[Pkg-samba-maint] Bug#1041043: Bug#1041043: samba domain netlogon broken after windows 10/11 Jul-2023 update
Michael Tokarev
mjt at tls.msk.ru
Thu Jul 20 20:46:38 BST 2023
20.07.2023 18:04, Heil, Stefan пишет:
> Dear list / Samba maintainers,
>
> Will the fix for this also make it into Bullseye / Samba 4.13? If so,
> is there a (tentative) ETA?
Please do not use 4.13. It is dead. I especially do *not* want to
backport this bugfix to bullseye samba, because it will give false
sense of security.
See also:
https://lists.debian.org/debian-security-announce/2021/msg00201.html
In short: running samba which released in bullseye as an AD-DC is
not supported already because that version had numerous other security
issues. And the issue we have with jul-23 win updates is about the ad-dc.
Samba 4.16 had a major rewrite of some core components (eg vfs has been
basically rewritten) exactly to fix other security issues, and further
vital fixes for the domain components are based on that.
> I'm wondering if we can wait for the fix or if I need to install it
> from bullseye-backports, which I am trying to avoid, if possible.
bullseye-backports already has the fixed version, and recent (jul-19)
security release of samba is on the way to bullseye-backports too as
I write this. Samba in backports is in excellent shape, it is
uncomparable to what we have in bullseye.
/mjt
More information about the Pkg-samba-maint
mailing list