Santiago R.R. pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9bc9aafe by Santiago Ruano Rincón at 2023-12-01T11:30:06-03:00
give more info about regressions in some CVE related to samba/bullseye-and-older
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -77177,6 +77177,8 @@ CVE-2022-42898 (PAC parsing in MIT Kerberos 5 (aka
krb5) before 1.19.4 and 1.20.
NOTE:
https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c
NOTE: Heimdal:
https://github.com/heimdal/heimdal/commit/0c56257bdac80da015878fffdb0f8a42b8d73246
(heimdal-7.7.1)
NOTE: Heimdal regression: https://github.com/heimdal/heimdal/pull/1025
+ NOTE: possible samba 4.13,4.15 regression:
https://bugzilla.samba.org/show_bug.cgi?id=15243
+ NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows
unauthe ...)
NOT-FOR-US: Array Networks
CVE-2022-3478 (An issue has been discovered in GitLab affecting all versions
starting ...)
@@ -77756,7 +77758,8 @@ CVE-2022-3437 (A heap-based buffer overflow
vulnerability was found in Samba wit
NOTE:
https://github.com/heimdal/heimdal/commit/c8407ca079294d76a5ed140ba5b546f870d23ed2
(heimdal-7.7.1)
NOTE:
https://github.com/heimdal/heimdal/commit/8fb508a25a6a47289c73e3f4339352a73a396eef
(heimdal-7.7.1)
NOTE: In scope for continued Samba support
- NOTE: Important risk of regression in samba/bullseye (4.13)
+ NOTE: possible samba 4.13,4.15 regression:
https://bugzilla.samba.org/show_bug.cgi?id=15243
+ NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
CVE-2021-46845
RESERVED
CVE-2020-36606
@@ -90562,6 +90565,8 @@ CVE-2022-38024
CVE-2022-38023 (Netlogon RPC Elevation of Privilege Vulnerability)
- samba 2:4.17.4+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2022-38023.html
+ NOTE: possible samba 4.13,4.15 regression:
https://bugzilla.samba.org/show_bug.cgi?id=15243
+ NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
CVE-2022-38022 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
NOT-FOR-US: Microsoft
CVE-2022-38021 (Connected User Experiences and Telemetry Elevation of
Privilege Vulner ...)
@@ -90677,9 +90682,13 @@ CVE-2022-37967 (Windows Kerberos Elevation of
Privilege Vulnerability)
[bullseye] - samba <ignored> (Domain controller functionality is EOLed,
see DSA DSA-5477-1)
[buster] - samba <ignored> (Domain controller functionality is EOLed,
see DSA-5015-1)
NOTE: https://www.samba.org/samba/security/CVE-2022-37967.html
+ NOTE: possible samba 4.13,4.15 regression:
https://bugzilla.samba.org/show_bug.cgi?id=15243
+ NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
CVE-2022-37966 (Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability)
- samba 2:4.17.4+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2022-37966.html
+ NOTE: possible samba 4.13,4.15 regression:
https://bugzilla.samba.org/show_bug.cgi?id=15243
+ NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867
CVE-2022-37965 (Windows Point-to-Point Tunneling Protocol Denial of Service
Vulnerabil ...)
NOT-FOR-US: Microsoft
CVE-2022-37964 (Windows Kernel Elevation of Privilege Vulnerability)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bc9aafed627e43086d1ed7387da2e7bd0e1f843
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bc9aafed627e43086d1ed7387da2e7bd0e1f843
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
