| 2023-10-31 12:28:38 | 4.19.2 | CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to
existing unix domain sockets on the file system.
https://www.samba.org/samba/security/CVE-2023-3961.html
CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with
OVERWRITE disposition when using the acl_xattr Samba VFS
module with the smb.conf setting
"acl_xattr:ignore system acls = yes"
https://www.samba.org/samba/security/CVE-2023-4091.html
CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
attributes, including secrets and passwords. Additionally,
the access check fails open on error conditions.
https://www.samba.org/samba/security/CVE-2023-4154.html
CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
server block for a user-defined amount of time, denying
service.
https://www.samba.org/samba/security/CVE-2023-42669.html
CVE-2023-42670: Samba can be made to start multiple incompatible RPC
listeners, disrupting service on the AD DC.
https://www.samba.org/samba/security/CVE-2023-42670.html
| NV/0KYw1LEjVTZ03ehmreKtyLzaGiiT/WMi72YB8NXq2q5dNL+nrKi3uueFUOdGXFw0E/CJDEww5
t/CD5Fb3NRiBVEFsG6NZShSL2JkYkfIXRpHfog1S/xBRemgAt48vfX9METmsCSyL8dH51ZBFagOZ
tmhmZZy29CHVfq/ktNZ6jn+RCJC6un2AzP28MCypRlDASv8y1jAe0YT/BGZZPHWJrhXe9I1XpVCR
DwdGkIRGU2/vfPrYJ88XbjEvWOvXFx5Xmde3hLt4vNCOVniuBOj9UFXr0XazwUC8KfcJ/XPiiA3E
LfNvVRw73XWR+uKtyE20p11Sh6nCUrnMEHLk6A== |