This update for samba fixes the following issues: samba was updated to version 4.17.9: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send . * CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability . * CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability . * CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure . * CVE-2023-3347: Fixed issue where SMB2 packet signing not enforced . * CVE-2020-25720: Fixed issue where creating child permission allowed full write to all attributes . Bugfixes: * Fixed trust relationship failure . * Backported --pidl-developer fixes. * Fixed smbd_scavenger crash when service smbd is stopped. * Fixed issue where vfs_fruit might cause a failing open for delete. * Fixed named crashes on DLZ zone update. * Fixed issue where winbind recurses into itself via rpcd_lsad. * Fixed cli_list looping 100% CPU against pre-lanman2 servers. * Fixed smbclient leaks fds with showacls. * Fixed aes256 smb3 encryption algorithms not allowed in smb3_sid_parse. * Fixed winbindd getting stuck on NT_STATUS_RPC_SEC_PKG_ERROR. * Fixed smbget memory leak if failed to download files recursively. * Fixed log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower. * Fixed floating point exception via cli_pull_send at source3/libsmb/clireadwrite.c. * Fixed test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners. * Reduce flapping of ridalloc test. * Fixed unreliable large_ldap test. * Fixed filename parser not checking veto files smb.conf parameter. * Fixed mdssvc may crash when initializing. * Fixed broken large directory optimization for non-lcomp path elements * Fixed streams_depot failing to create streams. * Fixed shadow_copy2 and streams_depot issues. * Fixed wbinfo -u fails on ad dc with greater than1000 users. * Fixed winbindd idmap child contacting the domain controller without a need. * Fixed idmap_autorid may fail to map sids of trusted domains for the first time. * Fixed idmap_hash doesn"t use ID_TYPE_BOTH for reverse mappings. * Fixed net ads search -P doesn"t work against servers in other domains. * Fixed DS ACEs might be inherited to unrelated object classes. * Fixed temporary smbXsrv_tcon_global.tdb can"t be parsed. * Fixed setting veto files = /.*/ breaking listing directories . * Fixed dsgetdcname assuming local system uses IPv4.