oss-sec mailing list archives
Samba 4.15.5, 4.14.12, 4.13.17 Security Releases
From: John Helmert III <jchelmert3 () posteo net>
Date: Tue, 01 Feb 2022 02:23:33 +0000
CVE-2021-44142 is particularly nasty, "This vulnerability allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit." ----- Forwarded message from Jule Anger via samba-announce <samba-announce () lists samba org> ----- Return-Path: <samba-announce-bounces () lists samba org> Date: Mon, 31 Jan 2022 14:04:39 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: [Announce] Samba 4.15.5, 4.14.12, 4.13.17 Security Releases are available for Download To: samba-announce () lists samba org, samba () lists samba org, samba-technical () lists samba org List-Id: Low volume list for Samba announcements <samba-announce.lists.samba.org> From: Jule Anger via samba-announce <samba-announce () lists samba org> Reply-To: Jule Anger <janger () samba org> Sender: samba-announce <samba-announce-bounces () lists samba org> Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target of a symlink exists. https://www.samba.org/samba/security/CVE-2021-44141.html o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module. https://www.samba.org/samba/security/CVE-2021-44142.html o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks. https://www.samba.org/samba/security/CVE-2022-0336.html Changes ------- o Jeremy Allison <jra () samba org> * BUG 14911: CVE-2021-44141 o Ralph Boehme <slow () samba org> * BUG 14914: CVE-2021-44142 o Joseph Sutton <josephsutton () catalyst net nz> * BUG 14950: CVE-2022-0336 ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.libera.chat or the #samba-technical:matrix.org matrix channel. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.1 and newer product in the project's Bugzilla database (https://bugzilla.samba.org/). ====================================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ====================================================================== ================ Download Details ================ The uncompressed tarballs and patch files have been signed using GnuPG (ID AA99442FB680B620). The source code can be downloaded from: https://download.samba.org/pub/samba/stable/ The release notes are available online at: https://www.samba.org/samba/history/samba-4.15.5.html https://www.samba.org/samba/history/samba-4.14.12.html https://www.samba.org/samba/history/samba-4.13.17.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team ----- End forwarded message -----
Attachment:
signature.asc
Description:
Current thread:
- Samba 4.15.5, 4.14.12, 4.13.17 Security Releases John Helmert III (Jan 31)