[Samba] samba 4.13.17 ubuntu 20.04
Andrew Bartlett
abartlet at samba.org
Thu Jan 26 21:05:15 UTC 2023
The latest Ubuntu 20.04 update for Samba has the Windows 22H2 Kerberos
issue fix (the windows 11 2038 date issue)
samba (2:4.13.17~dfsg-0ubuntu1.20.04.4) focal-security; urgency=medium
* SECURITY UPDATE: Buffer overflow in Heimdal unwrap_des3()
- debian/patches/CVE-2022-3437-*.patch
- CVE-2022-3437
* SECURITY UPDATE: Buffer overflow vulnerabilities on 32-bit systems
- debian/patches/CVE-2022-42898-*.patch
- CVE-2022-42898
* SECURITY UPDATE: Samba AD DC can be forced to issue rc4-hmac
encrypted
Kerberos tickets
- debian/patches/CVE-2022-45141-*.patch
- CVE-2022-45141
* SECURITY UPDATE: RC4/HMAC-MD5 NetLogon Secure Channel is weak and
should be avoided
- debian/patches/CVE-2022-38023-*.patch
- CVE-2022-38023
* SECURITY UPDATE: rc4-hmac Kerberos session keys issued to modern
servers
- debian/patches/CVE-2022-3796x-*.patch
- CVE-2022-37966
* SECURITY UPDATE: Kerberos constrained delegation ticket forgery
possible against Samba AD DC
- debian/patches/CVE-2022-3796x-*.patch
- CVE-2022-37967
* debian/patches/win-22H2-fix.patch: split git-style patch into three
individual patches so that it can be manipulated properly with
quilt.
* debian/patches/CVE-2022-44640-*.patch: Heimdal issue that did not
affect Samba, but patches included for completeness.
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Wed, 11 Jan 2023
11:12:16 -0500
On Thu, 2023-01-26 at 20:38 +0100, Frank Rochlitzer via samba wrote:
> We have the same issue with Samba 4.13.17.
> For Ubuntu 20.04 with Samba 4.13.17 there seems to be only a
> workaround to solve the login problem:Modifying the Local Security
> Policy -> Local Policies -> Security Options -> Network
> security:"Configure encryption types allowed for Kerberos" Check only
> DES_CBC_CRC, DES_CBC_MD5 and RC4_HMAC_MD5. This worked for us to
> login again. You can find some more informations here:
> https://stackoverflow.com/questions/75235829/samba-4-13-17-breaks-domain-login-with-kerberos-errors/75249164#75249164
> Best regardsFrank
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list