[Samba] samba 4.13.17 ubuntu 20.04

Andrew Bartlett abartlet at samba.org
Thu Jan 26 21:06:46 UTC 2023 

Actually the fix went out on Dec 7 2022:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1993934/comments/45 id="-x-evo-selection-start-marker">
On Fri, 2023-01-27 at 10:05 +1300, Andrew Bartlett wrote:
> The latest Ubuntu 20.04 update for Samba has the Windows 22H2
> Kerberos issue fix (the windows 11 2038 date issue)
> samba (2:4.13.17~dfsg-0ubuntu1.20.04.4) focal-security;
> urgency=medium
>   * SECURITY UPDATE: Buffer overflow in Heimdal unwrap_des3()    -
> debian/patches/CVE-2022-3437-*.patch    - CVE-2022-3437  * SECURITY
> UPDATE: Buffer overflow vulnerabilities on 32-bit systems    -
> debian/patches/CVE-2022-42898-*.patch    - CVE-2022-42898  * SECURITY
> UPDATE: Samba AD DC can be forced to issue rc4-hmac
> encrypted    Kerberos tickets    - debian/patches/CVE-2022-45141-
> *.patch    - CVE-2022-45141  * SECURITY UPDATE: RC4/HMAC-MD5 NetLogon
> Secure Channel is weak and    should be avoided    -
> debian/patches/CVE-2022-38023-*.patch    - CVE-2022-38023  * SECURITY
> UPDATE: rc4-hmac Kerberos session keys issued to modern servers    -
> debian/patches/CVE-2022-3796x-*.patch    - CVE-2022-37966  * SECURITY
> UPDATE: Kerberos constrained delegation ticket forgery    possible
> against Samba AD DC    - debian/patches/CVE-2022-3796x-*.patch    -
> CVE-2022-37967  * debian/patches/win-22H2-fix.patch: split git-style
> patch into three    individual patches so that it can be manipulated
> properly with quilt.  * debian/patches/CVE-2022-44640-*.patch:
> Heimdal issue that did not    affect Samba, but patches included for
> completeness.
>  -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Wed, 11 Jan 2023
> 11:12:16 -0500On Thu, 2023-01-26 at 20:38 +0100, Frank Rochlitzer via
> samba wrote:
> > We have the same issue with Samba 4.13.17.
> > For Ubuntu 20.04 with Samba 4.13.17 there seems to be only a
> > workaround to solve the login problem:Modifying the Local Security
> > Policy -> Local Policies -> Security Options -> Network
> > security:"Configure encryption types allowed for Kerberos" Check
> > only DES_CBC_CRC, DES_CBC_MD5 and RC4_HMAC_MD5. This worked for us
> > to login again. You can find some more informations here:
> > https://stackoverflow.com/questions/75235829/samba-4-13-17-breaks-domain-login-with-kerberos-errors/75249164#75249164
> >  Best regardsFrank
> -- 
> Andrew Bartlett (he/him)       https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba
> 
> Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
> company
> 
> Samba Development and Support: https://catalyst.net.nz/services/samba
> 
> Catalyst IT - Expert Open Source Solutions
> 
> 
> 
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions

More information about the samba mailing list