Package samba: Information

Samba is the standard Windows interoperability suite of programs for Linux and Unix.
- Update to stable release of Samba 4.18 with latest bugfixes and new features:
 + SMB Server performance improvements. The locking overhead for contended path
   based operations is reduced by an additional factor of ~ 3 compared to 4.17.
 + More succinct samba-tool error messages.
 + Accessing the old samba-tool messages with full Python stack trace by using
   the argument '-d3'.
 + New samba-tool dsacl subcommand for deleting ACES
 + Colour output with samba-tool --color and
 + No colour with NO_COLOR environment variable
 + New wbinfo option --change-secret-at which forces the trust account password
   to be changed at a specified domain controller.
 + New option acl_xattr:security_acl_name to change the NT ACL default protected
   location security.NTACL not accessible from normal users outside of Samba.
 + New option server addresses as per-share parameter to limit share visibility
   and accessibility to specific server IP addresses. This option can offer a
   different set of shares per interface.
 + Azure Active Directory / Office365 synchronisation improvements with the
   Azure AD Connect cloud sync tool which now supported for password hash
   synchronisation, allowing Samba AD Domains to synchronise passwords with this
   popular cloud environment.
- Revert services type from forking to notify.
- Update to security release of Samba 4.17
- Security fixes (Samba#15422, Samba#15424, Samba#15439, Samba#15473, Samba#15474):
 + CVE-2023-3961:  Unsanitized pipe names allow SMB clients to connect as root
                   to existing unix domain sockets on the file system.
                   https://www.samba.org/samba/security/CVE-2023-3961.html

 + CVE-2023-4091:  SMB client can truncate files to 0 bytes by opening files
                   with OVERWRITE disposition when using the acl_xattr Samba VFS
                   module with the smb.conf setting
                   "acl_xattr:ignore system acls = yes"
                   https://www.samba.org/samba/security/CVE-2023-4091.html

 + CVE-2023-4154:  An RODC and a user with the GET_CHANGES right can view all
                   attributes, including secrets and passwords.  Additionally,
                   the access check fails open on error conditions.
                   https://www.samba.org/samba/security/CVE-2023-4154.html

 + CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
                   server block for a user-defined amount of time, denying
                   service.
                   https://www.samba.org/samba/security/CVE-2023-42669.html

 + CVE-2023-42670: Samba can be made to start multiple incompatible RPC
                   listeners, disrupting service on the AD DC.
                   https://www.samba.org/samba/security/CVE-2023-42670.html

Package samba: Information

Last changed