Red Hat Security Advisory 2023-0637-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: samba security update  
Advisory ID:       RHSA-2023:0637-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0637  
Issue date:        2023-02-07  
CVE Names:         CVE-2022-38023  
====================================================================  
1. Summary:

An update for samba is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Samba is an open-source implementation of the Server Message Block (SMB)  
protocol and the related Common Internet File System (CIFS) protocol, which  
allow PC-compatible machines to share files, printers, and various  
information.

Security Fix(es):

* samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided  
(CVE-2022-38023)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2154362 - CVE-2022-38023 samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
samba-4.13.3-11.el8_4.src.rpm

aarch64:  
ctdb-4.13.3-11.el8_4.aarch64.rpm  
ctdb-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
ctdb-tests-4.13.3-11.el8_4.aarch64.rpm  
ctdb-tests-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
libsmbclient-4.13.3-11.el8_4.aarch64.rpm  
libsmbclient-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
libwbclient-4.13.3-11.el8_4.aarch64.rpm  
libwbclient-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
python3-samba-4.13.3-11.el8_4.aarch64.rpm  
python3-samba-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
python3-samba-test-4.13.3-11.el8_4.aarch64.rpm  
samba-4.13.3-11.el8_4.aarch64.rpm  
samba-client-4.13.3-11.el8_4.aarch64.rpm  
samba-client-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-client-libs-4.13.3-11.el8_4.aarch64.rpm  
samba-client-libs-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-common-libs-4.13.3-11.el8_4.aarch64.rpm  
samba-common-libs-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-common-tools-4.13.3-11.el8_4.aarch64.rpm  
samba-common-tools-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-debugsource-4.13.3-11.el8_4.aarch64.rpm  
samba-krb5-printing-4.13.3-11.el8_4.aarch64.rpm  
samba-krb5-printing-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-libs-4.13.3-11.el8_4.aarch64.rpm  
samba-libs-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-test-4.13.3-11.el8_4.aarch64.rpm  
samba-test-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-test-libs-4.13.3-11.el8_4.aarch64.rpm  
samba-test-libs-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-winbind-4.13.3-11.el8_4.aarch64.rpm  
samba-winbind-clients-4.13.3-11.el8_4.aarch64.rpm  
samba-winbind-clients-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-winbind-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-winbind-krb5-locator-4.13.3-11.el8_4.aarch64.rpm  
samba-winbind-krb5-locator-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-winbind-modules-4.13.3-11.el8_4.aarch64.rpm  
samba-winbind-modules-debuginfo-4.13.3-11.el8_4.aarch64.rpm

noarch:  
samba-common-4.13.3-11.el8_4.noarch.rpm  
samba-pidl-4.13.3-11.el8_4.noarch.rpm

ppc64le:  
ctdb-4.13.3-11.el8_4.ppc64le.rpm  
ctdb-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
ctdb-tests-4.13.3-11.el8_4.ppc64le.rpm  
ctdb-tests-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
libsmbclient-4.13.3-11.el8_4.ppc64le.rpm  
libsmbclient-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
libwbclient-4.13.3-11.el8_4.ppc64le.rpm  
libwbclient-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
python3-samba-4.13.3-11.el8_4.ppc64le.rpm  
python3-samba-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
python3-samba-test-4.13.3-11.el8_4.ppc64le.rpm  
samba-4.13.3-11.el8_4.ppc64le.rpm  
samba-client-4.13.3-11.el8_4.ppc64le.rpm  
samba-client-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-client-libs-4.13.3-11.el8_4.ppc64le.rpm  
samba-client-libs-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-common-libs-4.13.3-11.el8_4.ppc64le.rpm  
samba-common-libs-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-common-tools-4.13.3-11.el8_4.ppc64le.rpm  
samba-common-tools-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-debugsource-4.13.3-11.el8_4.ppc64le.rpm  
samba-krb5-printing-4.13.3-11.el8_4.ppc64le.rpm  
samba-krb5-printing-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-libs-4.13.3-11.el8_4.ppc64le.rpm  
samba-libs-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-test-4.13.3-11.el8_4.ppc64le.rpm  
samba-test-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-test-libs-4.13.3-11.el8_4.ppc64le.rpm  
samba-test-libs-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-winbind-4.13.3-11.el8_4.ppc64le.rpm  
samba-winbind-clients-4.13.3-11.el8_4.ppc64le.rpm  
samba-winbind-clients-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-winbind-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-winbind-krb5-locator-4.13.3-11.el8_4.ppc64le.rpm  
samba-winbind-krb5-locator-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-winbind-modules-4.13.3-11.el8_4.ppc64le.rpm  
samba-winbind-modules-debuginfo-4.13.3-11.el8_4.ppc64le.rpm

s390x:  
ctdb-4.13.3-11.el8_4.s390x.rpm  
ctdb-debuginfo-4.13.3-11.el8_4.s390x.rpm  
ctdb-tests-4.13.3-11.el8_4.s390x.rpm  
ctdb-tests-debuginfo-4.13.3-11.el8_4.s390x.rpm  
libsmbclient-4.13.3-11.el8_4.s390x.rpm  
libsmbclient-debuginfo-4.13.3-11.el8_4.s390x.rpm  
libwbclient-4.13.3-11.el8_4.s390x.rpm  
libwbclient-debuginfo-4.13.3-11.el8_4.s390x.rpm  
python3-samba-4.13.3-11.el8_4.s390x.rpm  
python3-samba-debuginfo-4.13.3-11.el8_4.s390x.rpm  
python3-samba-test-4.13.3-11.el8_4.s390x.rpm  
samba-4.13.3-11.el8_4.s390x.rpm  
samba-client-4.13.3-11.el8_4.s390x.rpm  
samba-client-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-client-libs-4.13.3-11.el8_4.s390x.rpm  
samba-client-libs-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-common-libs-4.13.3-11.el8_4.s390x.rpm  
samba-common-libs-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-common-tools-4.13.3-11.el8_4.s390x.rpm  
samba-common-tools-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-debugsource-4.13.3-11.el8_4.s390x.rpm  
samba-krb5-printing-4.13.3-11.el8_4.s390x.rpm  
samba-krb5-printing-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-libs-4.13.3-11.el8_4.s390x.rpm  
samba-libs-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-test-4.13.3-11.el8_4.s390x.rpm  
samba-test-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-test-libs-4.13.3-11.el8_4.s390x.rpm  
samba-test-libs-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-winbind-4.13.3-11.el8_4.s390x.rpm  
samba-winbind-clients-4.13.3-11.el8_4.s390x.rpm  
samba-winbind-clients-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-winbind-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-winbind-krb5-locator-4.13.3-11.el8_4.s390x.rpm  
samba-winbind-krb5-locator-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-winbind-modules-4.13.3-11.el8_4.s390x.rpm  
samba-winbind-modules-debuginfo-4.13.3-11.el8_4.s390x.rpm

x86_64:  
ctdb-4.13.3-11.el8_4.x86_64.rpm  
ctdb-debuginfo-4.13.3-11.el8_4.i686.rpm  
ctdb-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
ctdb-tests-4.13.3-11.el8_4.x86_64.rpm  
ctdb-tests-debuginfo-4.13.3-11.el8_4.i686.rpm  
ctdb-tests-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
libsmbclient-4.13.3-11.el8_4.i686.rpm  
libsmbclient-4.13.3-11.el8_4.x86_64.rpm  
libsmbclient-debuginfo-4.13.3-11.el8_4.i686.rpm  
libsmbclient-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
libwbclient-4.13.3-11.el8_4.i686.rpm  
libwbclient-4.13.3-11.el8_4.x86_64.rpm  
libwbclient-debuginfo-4.13.3-11.el8_4.i686.rpm  
libwbclient-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
python3-samba-4.13.3-11.el8_4.i686.rpm  
python3-samba-4.13.3-11.el8_4.x86_64.rpm  
python3-samba-debuginfo-4.13.3-11.el8_4.i686.rpm  
python3-samba-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
python3-samba-test-4.13.3-11.el8_4.x86_64.rpm  
samba-4.13.3-11.el8_4.x86_64.rpm  
samba-client-4.13.3-11.el8_4.x86_64.rpm  
samba-client-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-client-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-client-libs-4.13.3-11.el8_4.i686.rpm  
samba-client-libs-4.13.3-11.el8_4.x86_64.rpm  
samba-client-libs-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-client-libs-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-common-libs-4.13.3-11.el8_4.x86_64.rpm  
samba-common-libs-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-common-libs-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-common-tools-4.13.3-11.el8_4.x86_64.rpm  
samba-common-tools-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-common-tools-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-debugsource-4.13.3-11.el8_4.i686.rpm  
samba-debugsource-4.13.3-11.el8_4.x86_64.rpm  
samba-krb5-printing-4.13.3-11.el8_4.x86_64.rpm  
samba-krb5-printing-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-krb5-printing-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-libs-4.13.3-11.el8_4.i686.rpm  
samba-libs-4.13.3-11.el8_4.x86_64.rpm  
samba-libs-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-libs-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-test-4.13.3-11.el8_4.x86_64.rpm  
samba-test-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-test-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-test-libs-4.13.3-11.el8_4.x86_64.rpm  
samba-test-libs-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-test-libs-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-vfs-glusterfs-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-winbind-4.13.3-11.el8_4.x86_64.rpm  
samba-winbind-clients-4.13.3-11.el8_4.x86_64.rpm  
samba-winbind-clients-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-winbind-clients-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-winbind-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-winbind-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-winbind-krb5-locator-4.13.3-11.el8_4.x86_64.rpm  
samba-winbind-krb5-locator-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-winbind-krb5-locator-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-winbind-modules-4.13.3-11.el8_4.i686.rpm  
samba-winbind-modules-4.13.3-11.el8_4.x86_64.rpm  
samba-winbind-modules-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-winbind-modules-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-winexe-4.13.3-11.el8_4.x86_64.rpm  
samba-winexe-debuginfo-4.13.3-11.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
ctdb-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
ctdb-tests-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
libsmbclient-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
libsmbclient-devel-4.13.3-11.el8_4.aarch64.rpm  
libwbclient-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
libwbclient-devel-4.13.3-11.el8_4.aarch64.rpm  
python3-samba-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-client-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-client-libs-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-common-libs-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-common-tools-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-debugsource-4.13.3-11.el8_4.aarch64.rpm  
samba-devel-4.13.3-11.el8_4.aarch64.rpm  
samba-krb5-printing-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-libs-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-test-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-test-libs-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-winbind-clients-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-winbind-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-winbind-krb5-locator-debuginfo-4.13.3-11.el8_4.aarch64.rpm  
samba-winbind-modules-debuginfo-4.13.3-11.el8_4.aarch64.rpm

ppc64le:  
ctdb-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
ctdb-tests-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
libsmbclient-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
libsmbclient-devel-4.13.3-11.el8_4.ppc64le.rpm  
libwbclient-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
libwbclient-devel-4.13.3-11.el8_4.ppc64le.rpm  
python3-samba-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-client-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-client-libs-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-common-libs-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-common-tools-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-debugsource-4.13.3-11.el8_4.ppc64le.rpm  
samba-devel-4.13.3-11.el8_4.ppc64le.rpm  
samba-krb5-printing-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-libs-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-test-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-test-libs-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-winbind-clients-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-winbind-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-winbind-krb5-locator-debuginfo-4.13.3-11.el8_4.ppc64le.rpm  
samba-winbind-modules-debuginfo-4.13.3-11.el8_4.ppc64le.rpm

s390x:  
ctdb-debuginfo-4.13.3-11.el8_4.s390x.rpm  
ctdb-tests-debuginfo-4.13.3-11.el8_4.s390x.rpm  
libsmbclient-debuginfo-4.13.3-11.el8_4.s390x.rpm  
libsmbclient-devel-4.13.3-11.el8_4.s390x.rpm  
libwbclient-debuginfo-4.13.3-11.el8_4.s390x.rpm  
libwbclient-devel-4.13.3-11.el8_4.s390x.rpm  
python3-samba-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-client-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-client-libs-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-common-libs-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-common-tools-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-debugsource-4.13.3-11.el8_4.s390x.rpm  
samba-devel-4.13.3-11.el8_4.s390x.rpm  
samba-krb5-printing-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-libs-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-test-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-test-libs-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-winbind-clients-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-winbind-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-winbind-krb5-locator-debuginfo-4.13.3-11.el8_4.s390x.rpm  
samba-winbind-modules-debuginfo-4.13.3-11.el8_4.s390x.rpm

x86_64:  
ctdb-debuginfo-4.13.3-11.el8_4.i686.rpm  
ctdb-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
ctdb-tests-debuginfo-4.13.3-11.el8_4.i686.rpm  
ctdb-tests-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
libsmbclient-debuginfo-4.13.3-11.el8_4.i686.rpm  
libsmbclient-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
libsmbclient-devel-4.13.3-11.el8_4.i686.rpm  
libsmbclient-devel-4.13.3-11.el8_4.x86_64.rpm  
libwbclient-debuginfo-4.13.3-11.el8_4.i686.rpm  
libwbclient-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
libwbclient-devel-4.13.3-11.el8_4.i686.rpm  
libwbclient-devel-4.13.3-11.el8_4.x86_64.rpm  
python3-samba-debuginfo-4.13.3-11.el8_4.i686.rpm  
python3-samba-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-client-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-client-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-client-libs-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-client-libs-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-common-libs-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-common-libs-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-common-tools-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-common-tools-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-debugsource-4.13.3-11.el8_4.i686.rpm  
samba-debugsource-4.13.3-11.el8_4.x86_64.rpm  
samba-devel-4.13.3-11.el8_4.i686.rpm  
samba-devel-4.13.3-11.el8_4.x86_64.rpm  
samba-krb5-printing-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-krb5-printing-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-libs-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-libs-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-test-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-test-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-test-libs-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-test-libs-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-vfs-glusterfs-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-winbind-clients-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-winbind-clients-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-winbind-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-winbind-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-winbind-krb5-locator-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-winbind-krb5-locator-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-winbind-modules-debuginfo-4.13.3-11.el8_4.i686.rpm  
samba-winbind-modules-debuginfo-4.13.3-11.el8_4.x86_64.rpm  
samba-winexe-debuginfo-4.13.3-11.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-38023  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+MWNdzjgjWX9erEAQgv4g/6AyToFe5r7uGeNfmBohN3JFJnkyuCvLbx  
tRNOzcd53ANAwzYZfgR2tAcGR8DzJTY75spUm3SW3v+RqLmG+1pnHZszeQYRPXqU  
9gEdlltWXPBoaCKiEvn6cL6r2XeKZRabpVXExksFR38cyMA+ubAVIwTo0wH/kBdy  
M8hgXSSu5omlLS21F9HMZhPNlNLN2DdG+h9NWG1vIbdmtBCV4qSwT57taTbzRYgQ  
gPd3eRh0VA/Rp9XhAvrlMwWlplldG7++TyM3xHRE04jVXKd70kymvbBk+IwIbeaU  
whMz84ifSn2Nrcr572br14kDG7tNlwEFjCGQSG4flTDBqwq9L6q5hNt0FM1+JgSm  
NNhr607BuM0tzJuLMlikFkGNYyZMMumKUTUy2SxH6BVWNY1SuWBYtzw1p6V3WbkZ  
FzGky54gxL9j4FfGpDcGlslkmy7xZ1+8zvj0he1aAZLoqxvW/HyNRXgQ1s8ZgKWt  
3KJG2HV2nMpUpIpDPA19+IGDlXSomCM7llH55modCqpeuIWQw+ToNuvvtXDYdZve  
Q5K42hJtk7zxsJzlLH+4Q/HawV3BLWqdnQwNHaJmZf9g5R7I4HBqHK0o3tg1magb  
ILqS/Wc0u4cATSoMKrDQYSCDJMvdC8V07Ix3Up1cJggklYY2qrE5xPNOMZMcDe0V  
wGk5ywNrZFA=XsWM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0637-01

Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System (DMS) offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM.
Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which "an attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed

Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System (DMS) offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM.

Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which "an attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed and triggered by the user, giving the attacker multiple paths to control the organization."

The list of eight cross-site scripting (XSS) flaws, discovered by Rapid7 researcher Matthew Kienow, is as follows -

*   **CVE-2022-47412** - ONLYOFFICE Workspace Search Stored XSS
*   **CVE-2022-47413 and CVE-2022-47414** - OpenKM Document and Application XSS
*   **CVE-2022-47415, CVE-2022-47416, CVE-2022-47417, and CVE-2022-47418** - LogicalDOC Multiple Stored XSS
*   **CVE-2022-47419** - Mayan EDMS Tag Stored XSS

Stored XSS, also known as persistent XSS, occurs when a malicious script is injected directly into a vulnerable web application (e.g., via a comment field), causing the rogue code to be activated upon each visit to the application.

A threat actor can exploit the aforementioned flaws by providing a decoy document, granting the interloper the ability to further their control over the compromised network,

"A typical attack pattern would be to steal the session cookie that a locally-logged in administrator is authenticated with, and reuse that session cookie to impersonate that user to create a new privileged account," Tod Beardsley, director of research at Rapid7, said.

In an alternative scenario, the attacker could abuse the identity of the victim to inject arbitrary commands and gain stealthy access to the stored documents.

The cybersecurity firm noted that the flaws were reported to the respective vendors on December 1, 2022, and continue to remain unfixed despite coordinating the disclosures with CERT Coordination Center (CERT/CC).

Users of the affected DMS are advised to proceed with caution when importing documents from unknown or untrusted sources as well as limit the creation of anonymous, untrusted users and restrict certain features such as chats and tagging to known users.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Unpatched Security Flaws Disclosed in Multiple Document Management Systems

Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.



**Description**

Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

**STEPS\_TO\_REPRODUCE**

    1. Login to your application and create a Store called “Test” make all the other details as default
    2. Navigate to “ Store Settings—>General” Tab 
    3. Under the “Branding” Section there is a “ Choose File” To select a Logo for our Store.
    4. Select “Choose File” Option to Select an Image, Select any “.png” image you want.
    5. Intercept the Post-Request for “Choose File” Option using Burpsuite (MITM-Proxy tool)
    6. Send the above intercepted request to “ Repeater Tab” of Burpsuite.
    7. First delete the Content of uploaded “ png file “ then change the extension from “.png” to “.php” i.e( **filename= "profile-picture.php") and in the Content add the below payload**
    8. Payload: <script>alert(document.domain)</script>
    9. Send this Request after changing the above configuration and “Follow the redirection” in the Burpsuite.
    10. Then Navigate to the Browser and then Reload the Website , you will see that the image is uploaded, but it will not load automatically. So right click on the “store” profile section and choose option “ **open image in new tab**” thus it loads the image in the new tab with our **XSS-Payload POP_UP.**
    

    #NOTE: In order to get how the above steps are done please watch the VIDEO-POC in ascending order for Example
    
    - POC-1
    - POC-2
    - POC-3
    

**Proof of Concept**

    VIDEO-POC
    https://drive.google.com/drive/folders/1VkUcXf1ImfK_fR2y6qhWIlgfZYj8r296?usp=sharing
    

**Impact**

XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise. The most severe XSS attacks involve disclosure of the user's session cookie, allowing an attacker to hijack the user's session and take over the account.

CVE-2023-0747: File Upload Type Validation Error lead to Stored XSS in btcpayserver

Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    *   Explore
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   *   For
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    *   By Solution
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    *   Case Studies
    *   Customer Stories
    *   Resources
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    *   Repositories
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

CVE-2023-0747: Fix XSS on uploaded files to the file storage · btcpayserver/btcpayserver@d4e464a

Web attack vector closed after failed fix

Web attack vector closed after failed fix

Gartner has patched a DOM XSS vulnerability found in the Peer Insights widget, a security bug researchers reckon dates back to the original development of the software.

In a technical write-up of the flaw, penned by Justin Steven, the software security researcher said that “many websites” were made vulnerable to DOM-based cross-site scripting (XSS) when the widget was present.

Catch up on the latest security research-related news and analysis

The Gartner Peer Insights widget is a marketing tool described as “an aggregated, real-time view of a vendor’s review and ratings in a particular market on Gartner Peer Insights” that industry vendors are invited to host on their site to add market “credibility and drive conversions”.

When a website uses the Gartner widget, it sources widget.js from gartner.com and then creates an event listener for postMessage messages before creating a div for the widget to be displayed in.

A hidden iframe pointed at the Gartner.com domain requests a specific page from gartner.com which would send a postMessage message to the patent page. This message data would be used in constructing HTML content to be populated into the widget’s content div via a function called innerHTML.

**Substring shenanigans**

Verification occurs through a check for the string “gartner.com” appearing in the origin of the sending website. However, the check could be bypassed by launching an attack from a website such as https://gartner.com.attacker.com, as this still would meet the substring criteria.

Furthermore, the researcher described innerHTML as a DOM XSS “sink” as several XSS triggers would fire upon injection. For example, if a victim visited a malicious website, a crafted message could be pushed via window.postMessage().

“This crafted message could have injected active content, executing arbitrary JavaScript in the context of the website,” Steven said. ”This could have allowed the malicious website to violate the confidentiality and integrity of user data held in the context of the victim site, and allowed it to display arbitrary and harmful content such as a phishing form.”

The attack doesn’t involve sending traffic to the victim website or gartner.com. Instead, this is a client-side attack taking place within a browser window.

Proof-of-Concept (PoC) code, exploit test pages, and a YouTube video demonstrating the bug are now public. Websites previously impacted included Black Kite, Gradle, LogRhythm, SentinelOne, Synopsys, Veeam, and Vodafone, among others.

Steven analyzed code from 2022, but after examining an archived version of the widget said, “it appears to have been vulnerable to the DOM XSS issue from its inception”.

**Patch and patch again**

Gartner was notified about the problem on November 4, 2022. Four days later, the analyst firm acknowledged the report and asked if the researcher would like to submit the problem to its private bug bounty program on HackerOne.

BACKGROUND Learn about DOM-based XSS on the Web Security Academy

A tactical fix was released on December 19, followed by a “complete repair” in January. However, Steven provided evidence that these initial patches could be bypassed. So, new fixes were released on January 26 and February 2 to resolve the DOM XSS.

Steven said he wished to post his work as a public advisory. However, Gartner said a bug bounty would not be offered if the research was “publicly disclosed outside the HackerOne program”, and therefore, the researcher declined the offer of a bug bounty, leading to public disclosure on February 3.

**Magic quadrant**

Speaking to The Daily Swig, Steven said that organizations should consider conducting frequent security reviews of third-party, front-end JavaScript code, which includes widgets, analytics code, trackers, ads, customer support chat, and other functions. Alternatively, they should seek assurance about their vendor’s security process.

In any case, the integrity of existing code and risk factors should be considered when implementing new front-end features, according to Steven.

The Daily Swig has reached out to Gartner and we will update this story if and when we hear back.

YOU MAY ALSO LIKE XSS Hunter reborn with added features including CORS misconfig detection

DOM XSS vulnerability in Gartner Peer Insights widget patched

The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting

CVE-2022-2094

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.

**Cross-site scripting vulnerability found in answerdev/answer**

High severity GitHub Reviewed Published Feb 8, 2023 to the GitHub Advisory Database • Updated Feb 8, 2023

GHSA-65px-4cpf-697r: Cross-site scripting vulnerability found in answerdev/answer

**Answer contains Cross-site Scripting vulnerability**

Moderate severity GitHub Reviewed Published Feb 8, 2023 to the GitHub Advisory Database • Updated Feb 8, 2023

GHSA-rmw8-7823-wp7f: Answer contains Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4.

**Answer has Cross-site Scripting vulnerability**

Moderate severity GitHub Reviewed Published Feb 8, 2023 to the GitHub Advisory Database • Updated Feb 8, 2023

GHSA-p7wj-c85f-xq9h: Answer has Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.

**Answer subject to Cross-site Scripting vulnerability**

Moderate severity GitHub Reviewed Published Feb 8, 2023 to the GitHub Advisory Database • Updated Feb 8, 2023

Tag

#xss