What Are You Looking For?

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-fff0c857d6
2023-10-27 01:10:52.863682
--------------------------------------------------------------------------------

Name        : samba
Product     : Fedora 37
Version     : 4.17.12
Release     : 1.fc37
URL         : https://www.samba.org
Summary     : Server and Client software to interoperate with Windows machines
Description :
Samba is the standard Windows interoperability suite of programs for Linux and
Unix.

--------------------------------------------------------------------------------
Update Information:

Update to 4.17.12 - Security fixes for CVE-2023-3961, CVE-2023-4091,
CVE-2023-4154,  CVE-2023-42669 and CVE-2023-42670
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 10 2023 Guenther Deschner  - 4.17.12-1
- Update to 4.17.12
- resolves: #2241881, #2243228: Security fix for CVE-2023-3961
- resolves: #2241882, #2243231: Security fix for CVE-2023-4091
- resolves: #2241883, #2243230: Security fix for CVE-2023-4154
- resolves: #2241884, #2243229: Security fix for CVE-2023-42669
- resolves: #2241885, #2243232: Security fix for CVE-2023-42670
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2241881 - CVE-2023-3961 samba: smbd allows client access to unix domain sockets on the file system as root
        https://bugzilla.redhat.com/show_bug.cgi?id=2241881
  [ 2 ] Bug #2241882 - CVE-2023-4091 samba: SMB clients can truncate files with read-only permissions
        https://bugzilla.redhat.com/show_bug.cgi?id=2241882
  [ 3 ] Bug #2241883 - CVE-2023-4154 samba: AD DC password exposure to privileged users and RODCs
        https://bugzilla.redhat.com/show_bug.cgi?id=2241883
  [ 4 ] Bug #2241884 - CVE-2023-42669 samba: "rpcecho" development server allows denial of service via sleep() call on AD DC
        https://bugzilla.redhat.com/show_bug.cgi?id=2241884
  [ 5 ] Bug #2241885 - CVE-2023-42670 samba: AD DC Busy RPC multiple listener DoS
        https://bugzilla.redhat.com/show_bug.cgi?id=2241885
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-fff0c857d6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 37: samba 2023-fff0c857d6

October 27, 2023
Update to 4.17.12 - Security fixes for CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670

Summary

Samba is the standard Windows interoperability suite of programs for Linux and

Unix.

Update Information:

Update to 4.17.12 - Security fixes for CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670

Change Log

* Tue Oct 10 2023 Guenther Deschner - 4.17.12-1 - Update to 4.17.12 - resolves: #2241881, #2243228: Security fix for CVE-2023-3961 - resolves: #2241882, #2243231: Security fix for CVE-2023-4091 - resolves: #2241883, #2243230: Security fix for CVE-2023-4154 - resolves: #2241884, #2243229: Security fix for CVE-2023-42669 - resolves: #2241885, #2243232: Security fix for CVE-2023-42670

References

[ 1 ] Bug #2241881 - CVE-2023-3961 samba: smbd allows client access to unix domain sockets on the file system as root https://bugzilla.redhat.com/show_bug.cgi?id=2241881 [ 2 ] Bug #2241882 - CVE-2023-4091 samba: SMB clients can truncate files with read-only permissions https://bugzilla.redhat.com/show_bug.cgi?id=2241882 [ 3 ] Bug #2241883 - CVE-2023-4154 samba: AD DC password exposure to privileged users and RODCs https://bugzilla.redhat.com/show_bug.cgi?id=2241883 [ 4 ] Bug #2241884 - CVE-2023-42669 samba: "rpcecho" development server allows denial of service via sleep() call on AD DC https://bugzilla.redhat.com/show_bug.cgi?id=2241884 [ 5 ] Bug #2241885 - CVE-2023-42670 samba: AD DC Busy RPC multiple listener DoS https://bugzilla.redhat.com/show_bug.cgi?id=2241885

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-fff0c857d6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : samba
Product : Fedora 37
Version : 4.17.12
Release : 1.fc37
URL : https://www.samba.org
Summary : Server and Client software to interoperate with Windows machines

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Kali vs. ParrotOS: 2 Versatile Linux Distros for Security Pros

Dec 9, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo