--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-50da406d40
2022-02-02 01:24:12.113376
--------------------------------------------------------------------------------
Name : samba
Product : Fedora 35
Version : 4.15.5
Release : 0.fc35
URL :
https://www.samba.org
Summary : Server and Client software to interoperate with Windows machines
Description :
Samba is the standard Windows interoperability suite of programs for Linux and
Unix.
--------------------------------------------------------------------------------
Update Information:
Update to Samba 4.15.5 - Security fixes for CVE-2021-44141, CVE-2021-44142 and
CVE-2022-0336
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 31 2022 Guenther Deschner <gdeschner(a)redhat.com> - 4.15.5-0
- Update to Samba 4.15.5
- resolves: #2046120, #2048566 - Security fixes for CVE-2021-44141
- resolves: #2046146, #2048570 - Security fixes for CVE-2021-44142
- resolves: #2046134, #2048568 - Security fixes for CVE-2022-0336
* Thu Jan 20 2022 Pavel Filipensk�� <pfilipen(a)redhat.com> - 4.15.4-0
- Update to Samba 4.15.4
- resolves: #2009673, #2039034 - Security fixes for CVE-2021-20316
- resolves: #2042518
* Wed Dec 15 2021 Pavel Filipensk�� <pfilipen(a)redhat.com> - 4.15.3-1
- Fix resolv_wrapper with glibc 2.34
- resolves: #2019669
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2046120 - CVE-2021-44141 samba: Information leak via symlinks of existance of
files or directories outside of the exported share
https://bugzilla.redhat.com/show_bug.cgi?id=2046120
[ 2 ] Bug #2046134 - CVE-2022-0336 samba: Samba AD users with permission to write to an
account can impersonate arbitrary services
https://bugzilla.redhat.com/show_bug.cgi?id=2046134
[ 3 ] Bug #2046146 - CVE-2021-44142 samba: Out-of-bounds heap read/write vulnerability
in VFS module vfs_fruit allows code execution
https://bugzilla.redhat.com/show_bug.cgi?id=2046146
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-50da406d40' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------