Lucene search

OracleLinuxELSA-2023-6667

HistoryNov 11, 2023 - 12:00 a.m.

samba security, bug fix, and enhancement update

2023-11-1100:00:00

linux.oracle.com

samba security update

bug fixes

enhancements

version 4.18.6-100

cve-2022-2127

cve-2023-3347

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.027 Low

EPSS

Percentile

90.4%

JSON

evolution-mapi
[3.40.1-6]

Related: #2190415 (Rebuild against samba 4.18)
openchange
[2.3-41]
Related: #2190415 (Rebuild against samba 4.18)
samba
[4.18.6-100]
related: rhbz#2190415 - Update to version 4.18.6
resolves: rhbz#2211617 - Fix the rpcclient dfsgetinfo command
[4.18.5-100]
resolves: rhbz#2222895 - Fix CVE-2022-2127 CVE-2023-3347 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968
[4.18.4-102]
resolves: rhbz#2222883 - Fix trust relationship between workstation and DC
[4.18.4-101]
resolves: rhbz#2216712 - Fix broken symlink for libwbclient
resolves: rhbz#2214327 - Fix segfault of winbind child when listing users with winbind scan trusted domains = yes
resolves: rhbz#2211605 - Fix access of Samba share with veto files = /.*/
resolves: rhbz#2207692 - Fix Python tarfile extraction to avoid a warning
[4.18.4-100]
resolves: rhbz#2190415 - Update to version 4.18.4
[4.18.3-100]
resolves: rhbz#2190415 - Update to version 4.18.3
[4.18.2-101]
resolves: rhbz#2187313 - Fix weak dependencies in BaseOS
[4.18.2-100]
resolves: rhbz#2190415 - Update to version 4.18.2
[4.17.5-104]
related: rhbz#2182163 - Rebuild for liburing rebase to version 2.3
[4.17.5-102]
resolves: rhbz#2169980 - Fix winbind memory leak
resolves: rhbz#2156056 - Fix Samba shares not accessible issue
[4.17.5-101]
resolves: rhbz#2168534 - Create package samba-tools
[4.17.5-100]
related: rhbz#2131993 - Update to version 4.17.5
[4.17.4-102]
related: rhbz#2131993 - Create package dc-libs also for ‘non-dc build’
[4.17.4-101]
related: rhbz#2131993 - Rebuild for MIT Kerberos 1.20.1
[4.17.4-100]
related: rhbz#2131993 - Update to version 4.17.4
resolves: rhbz#2154373 - Fix CVE-2022-38023
resolves: rhbz#2143196 - Fix %U include directive for share listing (netshareenum)
resolves: rhbz#2114884 - Fix id command to return new groups after successful user login
resolves: rhbz#2154885 - Fix Winbind to retrieve user groups from Active Directory
[4.17.2-103]
Always add epoch to samba_depver to fix osci.brew-build.rpmdeplint.functional
related: rhbz#2131993
[4.17.2-102]
Fix CVE-2022-1615 GnuTLS gnutls_rnd() can fail and give predictable random values
resolves: rhbz#2126175
[4.17.2-101]
resolves: rhbz#2131993 - Update to version 4.17.2
[4.16.4-101]
resolves: rhbz#2121317 - Do not require samba package in python3-samba
[4.16.4-100]
Rebase to version 4.16.4
resolves: rhbz#2108332 - Fix CVE-2022-32742
[ 4.16.3-101]
related: rhbz#2077487 - Rebase Samba to 4.16.3
resolves: rhbz#2097655 - The pcap background queue process should not be stopped
resolves: rhbz#2100105 - Fix net ads info LDAP server and LDAP server name
[4.16.2-102]
resolves: rhbz#2106279 - Fix crash in rpcd_classic
[4.16.2-101]
resolves: rhbz#2093833 - Fix weak dependency on logrotate
resolves: rhbz#2096813 - Fix printer displays only after 300 seconds timeout
[4.16.2-100]
Fix rpminspect abidiff
related: rhbz#2077487 - Rebase Samba to 4.16.2
[4.16.1-100]
resolves: rhbz#2077487 - Rebase Samba to the the latest 4.16.x release
[4.15.5-108]
resolves: rhbz#2078838 - Fix UPNs handling in lookup_name*() calls
[4.15.5-106]
resolves: rhbz#2065376 - Fix 'create krb5 conf = yes when a KDC has a single IP address.
resolves: rhbz#2076504 - PAM Kerberos authentication fails with a clock skew error
[4.15.5-105]
resolves: rhbz#2074891 - Fix username map for unix groups
[4.15.5-104]
resolves: rhbz#2057500 - Fix winbind kerberos ticket refresh
[4.15.5-103]
related: rhbz#2044231 - Fix typo in testparm output
[4.15.5-102]
resolves: rhbz#2044231 - Improve idmap autorid sanity checks and documentation
[4.15.5-101]
resolves: #2050111 - [RFE] Change change password change prompt phrasing
resolves: #2054110 - virusfilter_vfs_openat: Not scanned: Directory or special file
[4.15.5-100]
related: rhbz#2013578 - Rebase Samba to the the latest 4.15.x release
resolves: #2046129 - Fix CVE-2021-44141
resolves: #2046154 - Fix CVE-2021-44142
resolves: #2044405 - Fix printing no longer works on Windows 7
resolves: #2049485 - Fix systemd notifications
resolves: #2049604 - Disable NTLMSSP for ldap client connections
[4.15.4-100]
related: rhbz#2013578 - Rebase Samba to the the latest 4.15.x release
resolves: #2039154 - Fix CVE-2021-20316
resolves: #2044238 - Failed to authenticate users after upgrade samba package to release samba-4.14.5-7x
resolves: #2044239 - [smb] Segmentation fault when joining the domain
resolves: #2044241 - filename_convert_internal: open_pathref_fsp [xxx] failed: NT_STATUS_ACCESS_DENIED
resolves: #2044255 - Fix CVE-2021-43566
[4.15.3-1]
related: rhbz#2013578 - Rebase to Samba 4.15.3
resolves: rhbz#2028026 - Fix possible null pointer dereference in winbind
resolves: rhbz#2033317 - Winexe: Kerberos Auth is respected via --use-kerberos=desired
[4.15.2-3]
related: rhbz#2013578 - Remove unneeded lmdb dependency
[4.15.2-2]
resolves: rhbz#2019675 - Fix CVE-2020-25717
[4.15.2-2]
resolves: rhbz#2019669 - Fix CVE-2021-23192
[4.15.2-2]
resolves: rhbz#2019663 - Fix CVE-2016-2124
[4.15.2-1]
resolves: rhbz#2013578 - Rebase to Samba 4.15.2
[4.14.5-103]
resolves: rhbz#1980356 - Fix winbind restart on package upgrade

OSVersionArchitecturePackageVersionFilename
oracle linux9srcevolution-mapi< 3.40.1-6.el9evolution-mapi-3.40.1-6.el9.src.rpm
oracle linux9srcopenchange< 2.3-41.el9openchange-2.3-41.el9.src.rpm
oracle linux9srcopenchange< 2.3-41.el9openchange-2.3-41.el9.src.rpm
oracle linux9srcsamba< 4.18.6-100.el9samba-4.18.6-100.el9.src.rpm
oracle linux9srcsamba< 4.18.6-100.el9samba-4.18.6-100.el9.src.rpm
oracle linux9srcsamba< 4.18.6-100.el9samba-4.18.6-100.el9.src.rpm
oracle linux9srcsamba< 4.18.6-100.el9samba-4.18.6-100.el9.src.rpm
oracle linux9aarch64evolution-mapi< 3.40.1-6.el9evolution-mapi-3.40.1-6.el9.aarch64.rpm
oracle linux9noarchevolution-mapi-langpacks< 3.40.1-6.el9evolution-mapi-langpacks-3.40.1-6.el9.noarch.rpm
oracle linux9aarch64libnetapi< 4.18.6-100.el9libnetapi-4.18.6-100.el9.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	9	src	evolution-mapi	< 3.40.1-6.el9	evolution-mapi-3.40.1-6.el9.src.rpm
oracle linux	9	src	openchange	< 2.3-41.el9	openchange-2.3-41.el9.src.rpm
oracle linux	9	src	openchange	< 2.3-41.el9	openchange-2.3-41.el9.src.rpm
oracle linux	9	src	samba	< 4.18.6-100.el9	samba-4.18.6-100.el9.src.rpm
oracle linux	9	src	samba	< 4.18.6-100.el9	samba-4.18.6-100.el9.src.rpm
oracle linux	9	src	samba	< 4.18.6-100.el9	samba-4.18.6-100.el9.src.rpm
oracle linux	9	src	samba	< 4.18.6-100.el9	samba-4.18.6-100.el9.src.rpm
oracle linux	9	aarch64	evolution-mapi	< 3.40.1-6.el9	evolution-mapi-3.40.1-6.el9.aarch64.rpm
oracle linux	9	noarch	evolution-mapi-langpacks	< 3.40.1-6.el9	evolution-mapi-langpacks-3.40.1-6.el9.noarch.rpm
oracle linux	9	aarch64	libnetapi	< 4.18.6-100.el9	libnetapi-4.18.6-100.el9.aarch64.rpm