SUSE-SU-2022:0252-1

Опубликовано: 31 янв. 2022

Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes the following issues:

CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859)

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

libdcerpc-binding0-4.4.2-38.48.1

libdcerpc-binding0-32bit-4.4.2-38.48.1

libdcerpc0-4.4.2-38.48.1

libdcerpc0-32bit-4.4.2-38.48.1

libndr-krb5pac0-4.4.2-38.48.1

libndr-krb5pac0-32bit-4.4.2-38.48.1

libndr-nbt0-4.4.2-38.48.1

libndr-nbt0-32bit-4.4.2-38.48.1

libndr-standard0-4.4.2-38.48.1

libndr-standard0-32bit-4.4.2-38.48.1

libndr0-4.4.2-38.48.1

libndr0-32bit-4.4.2-38.48.1

libnetapi0-4.4.2-38.48.1

libnetapi0-32bit-4.4.2-38.48.1

libsamba-credentials0-4.4.2-38.48.1

libsamba-credentials0-32bit-4.4.2-38.48.1

libsamba-errors0-4.4.2-38.48.1

libsamba-errors0-32bit-4.4.2-38.48.1

libsamba-hostconfig0-4.4.2-38.48.1

libsamba-hostconfig0-32bit-4.4.2-38.48.1

libsamba-passdb0-4.4.2-38.48.1

libsamba-passdb0-32bit-4.4.2-38.48.1

libsamba-util0-4.4.2-38.48.1

libsamba-util0-32bit-4.4.2-38.48.1

libsamdb0-4.4.2-38.48.1

libsamdb0-32bit-4.4.2-38.48.1

libsmbclient0-4.4.2-38.48.1

libsmbclient0-32bit-4.4.2-38.48.1

libsmbconf0-4.4.2-38.48.1

libsmbconf0-32bit-4.4.2-38.48.1

libsmbldap0-4.4.2-38.48.1

libsmbldap0-32bit-4.4.2-38.48.1

libtevent-util0-4.4.2-38.48.1

libtevent-util0-32bit-4.4.2-38.48.1

libwbclient0-4.4.2-38.48.1

libwbclient0-32bit-4.4.2-38.48.1

samba-4.4.2-38.48.1

samba-client-4.4.2-38.48.1

samba-client-32bit-4.4.2-38.48.1

samba-doc-4.4.2-38.48.1

samba-libs-4.4.2-38.48.1

samba-libs-32bit-4.4.2-38.48.1

samba-winbind-4.4.2-38.48.1

samba-winbind-32bit-4.4.2-38.48.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20220252-1/
Link for SUSE-SU-2022:0252-1
https://lists.suse.com/pipermail/sle-security-updates/2022-January/010150.html
E-Mail link for SUSE-SU-2022:0252-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194859
SUSE Bug 1194859
https://www.suse.com/security/cve/CVE-2021-44142/
SUSE CVE CVE-2021-44142 page

Описание

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:libdcerpc-binding0-32bit-4.4.2-38.48.1

SUSE Linux Enterprise Server 12 SP2-BCL:libdcerpc-binding0-4.4.2-38.48.1

SUSE Linux Enterprise Server 12 SP2-BCL:libdcerpc0-32bit-4.4.2-38.48.1

SUSE Linux Enterprise Server 12 SP2-BCL:libdcerpc0-4.4.2-38.48.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-44142.html
CVE-2021-44142
https://bugzilla.suse.com/1194859
SUSE Bug 1194859
https://bugzilla.suse.com/1195611
SUSE Bug 1195611
https://bugzilla.suse.com/1196455
SUSE Bug 1196455
https://bugzilla.suse.com/1199646
SUSE Bug 1199646

SUSE-SU-2022:0252-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

Ссылки

Уязвимость: CVE-2021-44142

Описание

Затронутые продукты

Ссылки