Bug 55407 – samba: Security issue (4.4)

Bug 55407 - samba: Security issue (4.4)


Summary:	samba: Security issue (4.4)

Status:	VERIFIED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.4-9-errata
Assigned To:	Arvid Requate
QA Contact:	Julia Bremer

URL:	https://bugzilla.samba.org/show_bug.c...
Keywords:

Depends on:	55406
Blocks:
	Show dependency tree / graph

Reported:	2022-11-09 20:07 CET by Arvid Requate
Modified:	2022-11-15 17:43 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Max CVSS v3 score:	6.4

Flags:	requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2022-11-09 20:07:56 CET

+++ This bug was initially created as a clone of Bug #55406 +++

Samba security update announced for Tuesday, November 15 2022.

Comment 1 Arvid Requate

2022-11-09 20:59:51 CET

I picked the upstream patch for 4.15, which applied without changes to our version currently in errata4.4-9:

r19724 | New upsteam patch 98_CVE-2022-42898-pac-parse-overflow.quilt

Package: samba
Version: 2:4.10.18-1A~4.4.0.202211092009
Branch: ucs_4.4-0
Scope: errata4.4-9

0599d18431 | Preliminary advisory

Please reopen after QA for final advisory.

Comment 2 Julia Bremer

2022-11-10 22:35:47 CET

Jenkins tests: OK
Upgrade: OK 
Windows client join: OK 
Patch cleanly applied: OK 
Verified 

TODO: advisory

Comment 3 Arvid Requate

2022-11-15 17:07:40 CET

3dc91463a7 | Updated advisory

Comment 4 Julia Bremer

2022-11-15 17:38:00 CET

Advisory:OK 
Verified