------------------------------------------------------------------------- Debian LTS Advisory DLA-3792-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Santiago Ruano Rincón April 22, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : samba Version : 2:4.9.5+dfsg-5+deb10u5 CVE ID : CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 CVE-2022-2127 CVE-2022-3437 CVE-2022-32742 CVE-2023-4091 Several vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server for Unix CVE-2020-14318 Missing handle permissions check in ChangeNotify CVE-2020-14323 Unprivileged user can crash winbind via invalid lookupsids DoS CVE-2020-14383 DNS server crash via invalid records resulting from uninitialized variables CVE-2022-2127 Out-of-bounds read in winbind AUTH_CRAP CVE-2022-3437 Heimdal des/des3 heap-based buffer overflow CVE-2022-32742 Server memory information leak via SMB1 CVE-2023-4091 Client can truncate files even with read-only permissions For Debian 10 buster, these problems have been fixed in version 2:4.9.5+dfsg-5+deb10u5. We recommend that you upgrade your samba packages. For the detailed security status of samba please refer to its security tracker page at: https://security-tracker.debian.org/tracker/samba Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature