20.07.2023 18:04, Heil, Stefan пишет:
Dear list / Samba maintainers,
Will the fix for this also make it into Bullseye / Samba 4.13? If so,
is there a (tentative) ETA?
Please do not use 4.13. It is dead. I especially do *not* want to
backport this bugfix to bullseye samba, because it will give false
sense of security.
See also:
https://lists.debian.org/debian-security-announce/2021/msg00201.html
In short: running samba which released in bullseye as an AD-DC is
not supported already because that version had numerous other security
issues. And the issue we have with jul-23 win updates is about the ad-dc.
Samba 4.16 had a major rewrite of some core components (eg vfs has been
basically rewritten) exactly to fix other security issues, and further
vital fixes for the domain components are based on that.
I'm wondering if we can wait for the fix or if I need to install it
from bullseye-backports, which I am trying to avoid, if possible.
bullseye-backports already has the fixed version, and recent (jul-19)
security release of samba is on the way to bullseye-backports too as
I write this. Samba in backports is in excellent shape, it is
uncomparable to what we have in bullseye.
/mjt
