Bug 55407 - samba: Security issue (4.4)
Summary: samba: Security issue (4.4)
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Security updates
Version: UCS 4.4
Hardware: Other Linux
: P5 normal
Target Milestone: UCS 4.4-9-errata
Assignee: Arvid Requate
QA Contact: Julia Bremer
URL: https://bugzilla.samba.org/show_bug.c...
Keywords:
Depends on: 55406
Blocks:
  Show dependency treegraph
 
Reported: 2022-11-09 20:07 CET by Arvid Requate
Modified: 2024-11-21 09:24 CET (History)
2 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Customer ID:
Max CVSS v3 score: 6.4
requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2022-11-09 20:07:56 CET 
+++ This bug was initially created as a clone of Bug #55406 +++

Samba security update announced for Tuesday, November 15 2022.
Comment 1 Arvid Requate univentionstaff 2022-11-09 20:59:51 CET 
I picked the upstream patch for 4.15, which applied without changes to our version currently in errata4.4-9:

r19724 | New upsteam patch 98_CVE-2022-42898-pac-parse-overflow.quilt

Package: samba
Version: 2:4.10.18-1A~4.4.0.202211092009
Branch: ucs_4.4-0
Scope: errata4.4-9

0599d18431 | Preliminary advisory

Please reopen after QA for final advisory.
Comment 2 Julia Bremer univentionstaff 2022-11-10 22:35:47 CET 
Jenkins tests: OK
Upgrade: OK 
Windows client join: OK 
Patch cleanly applied: OK 
Verified 

TODO: advisory
Comment 3 Arvid Requate univentionstaff 2022-11-15 17:07:40 CET 
3dc91463a7 | Updated advisory
Comment 4 Julia Bremer univentionstaff 2022-11-15 17:38:00 CET 
Advisory:OK 
Verified