[Pkg-samba-maint] Bug#1016449: samba: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746
Salvatore Bonaccorso
carnil at debian.org
Sun Jul 31 20:38:47 BST 2022
Source: samba
Version: 2:4.16.3+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerabilities were published for samba.
CVE-2022-2031[0]:
| Samba AD users can bypass certain restrictions associated with
| changing passwords
CVE-2022-32742[1]:
| Server memory information leak via SMB1
CVE-2022-32744[2]:
| Samba AD users can forge password change requests for any user
CVE-2022-32745[3]:
| Samba AD users can crash the server process with an LDAP add or modify
| request
CVE-2022-32746[4]:
| Samba AD users can induce a use-after-free in the server process
| with an LDAP add or modify request
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-2031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031
[1] https://security-tracker.debian.org/tracker/CVE-2022-32742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742
[2] https://security-tracker.debian.org/tracker/CVE-2022-32744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744
[3] https://security-tracker.debian.org/tracker/CVE-2022-32745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745
[4] https://security-tracker.debian.org/tracker/CVE-2022-32746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-samba-maint
mailing list