Accepted samba 2:4.17.12+dfsg-0+deb12u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted samba 2:4.17.12+dfsg-0+deb12u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 12 Oct 2023 06:32:33 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: samba_4.17.12+dfsg-0+deb12u1_source.changes
- Debian-source: samba
- Debian-suite: proposed-updates
- Debian-version: 2:4.17.12+dfsg-0+deb12u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=PdbLwOjdy8CChKjgzuoS3QzJD+zxC5WFs+HHnIOPJMg=; b=XaEeSZEh8CbhPM5XvdvdkLh9VR r1LxXgk2vWwacuK126KG+elUdPqs5hWu+N4WvwVkyV/hymhAn/ZaZsTLtFRcEVQbdMmm5SNUQ+UCH +M6SAQl8c702xi8hh9wBIbginQMzgPnXT+SOqJVhOlaF4aHdKhKcXbzs1fNN8C7YIFk+eBu9h9TP0 eCpgeRgRquNGvxB7Zozb6mL2b7GoAAAEFebP0Lb0XIRtpSwqxueW4cUIIgFYahBru2G6wn5WOOp/q 7Ew8c6E72S+26+POr+P+hNunlZxSD4sEEMWFQG8yODJX222bnLc6/sAA96wpuvM15r7T6GvPZdQFF N15OICPA==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qqpFJ-002XdW-2m@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 10 Oct 2023 18:17:19 +0300
Source: samba
Architecture: source
Version: 2:4.17.12+dfsg-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Changes:
samba (2:4.17.12+dfsg-0+deb12u1) bookworm-security; urgency=medium
.
* new stable security bugfix release:
o CVE-2023-3961: https://www.samba.org/samba/security/CVE-2023-3961.html
Unsanitized pipe names allow SMB clients to connect as root
to existing unix domain sockets on the file system.
o CVE-2023-4091: https://www.samba.org/samba/security/CVE-2023-4091.html
SMB client can truncate files to 0 bytes by opening files with OVERWRITE
disposition when using the acl_xattr Samba VFS module with the smb.conf
setting "acl_xattr:ignore system acls = yes"
o CVE-2023-4154: https://www.samba.org/samba/security/CVE-2023-4154.html
An RODC and a user with the GET_CHANGES right can view all attributes,
including secrets and passwords. Additionally, the access check fails
open on error conditions.
o CVE-2023-42669: https://www.samba.org/samba/security/CVE-2023-42669.html
Calls to the rpcecho server on the AD DC can request that the server
block for a user-defined amount of time, denying service.
o CVE-2023-42670: https://www.samba.org/samba/security/CVE-2023-42670.html
Samba can be made to start multiple incompatible RPC listeners,
disrupting service on the AD DC.
Checksums-Sha1:
75bca6c05066d1d95167cc137ddd01aa2b926c3c 4466 samba_4.17.12+dfsg-0+deb12u1.dsc
89bb8e1416f7ce856342523920da888dab72c43e 18223156 samba_4.17.12+dfsg.orig.tar.xz
e649c6a1e95162b0efa333c7cf54d6bc80904531 272776 samba_4.17.12+dfsg-0+deb12u1.debian.tar.xz
f4ce7a0504f04ef38d0f73e83266cb52ce2eb483 6308 samba_4.17.12+dfsg-0+deb12u1_source.buildinfo
Checksums-Sha256:
30616f6b04bfb0d2878c61cd9295d79dd6cea5a05c529dc387b0ad135dbaf888 4466 samba_4.17.12+dfsg-0+deb12u1.dsc
d01f7df9a7dca56ce3b145ee9f887ebd138665a76b61b99208044a8f43e9931d 18223156 samba_4.17.12+dfsg.orig.tar.xz
5ef5245bab0b690cd1ca4a20315d008795b1090a9b792922ac4f6796b618169d 272776 samba_4.17.12+dfsg-0+deb12u1.debian.tar.xz
b18fef8981cdf942f19bd648cafe2933063c5739e1c9e78eaa019fccad7750dd 6308 samba_4.17.12+dfsg-0+deb12u1_source.buildinfo
Files:
5a307458004b7873958d9f277aceccba 4466 net optional samba_4.17.12+dfsg-0+deb12u1.dsc
d8ac9891eac4590603f43c0cec81d240 18223156 net optional samba_4.17.12+dfsg.orig.tar.xz
dc4fa65762d9938b63b6d2e64eff6c92 272776 net optional samba_4.17.12+dfsg-0+deb12u1.debian.tar.xz
d9a4344c7e8bed5d5bebdeb8b4d09b16 6308 net optional samba_4.17.12+dfsg-0+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmUlbLUPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5Zo8MH/0qmnDFp6m4df8hGPM3wInyfXGOBW0KAiw8y
xf+2cLj2rHaMWy8aXM4a6EOt2zKKio1Xyr4r8sEBGPVrw9qjL4xclv3IGE6sLGCC
zkeNlmxZXXUamZ+3Y1siGHot/8DmKVbR+C+tb6Gg0tg96SYSZ6NuL7SO9o8Nfcxd
28jtz6gWjH6Zkr8P3jEBtRXoUPrjW0FfHXNaC7zrSZHpxTwQF3jC3XBGrt6OebXJ
LWhHrgtuQTzybnrUhJbDmHh6RBjiFXiNGmqb6pluTfiXHlZjZ6G7f5to0w6RCm9W
2G3ln7UZUb/XQM/Q5aQ21T3UtAS0oxRZdJVAF4ABQawwDakbg6M=
=GTKe
-----END PGP SIGNATURE-----