Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:0323-1

Опубликовано: 14 фев. 2022
Источник: suse-cvrf

Описание

Security update for samba

This update contains a major security update for Samba.

samba has received security fixes:

  • CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share (bsc#1193690);
  • CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (bsc#1194859);
  • CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services (bsc#1195048);

samba was updated to version 4.15.4; (jsc#SLE-23330);

  • CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bso#13979); (bsc#1139519);
  • CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bso#14842); (bsc#1191227);

  • Build samba with embedded talloc, pytalloc, pytalloc-util, tdb, pytdb, tevent, pytevent, ldb, pyldb and pyldb-util libraries. The tdb and ldb tools are installed in /usr/lib[64]/samba/bin and their manpages in /usr/lib[64]/samba/man

    This avoids removing old functionality.

samba was updated to 4.15.4:

  • Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928);
  • Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
  • kill_tcp_connections does not work; (bso#14934);
  • Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935);
  • smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939);
  • Cross device copy of the crossrename module always fails; (bso#14940);
  • symlinkat function from VFS cap module always fails with an error; (bso#14941);
  • Fix possible fsp pointer deference; (bso#14942);
  • Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944);
  • 'smbd --build-options' no longer works without an smb.conf file; (bso#14945);
  • Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel.
  • Rename package samba-core-devel to samba-devel
  • Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba

sssd was updated:

  • Build with the newer samba versions; (jsc#SLE-23330);
  • Fix a dependency loop by moving internal libraries to sssd-common package; (bsc#1182058);

p11-kit was updated:

Update to 0.23.2; (jsc#SLE-23330);

  • Fix forking issues with libffi
  • Fix various crashes in corner cases
  • Updated translations
  • Build fixes
  • Fix multiple integer overflows in rpc code (bsc#1180064 CVE-2020-29361):
  • Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993)

ca-certificates was updated:

  • p11-kit 0.23.1 supports pem-directory-hash. (jsc#SLE-23330)

This update also ships:

  • libnettle 3.1 and gnutls 3.4.17 as parallel libraries to meet the requires of the newer samba.

apparmor was updated:

  • Update samba apparmor profiles for samba 4.15 (jsc#SLE-23330);

yast2-samba-client was updated:

  • With latest versions of samba (>=4.15.0) calling 'net ads lookup' with '-U%' fails; (boo#1193533).
  • yast-samba-client fails to join if /etc/samba/smb.conf or /etc/krb5.conf don't exist; (bsc#1089938)
  • Do not stop nmbd while nmbstatus is running, it is not necessary anymore; (bsc#1158916);

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest
ca-certificates-1_201403302107-15.3.3
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
Container suse/sles12sp5:latest
ca-certificates-1_201403302107-15.3.3
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
Image SLES12-SP5-Azure-BYOS
ca-certificates-1_201403302107-15.3.3
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-Azure-Basic-On-Demand
apparmor-parser-2.8.2-56.6.3
ca-certificates-1_201403302107-15.3.3
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-Azure-HPC-BYOS
ca-certificates-1_201403302107-15.3.3
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-Azure-HPC-On-Demand
ca-certificates-1_201403302107-15.3.3
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-Azure-SAP-BYOS
ca-certificates-1_201403302107-15.3.3
ctdb-4.15.4+git.324.8332acf1a63-3.54.1
gnutls-3.4.17-8.4.1
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-Azure-SAP-On-Demand
ca-certificates-1_201403302107-15.3.3
ctdb-4.15.4+git.324.8332acf1a63-3.54.1
gnutls-3.4.17-8.4.1
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-Azure-Standard-On-Demand
apparmor-parser-2.8.2-56.6.3
ca-certificates-1_201403302107-15.3.3
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-EC2-BYOS
ca-certificates-1_201403302107-15.3.3
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-EC2-ECS-On-Demand
apparmor-parser-2.8.2-56.6.3
ca-certificates-1_201403302107-15.3.3
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
Image SLES12-SP5-EC2-On-Demand
apparmor-parser-2.8.2-56.6.3
ca-certificates-1_201403302107-15.3.3
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-EC2-SAP-BYOS
ca-certificates-1_201403302107-15.3.3
ctdb-4.15.4+git.324.8332acf1a63-3.54.1
gnutls-3.4.17-8.4.1
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-EC2-SAP-On-Demand
ca-certificates-1_201403302107-15.3.3
ctdb-4.15.4+git.324.8332acf1a63-3.54.1
gnutls-3.4.17-8.4.1
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-GCE-BYOS
ca-certificates-1_201403302107-15.3.3
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-GCE-On-Demand
apparmor-parser-2.8.2-56.6.3
ca-certificates-1_201403302107-15.3.3
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-GCE-SAP-BYOS
ca-certificates-1_201403302107-15.3.3
ctdb-4.15.4+git.324.8332acf1a63-3.54.1
gnutls-3.4.17-8.4.1
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-GCE-SAP-On-Demand
ca-certificates-1_201403302107-15.3.3
ctdb-4.15.4+git.324.8332acf1a63-3.54.1
gnutls-3.4.17-8.4.1
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
ca-certificates-1_201403302107-15.3.3
ctdb-4.15.4+git.324.8332acf1a63-3.54.1
gnutls-3.4.17-8.4.1
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
ca-certificates-1_201403302107-15.3.3
ctdb-4.15.4+git.324.8332acf1a63-3.54.1
gnutls-3.4.17-8.4.1
libapparmor1-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libnettle6-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
p11-kit-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
SUSE Linux Enterprise High Availability Extension 12 SP5
ctdb-4.15.4+git.324.8332acf1a63-3.54.1
SUSE Linux Enterprise Server 12 SP5
apache2-mod_apparmor-2.8.2-56.6.3
apparmor-docs-2.8.2-56.6.3
apparmor-parser-2.8.2-56.6.3
apparmor-profiles-2.8.2-56.6.3
apparmor-utils-2.8.2-56.6.3
ca-certificates-1_201403302107-15.3.3
libapparmor1-2.8.2-56.6.3
libapparmor1-32bit-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libgnutls30-32bit-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libhogweed4-32bit-3.1-21.3.2
libipa_hbac0-1.16.1-7.28.9
libnettle6-3.1-21.3.2
libnettle6-32bit-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
libp11-kit0-32bit-0.23.2-8.3.2
libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1
libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-3.54.1
libsamba-policy0-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1
libsss_certmap0-1.16.1-7.28.9
libsss_idmap0-1.16.1-7.28.9
libsss_nss_idmap-devel-1.16.1-7.28.9
libsss_nss_idmap0-1.16.1-7.28.9
libsss_simpleifp0-1.16.1-7.28.9
p11-kit-0.23.2-8.3.2
p11-kit-32bit-0.23.2-8.3.2
p11-kit-nss-trust-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
pam_apparmor-2.8.2-56.6.3
pam_apparmor-32bit-2.8.2-56.6.3
perl-apparmor-2.8.2-56.6.3
python-sssd-config-1.16.1-7.28.9
samba-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-devel-4.15.4+git.324.8332acf1a63-3.54.1
samba-doc-4.15.4+git.324.8332acf1a63-3.54.1
samba-ldb-ldap-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-python3-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-python3-4.15.4+git.324.8332acf1a63-3.54.1
samba-tool-4.15.4+git.324.8332acf1a63-3.54.1
samba-winbind-4.15.4+git.324.8332acf1a63-3.54.1
samba-winbind-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1
sssd-1.16.1-7.28.9
sssd-ad-1.16.1-7.28.9
sssd-common-1.16.1-7.28.9
sssd-dbus-1.16.1-7.28.9
sssd-ipa-1.16.1-7.28.9
sssd-krb5-1.16.1-7.28.9
sssd-krb5-common-1.16.1-7.28.9
sssd-ldap-1.16.1-7.28.9
sssd-proxy-1.16.1-7.28.9
sssd-tools-1.16.1-7.28.9
yast2-samba-client-3.1.23-3.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
apache2-mod_apparmor-2.8.2-56.6.3
apparmor-docs-2.8.2-56.6.3
apparmor-parser-2.8.2-56.6.3
apparmor-profiles-2.8.2-56.6.3
apparmor-utils-2.8.2-56.6.3
ca-certificates-1_201403302107-15.3.3
libapparmor1-2.8.2-56.6.3
libapparmor1-32bit-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libgnutls30-32bit-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libhogweed4-32bit-3.1-21.3.2
libipa_hbac0-1.16.1-7.28.9
libnettle6-3.1-21.3.2
libnettle6-32bit-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
libp11-kit0-32bit-0.23.2-8.3.2
libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1
libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-3.54.1
libsamba-policy0-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1
libsss_certmap0-1.16.1-7.28.9
libsss_idmap0-1.16.1-7.28.9
libsss_nss_idmap-devel-1.16.1-7.28.9
libsss_nss_idmap0-1.16.1-7.28.9
libsss_simpleifp0-1.16.1-7.28.9
p11-kit-0.23.2-8.3.2
p11-kit-32bit-0.23.2-8.3.2
p11-kit-nss-trust-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
pam_apparmor-2.8.2-56.6.3
pam_apparmor-32bit-2.8.2-56.6.3
perl-apparmor-2.8.2-56.6.3
python-sssd-config-1.16.1-7.28.9
samba-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-devel-4.15.4+git.324.8332acf1a63-3.54.1
samba-doc-4.15.4+git.324.8332acf1a63-3.54.1
samba-ldb-ldap-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-python3-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-python3-4.15.4+git.324.8332acf1a63-3.54.1
samba-tool-4.15.4+git.324.8332acf1a63-3.54.1
samba-winbind-4.15.4+git.324.8332acf1a63-3.54.1
samba-winbind-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1
sssd-1.16.1-7.28.9
sssd-ad-1.16.1-7.28.9
sssd-common-1.16.1-7.28.9
sssd-dbus-1.16.1-7.28.9
sssd-ipa-1.16.1-7.28.9
sssd-krb5-1.16.1-7.28.9
sssd-krb5-common-1.16.1-7.28.9
sssd-ldap-1.16.1-7.28.9
sssd-proxy-1.16.1-7.28.9
sssd-tools-1.16.1-7.28.9
yast2-samba-client-3.1.23-3.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libapparmor-devel-2.8.2-56.6.3
libipa_hbac-devel-1.16.1-7.28.9
libsamba-policy-devel-4.15.4+git.324.8332acf1a63-3.54.1
libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1
libsss_idmap-devel-1.16.1-7.28.9
libsss_nss_idmap-devel-1.16.1-7.28.9
p11-kit-devel-0.23.2-8.3.2
samba-devel-4.15.4+git.324.8332acf1a63-3.54.1
samba-devel-32bit-4.15.4+git.324.8332acf1a63-3.54.1

Ссылки

Описание

Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.

Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:ca-certificates-1_201403302107-15.3.3
Container suse/ltss/sle12.5/sles12sp5:latest:libp11-kit0-0.23.2-8.3.2
Container suse/ltss/sle12.5/sles12sp5:latest:p11-kit-0.23.2-8.3.2
Container suse/ltss/sle12.5/sles12sp5:latest:p11-kit-tools-0.23.2-8.3.2
Ссылки

Описание

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.

Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:ca-certificates-1_201403302107-15.3.3
Container suse/ltss/sle12.5/sles12sp5:latest:libp11-kit0-0.23.2-8.3.2
Container suse/ltss/sle12.5/sles12sp5:latest:p11-kit-0.23.2-8.3.2
Container suse/ltss/sle12.5/sles12sp5:latest:p11-kit-tools-0.23.2-8.3.2
Ссылки

Описание

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.

Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:ca-certificates-1_201403302107-15.3.3
Container suse/ltss/sle12.5/sles12sp5:latest:libp11-kit0-0.23.2-8.3.2
Container suse/ltss/sle12.5/sles12sp5:latest:p11-kit-0.23.2-8.3.2
Container suse/ltss/sle12.5/sles12sp5:latest:p11-kit-tools-0.23.2-8.3.2
Ссылки

Описание

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed.

Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:ca-certificates-1_201403302107-15.3.3
Container suse/ltss/sle12.5/sles12sp5:latest:libp11-kit0-0.23.2-8.3.2
Container suse/ltss/sle12.5/sles12sp5:latest:p11-kit-0.23.2-8.3.2
Container suse/ltss/sle12.5/sles12sp5:latest:p11-kit-tools-0.23.2-8.3.2
Ссылки

Описание

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:ca-certificates-1_201403302107-15.3.3
Container suse/ltss/sle12.5/sles12sp5:latest:libp11-kit0-0.23.2-8.3.2
Container suse/ltss/sle12.5/sles12sp5:latest:p11-kit-0.23.2-8.3.2
Container suse/ltss/sle12.5/sles12sp5:latest:p11-kit-tools-0.23.2-8.3.2
Ссылки

Описание

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:ca-certificates-1_201403302107-15.3.3
Container suse/ltss/sle12.5/sles12sp5:latest:libp11-kit0-0.23.2-8.3.2
Container suse/ltss/sle12.5/sles12sp5:latest:p11-kit-0.23.2-8.3.2
Container suse/ltss/sle12.5/sles12sp5:latest:p11-kit-tools-0.23.2-8.3.2
Ссылки

Описание

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.

Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:ca-certificates-1_201403302107-15.3.3
Container suse/ltss/sle12.5/sles12sp5:latest:libp11-kit0-0.23.2-8.3.2
Container suse/ltss/sle12.5/sles12sp5:latest:p11-kit-0.23.2-8.3.2
Container suse/ltss/sle12.5/sles12sp5:latest:p11-kit-tools-0.23.2-8.3.2
Ссылки
Уязвимость SUSE-SU-2022:0323-1