[slackware-security] samba (SSA:2022-351-01)
New samba packages are available for Slackware 15.0 and -current to fix security issues.
Läs mer...Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/samba-4.15.13-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of
Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac session keys for
use between modern clients and servers despite all modern Kerberos
implementations supporting the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy'
would force rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
This is the Samba CVE for the Windows Kerberos Elevation of Privilege
Vulnerability disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained delegation permission
could forge a more powerful ticket than the one it was presented with.
The "RC4" protection of the NetLogon Secure channel uses the same
algorithms as rc4-hmac cryptography in Kerberos, and so must also be
assumed to be weak.
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed
that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue
rc4-hmac encrypted tickets despite the target server supporting better
encryption (eg aes256-cts-hmac-sha1-96).
Note that there are several important behavior changes included in this
release, which may cause compatibility problems interacting with system
still expecting the former behavior.
Please read the advisories of CVE-2022-37966, CVE-2022-37967 and
CVE-2022-38023 carefully!
For more information, see:
https://www.samba.org/samba/security/CVE-2022-37966.html
https://www.samba.org/samba/security/CVE-2022-37967.html
https://www.samba.org/samba/security/CVE-2022-38023.html
https://www.samba.org/samba/security/CVE-2022-45141.html
https://www.cve.org/CVERecord?id=CVE-2022-37966
https://www.cve.org/CVERecord?id=CVE-2022-37967
https://www.cve.org/CVERecord?id=CVE-2022-38023
https://www.cve.org/CVERecord?id=CVE-2022-45141
(* Security fix *)
+--------------------------+
En liten kernel batch
6.0.14-rc1 med 16 uppdateringar/ändringar sedan 6.0.13
5.15.84-rc1 med 14 uppdateringar/ändringar sedan 5.15.83
5.10.160-rc med 15 uppdateringar/ändringar sedan 5.10.159
5.4.228-rc1 med 9 uppdateringar/ändringar sedan 5.4.227
Ovan listade kärnor släpptes tidigare idag. Länk för nedladdning samt ChangeLog finner du
till höger på sidan som vanligt...
Till höger finner du/ni länkar till senaste kärnorna.
Det slutade med RC2 för 5.10.159, innan den släpptes idag.
6.0.13 med 157 uppdateringar/ändringar sedan 6.0.12
5.15.83 med 123 uppdateringar/ändringar sedan 5.15.82
5.10.159 med 98 uppdateringar/ändringar sedan 5.10.158
5.4.227 med 66 uppdateringar/ändringar sedan 5.4.226
4.19.269 med 49 uppdateringar/ändringar sedan 4.19.268
4.14.302 med 38 uppdateringar/ändringar sedan 4.14.301
4.9.336 med 31 uppdateringar/ändringar sedan 4.9.335
ChangeLog etc till höger på sidan...
What's new in this release: - Bundled vkd3d upgraded to version 1.6. - Vulkan and OpenGL thunking optimizations. - More support for print processors. - Improved joystick control panel. - Long types printf format conversion finished. - Various bug fixes (52)
RSS resultat...
Till minne av Håkan Nilsson
Mitt Slackware
Appendix Programhantering