Ukukhishwa okulungile kwe-Samba 4.17.3, 4.16.7 kanye no-4.15.12 kushicilelwe ngokususa ubungozi (CVE-2022-42898) kulabhulali ye-Kerberos okuholela ekuchichimeni okuphelele kanye nokubhala idatha ngaphandle kwemingcele lapho kucutshungulwa i-PAC. (Isitifiketi Semfanelo Esikhethekile) sithunyelwe umsebenzisi oqinisekisiwe. Ukushicilelwa kwezibuyekezo zephakheji ekusabalaliseni kungalandelelwa emakhasini: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD.
Ngokungeziwe ku-Samba, inkinga ivela futhi kumaphakheji ane-MIT Kerberos kanye ne-Heimdal Kerberos. Umbiko wokuba sengozini ovela kuphrojekthi ye-Samba awubambisi imininingwane yosongo, kodwa umbiko we-MIT Kerberos uthi ubungozi bungase buholele ekusetshenzisweni kwekhodi yesilawuli kude. Ukuxhashazwa kokuba sengozini kungenzeka kuphela kumasistimu we-32-bit.
Inkinga ithinta ukulungiselelwa nge-KDC (Isikhungo Sokusabalalisa Ukhiye) noma i-kadmind. Ezilungiselelweni ezingenalo Lwemibhalo Esebenzayo, ubungozi buphinde buvele kuziphakeli zefayela le-Samba kusetshenziswa i-Kerberos. Inkinga ibangelwa iphutha kumsebenzi we-krb5_parse_pac(), ngenxa yokuthi usayizi webhafa osetshenziswe lapho kuncozululwa izinkambu ze-PAC ubalwa ngokungalungile. Kumasistimu angu-32-bit, lapho kucutshungulwa ama-PAC aklanywe ngokukhethekile, iphutha lingaholela ekubekweni kwebhulokhi engu-16-byte ethunyelwe umhlaseli ngaphandle kwebhafa enikeziwe.
Source: opennet.ru