git: 7b0da40d3819 - main - securily/vuxml: document Samba vulnerabilities
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 07 Apr 2023 14:52:12 UTC
The branch main has been updated by timur: URL: https://cgit.FreeBSD.org/ports/commit/?id=7b0da40d3819ae333cd5fd57c6b8c166565286a5 commit 7b0da40d3819ae333cd5fd57c6b8c166565286a5 Author: Timur I. Bakeyev <timur@FreeBSD.org> AuthorDate: 2023-04-07 14:50:34 +0000 Commit: Timur I. Bakeyev <timur@FreeBSD.org> CommitDate: 2023-04-07 14:52:06 +0000 securily/vuxml: document Samba vulnerabilities CVE-2023-0225, CVE-2023-0922, CVE-2023-0614 Security: CVE-2023-0225 CVE-2023-0922 CVE-2023-0614 --- security/vuxml/vuln/2023.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index e532db04b3be..28afea0ad00d 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,57 @@ + <vuln vid="e86b8e4d-d551-11ed-8d1e-005056a311d1"> + <topic>samba -- multiple vulnerabilities</topic> + <affects> + <package> + <name>samba416</name> + <range><lt>4.16.10</lt></range> + </package> + <package> + <name>samba417</name> + <range><lt>4.17.7</lt></range> + </package> + <package> + <name>samba418</name> + <range><lt>4.18.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Samba Team reports:</p> + <blockquote cite="https://www.samba.org/samba/security/CVE-2023-0225.html"> + <p>An incomplete access check on dnsHostName allows + authenticated but otherwise unprivileged users to + delete this attribute from any object in the directory.</p> + </blockquote> + <blockquote cite="https://www.samba.org/samba/security/CVE-2023-0922.html"> + <p>The Samba AD DC administration tool, when operating + against a remote LDAP server, will by default send + new or reset passwords over a signed-only connection. </p> + </blockquote> + <blockquote cite="https://www.samba.org/samba/security/CVE-2023-0614.html"> + <p>The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for + CVE-2018-10919 Confidential attribute disclosure via + LDAP filters was insufficient and an attacker may be + able to obtain confidential BitLocker recovery keys + from a Samba AD DC.</p> + <p>Installations with such secrets in their Samba AD + should assume they have been obtained and need replacing.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-0225</cvename> + <url>https://www.samba.org/samba/security/CVE-2023-0225.html</url> + <cvename>CVE-2023-0922</cvename> + <url>https://www.samba.org/samba/security/CVE-2023-0922.html</url> + <cvename>CVE-2023-0614</cvename> + <url>https://www.samba.org/samba/security/CVE-2023-0614.html</url> + </references> + <dates> + <discovery>2023-03-29</discovery> + <entry>2023-04-07</entry> + </dates> + </vuln> + <vuln vid="faf7c1d0-f5bb-47b4-a6a8-ef57317b9766"> <topic>ffmpeg -- multiple vulnerabilities</topic> <affects>