Samba 4.17.4, 4.16.8 and 4.15.13 Security Releases are available for Download
This are security releases in order to address the following defects:
o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
RC4-HMAC Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac
session keys for use between modern clients and servers
despite all modern Kerberos implementations supporting
the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy' would force
rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
https://www.samba.org/samba/security/CVE-2022-37966.html
o CVE-2022-37967: This is the Samba CVE for the Windows
Kerberos Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained
delegation permission could forge a more powerful
ticket than the one it was presented with.
https://www.samba.org/samba/security/CVE-2022-37967.html
o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel
uses the
same algorithms as rc4-hmac cryptography in Kerberos,
and so must also be assumed to be weak.
https://www.samba.org/samba/security/CVE-2022-38023.html
o CVE-2022-45141: Since the Windows Kerberos RC4-HMAC Elevation of Privilege
Vulnerability was disclosed by Microsoft on Nov 8 2022
and per RFC8429 it is assumed that rc4-hmac is weak,
Vulnerable Samba Active Directory DCs will issue rc4-hmac
encrypted tickets despite the target server supporting
better encryption (eg aes256-cts-hmac-sha1-96).
https://www.samba.org/samba/security/CVE-2022-45141.htmlChanges
-------
o Jeremy Allison
* BUG 15224: pam_winbind uses time_t and pointers assuming they are
of the
same size.
o Andrew Bartlett
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong
entry.
* BUG 15237: CVE-2022-37966.
* BUG 15258: filter-subunit is inefficient with large numbers of
knownfails.
o Ralph Boehme
* BUG 15240: CVE-2022-38023.
* BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on
directories.
o Stefan Metzmacher
* BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes
differs from
Windows.
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not
incremented
atomically.
* BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing
vulnerability.
* BUG 15206: libnet: change_password() doesn't work with
dcerpc_samr_ChangePasswordUser4().
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong
entry.
* BUG 15230: Memory leak in snprintf replacement functions.
* BUG 15237: CVE-2022-37966.
* BUG 15240: CVE-2022-38023.
* BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC
(CVE-2021-20251 regression).
o Noel Power
* BUG 15224: pam_winbind uses time_t and pointers assuming they are
of the
same size.
o Anoop C S
* BUG 15198: Prevent EBADF errors with vfs_glusterfs.
o Andreas Schneider
* BUG 15237: CVE-2022-37966.
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15257: Stack smashing in net offlinejoin requestodj.
o Joseph Sutton
* BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong
entry.
* BUG 15231: CVE-2022-37967.
* BUG 15237: CVE-2022-37966.
o Nicolas Williams
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.libera.chat or the
#samba-technical:matrix.org matrix channel.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database ( https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
================
Download Details
================
The uncompressed tarballs and patch files have been signed
using GnuPG (ID AA99442FB680B620). The source code can be downloaded
from:
https://download.samba.org/pub/samba/stable/
The release notes are available online at:
https://www.samba.org/samba/history/samba-4.17.4.html
https://www.samba.org/samba/history/samba-4.16.8.html
https://www.samba.org/samba/history/samba-4.15.13.html
Our Code, Our Bugs, Our Responsibility.
( https://bugzilla.samba.org/)
--Enjoy
The Samba Team
Samba 4.17.4, 4.16.8, and 4.15.13 have been released, in order to fix four security flaws. Samba is the standard Windows interoperability suite of programs for Linux and Unix.
