[Git][security-tracker-team/security-tracker][master] give more info about regressions in some CVE related to samba/bullseye-and-older

Fri Dec 1 14:30:49 GMT 2023


Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9bc9aafe by Santiago Ruano Rincón at 2023-12-01T11:30:06-03:00
give more info about regressions in some CVE related to samba/bullseye-and-older

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77177,6 +77177,8 @@ CVE-2022-42898 (PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.
 	NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c
 	NOTE: Heimdal: https://github.com/heimdal/heimdal/commit/0c56257bdac80da015878fffdb0f8a42b8d73246 (heimdal-7.7.1)
 	NOTE: Heimdal regression: https://github.com/heimdal/heimdal/pull/1025
+	NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243
+	NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
 CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthe ...)
 	NOT-FOR-US: Array Networks
 CVE-2022-3478 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -77756,7 +77758,8 @@ CVE-2022-3437 (A heap-based buffer overflow vulnerability was found in Samba wit
 	NOTE: https://github.com/heimdal/heimdal/commit/c8407ca079294d76a5ed140ba5b546f870d23ed2 (heimdal-7.7.1)
 	NOTE: https://github.com/heimdal/heimdal/commit/8fb508a25a6a47289c73e3f4339352a73a396eef (heimdal-7.7.1)
 	NOTE: In scope for continued Samba support
-	NOTE: Important risk of regression in samba/bullseye (4.13)
+	NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243
+	NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
 CVE-2021-46845
 	RESERVED
 CVE-2020-36606
@@ -90562,6 +90565,8 @@ CVE-2022-38024
 CVE-2022-38023 (Netlogon RPC Elevation of Privilege Vulnerability)
 	- samba 2:4.17.4+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2022-38023.html
+	NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243
+	NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
 CVE-2022-38022 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-38021 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...)
@@ -90677,9 +90682,13 @@ CVE-2022-37967 (Windows Kerberos Elevation of Privilege Vulnerability)
 	[bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
 	[buster] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5015-1)
 	NOTE: https://www.samba.org/samba/security/CVE-2022-37967.html
+	NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243
+	NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
 CVE-2022-37966 (Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability)
 	- samba 2:4.17.4+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2022-37966.html
+	NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243
+	NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
 CVE-2022-37965 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-37964 (Windows Kernel Elevation of Privilege Vulnerability)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bc9aafed627e43086d1ed7387da2e7bd0e1f843

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bc9aafed627e43086d1ed7387da2e7bd0e1f843
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231201/7a1b1cc8/attachment.htm>
