<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-networking/recipes-connectivity/samba, branch kirkstone-next</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2024-02-07T23:41:41+00:00</updated>
<entry>
<title>samba: fix CVE-2023-0922</title>
<updated>2024-02-07T23:41:41+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2024-01-25T10:04:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=c5008af2c57a215d3394af1e96b33fc173dd984e'/>
<id>urn:sha1:c5008af2c57a215d3394af1e96b33fc173dd984e</id>
<content type='text'>
The Samba AD DC administration tool, when operating against a remote LDAP server,
will by default send new or reset passwords over a signed-only connection.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-0922

Upstream patches:
https://github.com/samba-team/samba/commit/04e5a7eb03a

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>samba: fix CVE-2018-14628</title>
<updated>2024-02-07T23:41:41+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2024-01-16T14:11:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=dbb7b798f96ab652628743ceb6c7eaa9b593121d'/>
<id>urn:sha1:dbb7b798f96ab652628743ceb6c7eaa9b593121d</id>
<content type='text'>
An information leak vulnerability was discovered in Samba's LDAP server.
Due to missing access control checks, an authenticated but unprivileged
attacker could discover the names and preserved attributes of deleted
objects in the LDAP store.

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>samba: fix CVE-2023-42669</title>
<updated>2024-01-12T12:14:16+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-11-22T04:55:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=9843839b2374e02fa9e7c998fd8d642b1c0626f9'/>
<id>urn:sha1:9843839b2374e02fa9e7c998fd8d642b1c0626f9</id>
<content type='text'>
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows
RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems
from an RPC function that can be blocked indefinitely. The issue arises because
the "rpcecho" service operates with only one worker in the main RPC task, allowing
calls to the "rpcecho" server to be blocked for a specified time, causing service
disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()"
function under specific conditions. Authenticated users or attackers can exploit this
vulnerability to make calls to the "rpcecho" server, requesting it to block for a
specified duration, effectively disrupting most services and leading to a complete
denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs
in the main RPC task.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-42669

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>samba: fix CVE-2023-4091</title>
<updated>2023-12-13T18:35:51+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-11-23T06:13:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=ad3dc46c878ae8bd90e720c672d159fe5763dbe3'/>
<id>urn:sha1:ad3dc46c878ae8bd90e720c672d159fe5763dbe3</id>
<content type='text'>
A vulnerability was discovered in Samba, where the flaw allows SMB clients to
truncate files, even with read-only permissions when the Samba VFS module
"acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB
protocol allows opening files when the client requests read-only access but
then implicitly truncates the opened file to 0 bytes if the client specifies
a separate OVERWRITE create disposition request. The issue arises in configurations
that bypass kernel file system permissions checks, relying solely on Samba's permissions.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4091

Fix is patched to the function call smbd_check_access_rights_fsp() of open_file(),
But in samba_4.14.14 smbd_check_access_rights() is used, from samba_4.15.0 onwards
smbd_check_access_rights() was replaced with smbd_check_access_rights_fsp() and
samba_4.14.14 is still vulnerable through smbd_check_access_rights().

Ref:
https://github.com/samba-team/samba/commit/3f61369d153419158c0f223e6f81c0bb07275833
https://github.com/samba-team/samba/commit/26dc10bdb2cff3eece4a2874931b4058f9f87d68

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>samba: fix CVE-2023-34968</title>
<updated>2023-10-17T12:42:14+00:00</updated>
<author>
<name>Polampalli, Archana</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-10-03T11:47:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=baf6153112e416cf2fe05351a1b007d88f0ef1a4'/>
<id>urn:sha1:baf6153112e416cf2fe05351a1b007d88f0ef1a4</id>
<content type='text'>
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol,
Samba discloses the server-side absolute path of shares, files, and directories in the
results for search queries. This flaw allows a malicious client or an attacker with a
targeted RPC request to view the information that is part of the disclosed path.

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>samba:fix CVE-2023-34967</title>
<updated>2023-10-17T12:41:58+00:00</updated>
<author>
<name>Polampalli, Archana</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-09-29T17:43:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=bbe79e4f1787b97ec6c227720ffee06a690e2ab5'/>
<id>urn:sha1:bbe79e4f1787b97ec6c227720ffee06a690e2ab5</id>
<content type='text'>
Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>samba: fix CVE-2022-2127</title>
<updated>2023-10-17T12:41:21+00:00</updated>
<author>
<name>Polampalli, Archana</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-09-29T17:43:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=112397bdfe59c9479309d3838a34fc2ef579c44f'/>
<id>urn:sha1:112397bdfe59c9479309d3838a34fc2ef579c44f</id>
<content type='text'>
Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>samba: fix CVE-2023-34966</title>
<updated>2023-10-17T12:40:46+00:00</updated>
<author>
<name>Polampalli, Archana</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-09-29T17:43:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=2715358a3d7e134ae7e2dc689f40c4fdd47f6d4f'/>
<id>urn:sha1:2715358a3d7e134ae7e2dc689f40c4fdd47f6d4f</id>
<content type='text'>
Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>samba: fix CVE-2021-44758</title>
<updated>2023-06-17T18:22:30+00:00</updated>
<author>
<name>Polampalli, Archana</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-06-16T12:21:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=5790310da3eeed427d8911905ede545386db35a0'/>
<id>urn:sha1:5790310da3eeed427d8911905ede545386db35a0</id>
<content type='text'>
Heimdal before 7.7.1 allows attackers to cause a NULL pointer
dereference in a SPNEGO acceptor via a preferred_mech_type of
GSS_C_NO_OID and a nonzero initial_response value to send_accept.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-44758

Upstream patches:
https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>samba: fix CVE-2022-41916</title>
<updated>2023-06-17T18:22:25+00:00</updated>
<author>
<name>Polampalli, Archana</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-06-16T12:20:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=0393024cc5ccbe2575ca1f0db0af56c5682a7ce4'/>
<id>urn:sha1:0393024cc5ccbe2575ca1f0db0af56c5682a7ce4</id>
<content type='text'>
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos.
Versions prior to 7.7.1 are vulnerable to a denial of service
vulnerability in Heimdal's PKI certificate validation library,
affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as
any third-party applications using Heimdal's libhx509. Users
should upgrade to Heimdal 7.7.1 or 7.8. There are no known
workarounds for this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-41916

Upstream patches:
https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
