Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 37: FEDORA-2023-fff0c857d6 Critical Samba Denial Of Service

fedora
Calendar Grey October 27, 2023
Dist Fedora Esm H88
Important notice: Fedora has released update FEDORA-2023-abc1234567 to resolve significant vulnerabilities in Samba. Ensure your system is updated promptly!
Update to 4.17.12 - Security fixes for CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670

Summary

Samba is the standard Windows interoperability suite of programs for Linux and

Unix.

Update Information:

Update to 4.17.12 - Security fixes for CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670

Topics%20covered

Topics Covered

security advisory denial of service critical issue Fedora samba

Change Log

* Tue Oct 10 2023 Guenther Deschner - 4.17.12-1 - Update to 4.17.12 - resolves: #2241881, #2243228: Security fix for CVE-2023-3961 - resolves: #2241882, #2243231: Security fix for CVE-2023-4091 - resolves: #2241883, #2243230: Security fix for CVE-2023-4154 - resolves: #2241884, #2243229: Security fix for CVE-2023-42669 - resolves: #2241885, #2243232: Security fix for CVE-2023-42670

References


[ 1 ] Bug #2241881 - CVE-2023-3961 samba: smbd allows client access to unix domain sockets on the file system as root https://bugzilla.redhat.com/show_bug.cgi?id=2241881 [ 2 ] Bug #2241882 - CVE-2023-4091 samba: SMB clients can truncate files with read-only permissions https://bugzilla.redhat.com/show_bug.cgi?id=2241882 [ 3 ] Bug #2241883 - CVE-2023-4154 samba: AD DC password exposure to privileged users and RODCs https://bugzilla.redhat.com/show_bug.cgi?id=2241883 [ 4 ] Bug #2241884 - CVE-2023-42669 samba: "rpcecho" development server allows denial of service via sleep() call on AD DC https://bugzilla.redhat.com/show_bug.cgi?id=2241884 [ 5 ] Bug #2241885 - CVE-2023-42670 samba: AD DC Busy RPC multiple listener DoS https://bugzilla.redhat.com/show_bug.cgi?id=2241885

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-fff0c857d6' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: samba
Product: Fedora 37
Version: 4.17.12
Release: 1.fc37
URL:
Summary: Server and Client software to interoperate with Windows machines

Topics%20covered

Topics Covered

security advisory denial of service critical issue Fedora samba

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here