[Git][security-tracker-team/security-tracker][master] give more info about regressions in some CVE related to samba/bullseye-and-older
Santiago R.R. (@santiago)
santiago at debian.org
Fri Dec 1 14:30:49 GMT 2023
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9bc9aafe by Santiago Ruano Rincón at 2023-12-01T11:30:06-03:00
give more info about regressions in some CVE related to samba/bullseye-and-older
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -77177,6 +77177,8 @@ CVE-2022-42898 (PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.
NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c
NOTE: Heimdal: https://github.com/heimdal/heimdal/commit/0c56257bdac80da015878fffdb0f8a42b8d73246 (heimdal-7.7.1)
NOTE: Heimdal regression: https://github.com/heimdal/heimdal/pull/1025
+ NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243
+ NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthe ...)
NOT-FOR-US: Array Networks
CVE-2022-3478 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -77756,7 +77758,8 @@ CVE-2022-3437 (A heap-based buffer overflow vulnerability was found in Samba wit
NOTE: https://github.com/heimdal/heimdal/commit/c8407ca079294d76a5ed140ba5b546f870d23ed2 (heimdal-7.7.1)
NOTE: https://github.com/heimdal/heimdal/commit/8fb508a25a6a47289c73e3f4339352a73a396eef (heimdal-7.7.1)
NOTE: In scope for continued Samba support
- NOTE: Important risk of regression in samba/bullseye (4.13)
+ NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243
+ NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
CVE-2021-46845
RESERVED
CVE-2020-36606
@@ -90562,6 +90565,8 @@ CVE-2022-38024
CVE-2022-38023 (Netlogon RPC Elevation of Privilege Vulnerability)
- samba 2:4.17.4+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2022-38023.html
+ NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243
+ NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
CVE-2022-38022 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
NOT-FOR-US: Microsoft
CVE-2022-38021 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...)
@@ -90677,9 +90682,13 @@ CVE-2022-37967 (Windows Kerberos Elevation of Privilege Vulnerability)
[bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
[buster] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5015-1)
NOTE: https://www.samba.org/samba/security/CVE-2022-37967.html
+ NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243
+ NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
CVE-2022-37966 (Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability)
- samba 2:4.17.4+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2022-37966.html
+ NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243
+ NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
CVE-2022-37965 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...)
NOT-FOR-US: Microsoft
CVE-2022-37964 (Windows Kernel Elevation of Privilege Vulnerability)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bc9aafed627e43086d1ed7387da2e7bd0e1f843
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bc9aafed627e43086d1ed7387da2e7bd0e1f843
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231201/7a1b1cc8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list