Univention Bugzilla – Bug 55276
samba: Security issue (4.4)
Last modified: 2022-10-25 14:36:31 CEST
r19710 | New upstream patch I took the upstream patch for 4.15 and had to adjust a few of patch contexts. Compared it also to the upstream patch for 4.12 which has been made available later. Package: samba Version: 2:4.10.18-1A~4.4.0.202208101445 Branch: ucs_4.4-0 Scope: errata4.4-9
19711 | adjust for 4.10 (pre 6107c79c90fd) Package: samba Version: 2:4.10.18-1A~4.4.0.202210171600 Branch: ucs_4.4-0 Scope: errata4.4-9
The fix at this bug is for the security issue: CVE-2022-3437 Heimdal des/des3 overflow At the same time another issue will be disclosed and released. But that issue only affects samba 4.17, which means that UCS is not affected: CVE-2022-3592 A malicious client can use a symlink to escape the exported directory
OK: 98_CVE-2022-3437-des3-overflow-v4a-4.10.quilt OK: patch applied during build, samba 2:4.10.18-1A~4.4.0.202210171600 OK: Tests We need an advisory for the release
Created attachment 10999 [details] advisory
OK: Advisory Verified
<https://errata.software-univention.de/#/?erratum=4.4x1325>