Lucene search

K
altlinuxHttps://packages.altlinux.org/en/sisyphus/security/FEF91C14688C33AE69CA56E9740A07E4
HistoryApr 14, 2023 - 12:00 a.m.

Security fix for the ALT Linux 10 package samba version 4.16.10-alt1

2023-04-1400:00:00
https://packages.altlinux.org/en/sisyphus/security/
packages.altlinux.org
16
security fix
alt linux 10
samba 4.16.10
cve-2023-0922
cve-2023-0614
evgeny sinelnikov

EPSS

0.003

Percentile

71.7%

4.16.10-alt1 built April 14, 2023 Evgeny Sinelnikov in task #317735

March 29, 2023 Evgeny Sinelnikov

- Update to security release of Samba 4.16 with update libldb to 2.5.3:
  + ldb wildcard matching makes excessive allocations (Samba#15331).

- Security fixes (Samba#15270, Samba#15315):
  + CVE-2023-0922: The Samba AD DC administration tool, when operating against a
                   remote LDAP server, will by default send new or reset
                   passwords over a signed-only connection.
                   https://www.samba.org/samba/security/CVE-2023-0922.html

  + CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
                   Confidential attribute disclosure via LDAP filters was
                   insufficient and an attacker may be able to obtain
                   confidential BitLocker recovery keys from a Samba AD DC.
                   Installations with such secrets in their Samba AD should
                   assume they have been obtained and need replacing.
                   https://www.samba.org/samba/security/CVE-2023-0614.html