Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 38: 2023-76c06c8576 Critical: Samba Server Security Fixes

fedora
Calendar Grey July 22, 2023
Dist Fedora Esm H88
Explore the Fedora 38 Samba security alert highlighting essential patches for various CVEs that address major server vulnerabilities to enhance security and integrity
Update to version 4.18.5, Security fixes for CVE-2022-2127, CVE-2023-3347, CVE-2023-34966, CVE-2023-34967 and CVE-2023-34968

Summary

Samba is the standard Windows interoperability suite of programs for Linux and

Unix.

Update to version 4.18.5, Security fixes for CVE-2022-2127, CVE-2023-3347,

CVE-2023-34966, CVE-2023-34967 and CVE-2023-34968

* Thu Jul 20 2023 Guenther Deschner - 4.18.5-0

- resolves: #2224040 - Update to version 4.18.5

- resolves: #2222791, #2224254 - Security fix for CVE-2022-2127

- resolves: #2222792, #2224255 - Security fix for CVE-2023-3347

- resolves: #2222793, #2224253 - Security fix for CVE-2023-34966

- resolves: #2222794, #2224252 - Security fix for CVE-2023-34967

- resolves: #2222795, #2224250 - Security fix for CVE-2023-34968

[ 1 ] Bug #2222791 - CVE-2022-2127 samba: out-of-bounds read in winbind AUTH_CRAP

https://bugzilla.redhat.com/show_bug.cgi?id=2222791

[ 2 ] Bug #2222792 - CVE-2023-3347 samba: SMB2 packet signing is not enforced when "server signing = required" is set

https://bugzilla.redhat.com/show_bug.cgi?id=2222792

[ 3 ] Bug #2222793 - CVE-2023-34966 samba: infinite loop in mdssvc RPC service for spotlight

https://bugzilla.redhat.com/show_bug.cgi?id=2222793

[ 4 ] Bug #2222794 - CVE-2023-34967 samba: type confusion in mdssvc RPC service for spotlight

https://bugzilla.redhat.com/show_bug.cgi?id=2222794

[ 5 ] Bug #2222795 - CVE-2023-34968 samba: spotlight server-side share path disclosure

https://bugzilla.redhat.com/show_bug.cgi?id=2222795

This update can be installed with the "dnf" update program. Use

su -c 'dnf upgrade --advisory FEDORA-2023-76c06c8576' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory security update Fedora samba critical fix server issue CVE-2022-2127

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: samba
Product: Fedora 38
Version: 4.18.5
Release: 0.fc38
URL:
Summary: Server and Client software to interoperate with Windows machines

Topics%20covered

Topics Covered

security advisory security update Fedora samba critical fix server issue CVE-2022-2127

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here