Several security issues were fixed in Samba.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
It was discovered that Samba incorrectly handled the bad password count
logic. A remote attacker could possibly use this issue to bypass bad
passwords lockouts. This issue was only addressed in Ubuntu 22.10.
(CVE-2021-20251)
Evgeny Legerov discovered that Samba incorrectly handled buffers in
certain GSSAPI routines of Heimdal. A remote attacker could possibly use
this issue to cause Samba to crash, resulting in a denial of service.
(CVE-2022-3437)
Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos
keys. A remote attacker could possibly use this issue to elevate
privileges. (CVE-2022-37966, CVE-2022-37967)
It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon Secure
Channel. A remote attacker could possibly use this issue to elevate
privileges. (CVE-2022-38023)
Greg Hudson discover...
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: samba 2:4.16.8+dfsg-0ubuntu1 Ubuntu 22.04 LTS: samba 2:4.15.13+dfsg-0ubuntu1 Ubuntu 20.04 LTS: samba 2:4.13.17~dfsg-0ubuntu1.20.04.4 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-5822-1
CVE-2021-20251, CVE-2022-3437, CVE-2022-37966, CVE-2022-37967,
CVE-2022-38023, CVE-2022-42898, CVE-2022-45141
Get the latest Linux and open source security news straight to your inbox.