Date: Wed, 2 Feb 2022 01:48:20 GMT From: "Timur I. Bakeyev" <timur@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: a09995057a01 - main - security/vuxml: Add a note about recent Samba vulnerabilities. Message-ID: <202202020148.2121mKjY081921@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by timur: URL: https://cgit.FreeBSD.org/ports/commit/?id=a09995057a01693ec333095bc0ead96b6ba8c9e7 commit a09995057a01693ec333095bc0ead96b6ba8c9e7 Author: Timur I. Bakeyev <timur@FreeBSD.org> AuthorDate: 2022-02-02 01:45:38 +0000 Commit: Timur I. Bakeyev <timur@FreeBSD.org> CommitDate: 2022-02-02 01:47:37 +0000 security/vuxml: Add a note about recent Samba vulnerabilities. CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 Security: CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 --- security/vuxml/vuln-2022.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index fea7a30aac6a..edcc775cb94b 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,53 @@ + <vuln vid="8579074c-839f-11ec-a3b2-005056a311d1"> + <topic>samba -- Multiple Vulnerabilities</topic> + <affects> + <package> + <name>samba413</name> + <range><lt>4.13.17</lt></range> + </package> + <package> + <name>samba414</name> + <range><lt>4.14.12</lt></range> + </package> + <package> + <name>samba415</name> + <range><lt>4.15.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Samba Team reports:</p> + <blockquote cite="https://www.samba.org/samba/history/security.html">; + <ul> + <li>CVE-2021-43566: Malicious client using an SMB1 or NFS race to allow + a directory to be created in an area of the server file system not + exported under the share definition.</li> + <li>CVE-2021-44141: Information leak via symlinks of existance of files + or directories outside of the exported share.</li> + <li>CVE-2021-44142: Out-of-bounds heap read/write vulnerability + in VFS module vfs_fruit allows code execution.</li> + <li>CVE-2022-0336: Samba AD users with permission to write to + an account can impersonate arbitrary services.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-43566</cvename> + <cvename>CVE-2021-44141</cvename> + <cvename>CVE-2021-44142</cvename> + <cvename>CVE-2022-0336</cvename> + <url>https://www.samba.org/samba/security/CVE-2021-43566.html</url>; + <url>https://www.samba.org/samba/security/CVE-2021-44141.html</url>; + <url>https://www.samba.org/samba/security/CVE-2021-44142.html</url>; + <url>https://www.samba.org/samba/security/CVE-2022-0336.html</url>; + </references> + <dates> + <discovery>2022-01-31</discovery> + <entry>2022-02-01</entry> + </dates> + </vuln> + <vuln vid="ee26f513-826e-11ec-8be6-d4c9ef517024"> <topic>Rust -- Race condition enabling symlink following</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202202020148.2121mKjY081921>