[Samba] CVE-2022-38023 and Samba versions
Rowland Penny
rpenny at samba.org
Thu Jun 8 15:28:21 UTC 2023
On 08/06/2023 16:06, Jim Brand via samba wrote:
> This is in reference to
>
> https://www.samba.org/samba/security/CVE-2022-38023.html
>
>
> "Samba 4.15.13, 4.16.8 and 4.17.4 have been issued
> as security releases to correct the defect. Samba administrators are
> advised to upgrade to these releases or apply the patch as soon
> as possible."
>
> Does this only apply if you are running a Linux DC?
I very much doubt it, a Samba DC is trying its hardest to be compatible
with a Windows DC, so NETLOGON is going to be the same and use the same
cyphers.
> We are not and are running these Samba versions
>
> Linux 7 samba-4.10.16-24
> Linux 6 samba-4.10.16-20
>
> Will these be affected?
Yes, you need to check if red-hat has patched Samba (not sure if RHEL6
will have been.
Rowland
More information about the samba
mailing list