[Samba] samba 4.13.17 ubuntu 20.04

Andrew Bartlett abartlet at samba.org
Thu Jan 26 21:05:15 UTC 2023


The latest Ubuntu 20.04 update for Samba has the Windows 22H2 Kerberos
issue fix (the windows 11 2038 date issue)
samba (2:4.13.17~dfsg-0ubuntu1.20.04.4) focal-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow in Heimdal unwrap_des3()
    - debian/patches/CVE-2022-3437-*.patch
    - CVE-2022-3437
  * SECURITY UPDATE: Buffer overflow vulnerabilities on 32-bit systems
    - debian/patches/CVE-2022-42898-*.patch
    - CVE-2022-42898
  * SECURITY UPDATE: Samba AD DC can be forced to issue rc4-hmac
encrypted
    Kerberos tickets
    - debian/patches/CVE-2022-45141-*.patch
    - CVE-2022-45141
  * SECURITY UPDATE: RC4/HMAC-MD5 NetLogon Secure Channel is weak and
    should be avoided
    - debian/patches/CVE-2022-38023-*.patch
    - CVE-2022-38023
  * SECURITY UPDATE: rc4-hmac Kerberos session keys issued to modern
servers
    - debian/patches/CVE-2022-3796x-*.patch
    - CVE-2022-37966
  * SECURITY UPDATE: Kerberos constrained delegation ticket forgery
    possible against Samba AD DC
    - debian/patches/CVE-2022-3796x-*.patch
    - CVE-2022-37967
  * debian/patches/win-22H2-fix.patch: split git-style patch into three
    individual patches so that it can be manipulated properly with
quilt.
  * debian/patches/CVE-2022-44640-*.patch: Heimdal issue that did not
    affect Samba, but patches included for completeness.

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Wed, 11 Jan 2023
11:12:16 -0500
On Thu, 2023-01-26 at 20:38 +0100, Frank Rochlitzer via samba wrote:
> We have the same issue with Samba 4.13.17.
> For Ubuntu 20.04 with Samba 4.13.17 there seems to be only a
> workaround to solve the login problem:Modifying the Local Security
> Policy -> Local Policies -> Security Options -> Network
> security:"Configure encryption types allowed for Kerberos" Check only
> DES_CBC_CRC, DES_CBC_MD5 and RC4_HMAC_MD5. This worked for us to
> login again. You can find some more informations here:
> https://stackoverflow.com/questions/75235829/samba-4-13-17-breaks-domain-login-with-kerberos-errors/75249164#75249164
>  Best regardsFrank
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions





More information about the samba mailing list