[Pkg-samba-maint] Bug#1022574: samba: Kerberos 22H2 Samba problem in Debian stable | Backports Version or Stable Update?
Tom Weber
xdeb at abyss.4t2.com
Wed Dec 7 20:56:23 GMT 2022
Am 02.11.22 um 08:39 schrieb Michael Tokarev:
> 24.10.2022 15:47, Samuel Wolf wrote:
>>> Yes it is possible, more, it is trivial to _patch_ it. But it is not that easy
>>> to make the resulting binaries into the archive.
>
> Samuel, care to test a bullseye 4.13 samba patched with this 22H2 kerberos thing?
> I don't have a test environment here, setting it up is quite a bit of work, - I'll
> need several virtual machines with different OSes, including win 22H2..
>
> I prepared bullseye samba build, if you (or anyone else) have a way to test them,
> please do.
>
> http://www.corpit.ru/mjt/packages/samba/debian-11-bullseye-test/ , in particular,
> http://www.corpit.ru/mjt/packages/samba/debian-11-bullseye-test/samba-4.13/samba_4.13.13+dfsg-1~deb11u5a/
> In an apt/sources.list form, it is:
>
> deb http://www.corpit.ru/mjt/packages/samba debian-11-bullseye-test/samba-4.13/
>
> (the trailing slash is important!). This is a temporary repository signed with
> my GPG key I use for Debian packaging.
>
> There are 2 changes in this release compared with current 4.13.13+dfsg-1~deb11u5:
>
> samba (2:4.13.13+dfsg-1~deb11u5a) bullseye-test; urgency=medium
>
> * CVE-2022-3437-des3-overflow-v4a-4.13.patch
> Closes: CVE-2022-3437 (Heimdal unwrap_des/unwrap_des3 buffer overflow)
> * windows11-22h2-kerrberos-kdc-avoid-re-encoding-KDC-REQ-BODY.patch
> Closes: #1022574, incorrect AD DC behavior with Windows11 22H2
>
> If everything goes well, I'll try to push this one to bullseye-security.
Hitting the Problem with 22H2 i upgraded samba today to your provided packages on bullseye.
So far all seems to work - quick tests with 7/10/11/2016
thanks for your work!
Tom
More information about the Pkg-samba-maint
mailing list