[ubuntu/focal-security] samba 2:4.15.13+dfsg-0ubuntu0.20.04.6 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Oct 10 14:50:23 UTC 2023 

samba (2:4.15.13+dfsg-0ubuntu0.20.04.6) focal-security; urgency=medium

  * SECURITY UPDATE: SMB clients can truncate files with read-only
    permissions
    - debian/patches/CVE-2023-4091-*.patch
    - CVE-2023-4091
  * SECURITY UPDATE: Samba AD DC password exposure to privileged users and
    RODCs
    - debian/patches/CVE-2023-4154-*.patch
    - CVE-2023-4154
  * SECURITY UPDATE: rpcecho development server allows Denial of Service
    via sleep() call on AD DC
    - debian/patches/CVE-2023-42669.patch
    - CVE-2023-42669

samba (2:4.15.13+dfsg-0ubuntu0.20.04.5) focal; urgency=medium

  * d/p/issue-when-updating-old-passwd-containing-regex-metachars.patch:
    Add changes to fix uncaught exception when updating old password
    containing regex metacharacters by simplifying samba-tool password
    redaction (LP: #2002949).

samba (2:4.15.13+dfsg-0ubuntu0.20.04.4) focal; urgency=medium

  * d/p/secure-channel-faulty-kb5028166.patch: fix domain membership
    after Windows KB5028166 update (LP: #2027716)
  * Cherry pick samba AD DC provisioning DEP8 test from later Ubuntu
    releases (LP: #1977746, LP: #2011745):
    - d/t/control, d/t/util,d/t/samba-ad-dc-provisioning-internal-dns:
      samba AD DC provisioning and domain join tests with internal DNS
      + d/t/control: adjust package dependencies
      + d/t/samba-ad-dc-provisioning-internal-dns: handle the case where
        libnss-winbind does not automatically add winbind to
        /etc/nsswitch.conf (that is done only in Lunar and later)
      + d/t/samba-ad-dc-provisioning-internal-dns: use case insensitive
        match when inspecting kerberos tickets, as the hostname may be
        capitalized
      + d/t/samba-ad-dc-provisioning-internal-dns: Adjust regexp for
        slightly different resolvectl output
      + d/t/util: several lxc command output parsing changes, needed for
        this older version of the lxd snap
      + d/t/samba-ad-dc-provisioning-internal-dns: more dependencies for
        the winbind and sssd domain join tests, which don't get
        installed automatically for us by this version of realmd
      + d/t/util: increase the RLIMIT_MEMLOCK limit for lxd containers,
        as the default of 64kb is too low for at least ppc64el on focal

Date: 2023-10-05 15:21:09.608786+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/samba/2:4.15.13+dfsg-0ubuntu0.20.04.6
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list