Menü Schließen

Samba 4.18.5 Security Release

JARVIS 0 Kommentare
Samba Logo

Die Entwickler des beliebten Open-Source Dateiserver und Domaincontroller für Linux, haben das Update 4.18.5 veröffentlicht. Das Samba Update ist ein Security Release und schließt 5 Sicherheitslücken.

Amazon: Samba4 Das Praxisbuch für Admins

Amazon: Linux Server Das umfassende …

Amazon: Samba4 Das Handbuch für Admins

Amazon: Samba A File & Print Server for…

Samba 4.18.5 Release Notes

  • CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html
  • CVE-2023-3347: SMB2 packet signing is not enforced if an admin configured „server signing = required“ or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. https://www.samba.org/samba/security/CVE-2023-3347.html
  • CVE-2023-34966: An infinite loop bug in Samba’s mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. https://www.samba.org/samba/security/CVE-2023-34966.html
  • CVE-2023-34967: Missing type validation in Samba’s mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. https://www.samba.org/samba/security/CVE-2023-34967.html
  • CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-side absolute path of shares and files and directories in search results. https://www.samba.org/samba/security/CVE-2023-34968.html

Quelle: Samba 4.18.5 – Release Notes

Verschlagwortet , , , , , ,

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert