  where SMB2 packet signing is mandatory.
  An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
  triggered by an unauthenticated attacker by issuing a malformed RPC request.
  Missing type validation in Samba's mdssvc RPC service for Spotlight can be
  used by an unauthenticated attacker to trigger a process crash in a shared
  RPC mdssvc worker process.
  As part of the Spotlight protocol Samba discloses the server-side absolute
  path of shares and files and directories in search results.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2022-2127.html
    https://www.samba.org/samba/security/CVE-2023-3347.html
    https://www.samba.org/samba/security/CVE-2023-34966.html
    https://www.samba.org/samba/security/CVE-2023-34967.html
    https://www.samba.org/samba/security/CVE-2023-34968.html
    https://www.cve.org/CVERecord?id=CVE-2022-2127
    https://www.cve.org/CVERecord?id=CVE-2023-3347
    https://www.cve.org/CVERecord?id=CVE-2023-34966
    https://www.cve.org/CVERecord?id=CVE-2023-34967
    https://www.cve.org/CVERecord?id=CVE-2023-34968
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/samba-4.18.5-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-4.18.5-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/samba-4.18.5-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 15.0 package:
144bd8d3c2f3deeac28f022e5cdcf285  samba-4.18.5-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
a79a128a1ce98e611d47a143a0883716  samba-4.18.5-x86_64-1_slack15.0.txz

Slackware -current package:
be2cd7839cb224e9567436351034f649  n/samba-4.18.5-i586-1.txz

Slackware x86_64 -current package:
86760d77f53cffe33ebc11578b67f09c  n/samba-4.18.5-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg samba-4.18.5-i586-1_slack15.0.txz

Then, if Samba is running restart it:

# /etc/rc.d/rc.samba restart


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAmTNZEAACgkQakRjwEAQIjOKHgCfWZYiKw7stM/47f1HL3ksr8Gv
OokAn2fatssZhu5KyzMXtClqAoZe1PS4
=i7HI
-----END PGP SIGNATURE-----
Slackware™ is a trademark of Patrick Volkerding.