[Samba] samba 4.13.17 ubuntu 20.04
Andrew Bartlett
abartlet at samba.org
Thu Jan 26 21:06:46 UTC 2023
Actually the fix went out on Dec 7 2022:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1993934/comments/45 id="-x-evo-selection-start-marker">
On Fri, 2023-01-27 at 10:05 +1300, Andrew Bartlett wrote:
> The latest Ubuntu 20.04 update for Samba has the Windows 22H2
> Kerberos issue fix (the windows 11 2038 date issue)
> samba (2:4.13.17~dfsg-0ubuntu1.20.04.4) focal-security;
> urgency=medium
> * SECURITY UPDATE: Buffer overflow in Heimdal unwrap_des3() -
> debian/patches/CVE-2022-3437-*.patch - CVE-2022-3437 * SECURITY
> UPDATE: Buffer overflow vulnerabilities on 32-bit systems -
> debian/patches/CVE-2022-42898-*.patch - CVE-2022-42898 * SECURITY
> UPDATE: Samba AD DC can be forced to issue rc4-hmac
> encrypted Kerberos tickets - debian/patches/CVE-2022-45141-
> *.patch - CVE-2022-45141 * SECURITY UPDATE: RC4/HMAC-MD5 NetLogon
> Secure Channel is weak and should be avoided -
> debian/patches/CVE-2022-38023-*.patch - CVE-2022-38023 * SECURITY
> UPDATE: rc4-hmac Kerberos session keys issued to modern servers -
> debian/patches/CVE-2022-3796x-*.patch - CVE-2022-37966 * SECURITY
> UPDATE: Kerberos constrained delegation ticket forgery possible
> against Samba AD DC - debian/patches/CVE-2022-3796x-*.patch -
> CVE-2022-37967 * debian/patches/win-22H2-fix.patch: split git-style
> patch into three individual patches so that it can be manipulated
> properly with quilt. * debian/patches/CVE-2022-44640-*.patch:
> Heimdal issue that did not affect Samba, but patches included for
> completeness.
> -- Marc Deslauriers <marc.deslauriers at ubuntu.com> Wed, 11 Jan 2023
> 11:12:16 -0500On Thu, 2023-01-26 at 20:38 +0100, Frank Rochlitzer via
> samba wrote:
> > We have the same issue with Samba 4.13.17.
> > For Ubuntu 20.04 with Samba 4.13.17 there seems to be only a
> > workaround to solve the login problem:Modifying the Local Security
> > Policy -> Local Policies -> Security Options -> Network
> > security:"Configure encryption types allowed for Kerberos" Check
> > only DES_CBC_CRC, DES_CBC_MD5 and RC4_HMAC_MD5. This worked for us
> > to login again. You can find some more informations here:
> > https://stackoverflow.com/questions/75235829/samba-4-13-17-breaks-domain-login-with-kerberos-errors/75249164#75249164
> > Best regardsFrank
> --
> Andrew Bartlett (he/him) https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
>
> Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
> company
>
> Samba Development and Support: https://catalyst.net.nz/services/samba
>
> Catalyst IT - Expert Open Source Solutions
>
>
>
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list