From ea40c395c9648e584d3e0771b391bc9c0317ba6afbc9fd9854c40b1b1514d03c Mon Sep 17 00:00:00 2001 From: Samuel Cabrero Date: Tue, 1 Feb 2022 09:16:29 +0000 Subject: [PATCH] Accepting request 950276 from home:npower:update_samba - Update to 4.15.5 * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target of a symlink exists; (bso#14911); (bsc#1193690). * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module; (bso#14914); (bsc#1194859). * CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks; bso#14950); (bsc#1195048). - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); OBS-URL: https://build.opensuse.org/request/show/950276 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=659 --- samba-4.15.4+git.224.dea2f6dc836.tar.bz2 | 3 --- samba-4.15.5+git.328.f1f29505d84.tar.bz2 | 3 +++ samba.changes | 25 ++++++++++++++++++++++++ samba.spec | 2 +- 4 files changed, 29 insertions(+), 4 deletions(-) delete mode 100644 samba-4.15.4+git.224.dea2f6dc836.tar.bz2 create mode 100644 samba-4.15.5+git.328.f1f29505d84.tar.bz2 diff --git a/samba-4.15.4+git.224.dea2f6dc836.tar.bz2 b/samba-4.15.4+git.224.dea2f6dc836.tar.bz2 deleted file mode 100644 index 9d5edb0..0000000 --- a/samba-4.15.4+git.224.dea2f6dc836.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2de5e513ff0564cdbf19cefb2a0d662af9afab72dc0754ea3358ebc956c437c0 -size 25627178 diff --git a/samba-4.15.5+git.328.f1f29505d84.tar.bz2 b/samba-4.15.5+git.328.f1f29505d84.tar.bz2 new file mode 100644 index 0000000..6bd38a4 --- /dev/null +++ b/samba-4.15.5+git.328.f1f29505d84.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ad7bad0205833288c060ce36b3911fa98aee5eccda7a3bf2db3fb04d93d1b63b +size 25633107 diff --git a/samba.changes b/samba.changes index 2b8fa75..2f7ed06 100644 --- a/samba.changes +++ b/samba.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Mon Jan 31 14:23:44 UTC 2022 - Noel Power + +- Update to 4.15.5 + * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the + outside target of a symlink exists; (bso#14911); + (bsc#1193690). + * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit + module; (bso#14914); (bsc#1194859). + * CVE-2022-0336: Re-adding an SPN skips subsequent SPN + conflict checks; bso#14950); (bsc#1195048). + +------------------------------------------------------------------- +Wed Jan 26 12:00:35 UTC 2022 - Samuel Cabrero + +- CVE-2021-44141: Information leak via symlinks of existance of + files or directories outside of the exported share; (bso#14911); + (bsc#1193690); +- CVE-2021-44142: Out-of-bounds heap read/write vulnerability + in VFS module vfs_fruit allows code execution; (bso#14914); + (bsc#1194859); +- CVE-2022-0336: Samba AD users with permission to write to an + account can impersonate arbitrary services; (bso#14950); + (bsc#1195048); + ------------------------------------------------------------------- Fri Jan 21 12:37:42 UTC 2022 - Samuel Cabrero diff --git a/samba.spec b/samba.spec index 3c548c6..474b759 100644 --- a/samba.spec +++ b/samba.spec @@ -208,7 +208,7 @@ BuildRequires: liburing-devel %else %define build_make_smp_mflags %{?jobs:-j%jobs} %endif -Version: 4.15.4+git.224.dea2f6dc836 +Version: 4.15.5+git.328.f1f29505d84 Release: 0 URL: https://www.samba.org/ Obsoletes: samba-32bit < %{version}