[Samba] CVE-2022-38023 and Samba versions

Rowland Penny rpenny at samba.org
Thu Jun 8 15:28:21 UTC 2023



On 08/06/2023 16:06, Jim Brand via samba wrote:
> This is in reference to
> 
> https://www.samba.org/samba/security/CVE-2022-38023.html
> 
> 
> "Samba 4.15.13, 4.16.8 and 4.17.4 have been issued
> as security releases to correct the defect.  Samba administrators are
> advised to upgrade to these releases or apply the patch as soon
> as possible."
> 
> Does this only apply if you are running a Linux DC?  

I very much doubt it, a Samba DC is trying its hardest to be compatible 
with a Windows DC, so NETLOGON is going to be the same and use the same 
cyphers.

> We are not and are running these Samba versions


> 
> Linux 7 samba-4.10.16-24
> Linux 6 samba-4.10.16-20
> 
> Will these be affected?

Yes, you need to check if red-hat has patched Samba (not sure if RHEL6 
will have been.

Rowland




More information about the samba mailing list