46966 2023-07-17 21:07:19 +0300 Secure channel faulty since Windows 10/11 update 07/2023 2023-07-28 18:40:03 +0300 1 1 1 Unclassified Branch p10 samba-dc не указана all Linux CLOSED FIXED P5 critical --- 1 oleg_zolotov sin amakeenk oleg_zolotov qa-p10 oldest_to_newest 229917 0 oleg_zolotov 2023-07-17 21:07:19 +0300 После июльского обновления Microsoft Windows 10 KB5028166 (и аналогичных обновлений для Windows 7 и Windows Server 2008 R2), работающих в домене Samba 4 перестает работать NLA в RDS, печать на сетевые принтеры (виснет при попытке открыть свойства принтера). Откат обновления проблему решает. Описание ошибки https://bugzilla.samba.org/show_bug.cgi?id=15418 229933 1 sin 2023-07-18 11:07:27 +0300 Патчи в апстримной баге приложены. Можно сделать тестовую сборку для проверки. 230200 2 oleg_zolotov 2023-07-22 20:30:41 +0300 В апстриме появилась версия 4.16.11 в которой исправлен данный баг https://www.samba.org/samba/history/samba-4.16.11.html 230563 3 repository-robot 2023-07-28 18:40:03 +0300 samba-4.16.11-alt2 -> c10f1: Sun Jul 23 2023 Evgeny Sinelnikov <sin@altlinux> 4.16.11-alt2 - Add check with admx-lint for group policy templates validation. Sun Jul 23 2023 Evgeny Sinelnikov <sin@altlinux> 4.16.11-alt1 - Update to security release of Samba 4.16 (Closes: 46966): + Secure channel faulty since Windows 10/11 update 07/2023 (KB5028166). - Security fixes (Samba#15418): + CVE-2022-2127: When winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in winbind and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html + CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be triggered by an unauthenticated attacker by issuing a malformed RPC request. https://www.samba.org/samba/security/CVE-2023-34966.html + CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for Spotlight can be used by an unauthenticated attacker to trigger a process crash in a shared RPC mdssvc worker process. https://www.samba.org/samba/security/CVE-2023-34967.html + CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server- side absolute path of shares and files and directories in search results. https://www.samba.org/samba/security/CVE-2023-34968.html