search

linuxdeepin / developer-center

Deepin developer center, provide developer wiki and community forum.
453 stars 73 forks source link

[Deepin Integration]~[V23-Beta2] samba 4.16.11 #5157

Closed deepin-bot[bot] closed 1 year ago

deepin-bot[bot] commented 1 year ago

Package information | 软件包信息

包名 版本
samba 2:4.16.11+dfsg-1

Package repository address | 软件包仓库地址

deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-314/testing/ ./

Changelog | 更新信息

CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746 CVE-2022-3437, CVE-2022-3592 CVE-2022-37966, CVE-2022-37967, CVE-2022-38023, CVE-2022-45141 CVE-2023-0225, CVE-2023-0922, CVE-2023-0614 CVE-2022-2127, CVE-2023-3347, CVE-2023-34966, CVE-2023-34967, CVE-2023-34968

samba (2:4.16.11+dfsg-1) unstable; urgency=medium

  * new upstream stable/security release 4.16.11, including:
   o CVE-2022-2127:  When winbind is used for NTLM authentication,
     a maliciously crafted request can trigger an out-of-bounds read
     in winbind and possibly crash it.
     https://www.samba.org/samba/security/CVE-2022-2127.html
   o CVE-2023-3347:  SMB2 packet signing is not enforced if an admin
     configured "server signing = required" or for SMB2 connections to
     Domain Controllers where SMB2 packet signing is mandatory.
     https://www.samba.org/samba/security/CVE-2023-3347.html
   o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service
     for Spotlight can be triggered by an unauthenticated attacker by
     issuing a malformed RPC request.
     https://www.samba.org/samba/security/CVE-2023-34966.html
   o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service
     for Spotlight can be used by an unauthenticated attacker to trigger
     a process crash in a shared RPC mdssvc worker process.
     https://www.samba.org/samba/security/CVE-2023-34967.html
   o CVE-2023-34968: As part of the Spotlight protocol Samba discloses
     the server-side absolute path of shares and files and directories
     in search results.
     https://www.samba.org/samba/security/CVE-2023-34968.html
   o BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
     https://bugzilla.samba.org/show_bug.cgi?id=15418
     (this has been patched in the previous upload; Closes: #1041043)

Test suggestion | 测试建议

samba大版本更新(修复众多BUG与CVE),与文件管理器相关的samba用例都需要过一遍

Influence | 影响范围

文管、samba相关

ADDITIONAL INFORMATION | 额外补充

若无新增严重问题可推荐集成

deepin-bot[bot] commented 1 year ago

IntegrationProjector Bot Deepin Testing Integration Project Manager Info Link to https://github.com/deepin-community/Repository-Integration/pull/314

babyfengfjx commented 1 year ago

@SuperEffie 请开展集成验证,这应该是samba官方维护的更新,可以了解详情后进行系统验证。

SuperEffie commented 1 year ago

【验证结论】:测试通过,请走下一步流程 【问题备注】:验证文管samba相关用例,无新增bug。 文件管理器-设置-高级设置-挂载-“Samba共享端常驻显示挂载入口”项和dde-dconfig-editor工具中org.deepin.dde.file-manager项Keep showing the mounted Samba shares接口状态确认为同步