SAMBA+ 4.17.3, 4.16.7 and 4.15.12 have just been released by SerNet. These are important security releases, please update affected systems as soon
as possible. The packages are available for various SUSE and Red Hat platforms as well as for Debian GNU/Linux, Ubuntu and AIX.
The packages address the following issues:
- CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit systems
Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap.
- Fix a regression introduced by the CVE-2022-42898 fix affecting 32-bit systems leading to a failure to validate PACs.
DEB: 4.15.12-16, 4.16.7-22, 4.17.3-20
RPM: 4.15.12-16, 4.16.7-21, 4.17.3-19