Bug 15109 - [SECURITY] July 2022 Security release bug
Summary: [SECURITY] July 2022 Security release bug
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.16.2
Hardware: All All
: P5 major (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
Depends on: CVE-2022-32745 CVE-2022-32746 CVE-2022-2031 CVE-2022-32744 CVE-2022-32742, ZDI-CAN-17388 15096
  Show dependency treegraph
Reported: 2022-06-28 07:29 UTC by Andrew Bartlett
Modified: 2022-08-04 09:55 UTC (History)
6 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2022-06-28 07:29:52 UTC
Overall bug to track issues that should probably be in the next security release (proposal at this point, to pass to the release manager for their decision).
Comment 1 Andrew Bartlett 2022-07-14 04:17:55 UTC
Opening security bugs to vendors.  Release date is currently proposed to be Wednesday 27 July but bug 15109 will be the authoritative reference on that.
Comment 2 Andrew Bartlett 2022-07-25 22:24:00 UTC
Removing see-also bugs that caused some confusion.  These unrelated issues are not part of this security release.  (They were included to provide context in case they could be brought into it, but they were not).
Comment 3 Jule Anger 2022-07-27 11:06:13 UTC
Removing vendor CC (so that any public comments don't need to be broadcast so widely) and opening these bugs to the public.
If you wish to continue to be informed about any changes here please CC individually.
Comment 4 Andrew Bartlett 2022-07-28 18:34:01 UTC
Some of these bugs have Samba 4.10 and 4.12 backports provided.  The code trees that these are based on are not maintained by samba.org.  

However they are public (as well as being the sum on previously released security bugs), and are listed here for those who desire to reproduce the tested state:



Particularly for the 4.10 case, care should be taken to ensure that other patches and security updates desired since that release are included (eg don't just swap out the release tarball, carefully apply all the patches on top of whatever you were previously shipping).
Comment 5 Jule Anger 2022-08-04 09:55:56 UTC
Release is done. Closing out bug report.
Many thanks at all!