[Pkg-samba-maint] Bug#1022574: samba: Kerberos 22H2 Samba problem in Debian stable | Backports Version or Stable Update?
Michael Tokarev
mjt at tls.msk.ru
Wed Nov 2 07:39:29 GMT 2022
24.10.2022 15:47, Samuel Wolf wrote:
>> Yes it is possible, more, it is trivial to _patch_ it. But it is not that easy
>> to make the resulting binaries into the archive.
Samuel, care to test a bullseye 4.13 samba patched with this 22H2 kerberos thing?
I don't have a test environment here, setting it up is quite a bit of work, - I'll
need several virtual machines with different OSes, including win 22H2..
I prepared bullseye samba build, if you (or anyone else) have a way to test them,
please do.
http://www.corpit.ru/mjt/packages/samba/debian-11-bullseye-test/ , in particular,
http://www.corpit.ru/mjt/packages/samba/debian-11-bullseye-test/samba-4.13/samba_4.13.13+dfsg-1~deb11u5a/
In an apt/sources.list form, it is:
deb http://www.corpit.ru/mjt/packages/samba debian-11-bullseye-test/samba-4.13/
(the trailing slash is important!). This is a temporary repository signed with
my GPG key I use for Debian packaging.
There are 2 changes in this release compared with current 4.13.13+dfsg-1~deb11u5:
samba (2:4.13.13+dfsg-1~deb11u5a) bullseye-test; urgency=medium
* CVE-2022-3437-des3-overflow-v4a-4.13.patch
Closes: CVE-2022-3437 (Heimdal unwrap_des/unwrap_des3 buffer overflow)
* windows11-22h2-kerrberos-kdc-avoid-re-encoding-KDC-REQ-BODY.patch
Closes: #1022574, incorrect AD DC behavior with Windows11 22H2
If everything goes well, I'll try to push this one to bullseye-security.
Thanks!
/mjt
More information about the Pkg-samba-maint
mailing list