Описание
Security update for samba
This update for samba fixes the following issues:
- CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490).
- CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492).
- CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495).
- CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496).
- CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493).
The following non-security bugs were fixed:
- netgroups support removed; (bso#15087); (bsc#1199247).
- net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734).
- smbclient commands del and deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556).
- move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255);
Список пакетов
Image SLES12-SP5-Azure-BYOS
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-Basic-On-Demand
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-HPC-BYOS
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-HPC-On-Demand
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-SAP-BYOS
ctdb-4.15.8+git.462.e73f4310487-3.68.1
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-SAP-On-Demand
ctdb-4.15.8+git.462.e73f4310487-3.68.1
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-Standard-On-Demand
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-EC2-BYOS
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-EC2-ECS-On-Demand
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-EC2-On-Demand
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-EC2-SAP-BYOS
ctdb-4.15.8+git.462.e73f4310487-3.68.1
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-EC2-SAP-On-Demand
ctdb-4.15.8+git.462.e73f4310487-3.68.1
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-GCE-BYOS
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-GCE-On-Demand
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-GCE-SAP-BYOS
ctdb-4.15.8+git.462.e73f4310487-3.68.1
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-GCE-SAP-On-Demand
ctdb-4.15.8+git.462.e73f4310487-3.68.1
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
ctdb-4.15.8+git.462.e73f4310487-3.68.1
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
ctdb-4.15.8+git.462.e73f4310487-3.68.1
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
SUSE Linux Enterprise High Availability Extension 12 SP5
ctdb-4.15.8+git.462.e73f4310487-3.68.1
SUSE Linux Enterprise Server 12 SP5
libsamba-policy-python3-devel-4.15.8+git.462.e73f4310487-3.68.1
libsamba-policy0-python3-4.15.8+git.462.e73f4310487-3.68.1
libsamba-policy0-python3-32bit-4.15.8+git.462.e73f4310487-3.68.1
samba-4.15.8+git.462.e73f4310487-3.68.1
samba-client-4.15.8+git.462.e73f4310487-3.68.1
samba-client-32bit-4.15.8+git.462.e73f4310487-3.68.1
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-client-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
samba-devel-4.15.8+git.462.e73f4310487-3.68.1
samba-doc-4.15.8+git.462.e73f4310487-3.68.1
samba-ldb-ldap-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-python3-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-python3-32bit-4.15.8+git.462.e73f4310487-3.68.1
samba-python3-4.15.8+git.462.e73f4310487-3.68.1
samba-tool-4.15.8+git.462.e73f4310487-3.68.1
samba-winbind-4.15.8+git.462.e73f4310487-3.68.1
samba-winbind-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-winbind-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libsamba-policy-python3-devel-4.15.8+git.462.e73f4310487-3.68.1
libsamba-policy0-python3-4.15.8+git.462.e73f4310487-3.68.1
libsamba-policy0-python3-32bit-4.15.8+git.462.e73f4310487-3.68.1
samba-4.15.8+git.462.e73f4310487-3.68.1
samba-client-4.15.8+git.462.e73f4310487-3.68.1
samba-client-32bit-4.15.8+git.462.e73f4310487-3.68.1
samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-client-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
samba-devel-4.15.8+git.462.e73f4310487-3.68.1
samba-doc-4.15.8+git.462.e73f4310487-3.68.1
samba-ldb-ldap-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-python3-4.15.8+git.462.e73f4310487-3.68.1
samba-libs-python3-32bit-4.15.8+git.462.e73f4310487-3.68.1
samba-python3-4.15.8+git.462.e73f4310487-3.68.1
samba-tool-4.15.8+git.462.e73f4310487-3.68.1
samba-winbind-4.15.8+git.462.e73f4310487-3.68.1
samba-winbind-libs-4.15.8+git.462.e73f4310487-3.68.1
samba-winbind-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libsamba-policy-devel-4.15.8+git.462.e73f4310487-3.68.1
libsamba-policy-python3-devel-4.15.8+git.462.e73f4310487-3.68.1
samba-devel-4.15.8+git.462.e73f4310487-3.68.1
samba-devel-32bit-4.15.8+git.462.e73f4310487-3.68.1
Ссылки
- Link for SUSE-SU-2022:2582-1
- E-Mail link for SUSE-SU-2022:2582-1
- SUSE Security Ratings
- SUSE Bug 1198255
- SUSE Bug 1199247
- SUSE Bug 1199734
- SUSE Bug 1200556
- SUSE Bug 1200964
- SUSE Bug 1201490
- SUSE Bug 1201492
- SUSE Bug 1201493
- SUSE Bug 1201495
- SUSE Bug 1201496
- SUSE CVE CVE-2022-2031 page
- SUSE CVE CVE-2022-32742 page
- SUSE CVE CVE-2022-32744 page
- SUSE CVE CVE-2022-32745 page
- SUSE CVE CVE-2022-32746 page
Описание
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-BYOS:samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-Basic-On-Demand:samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-Basic-On-Demand:samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Ссылки
- CVE-2022-2031
- SUSE Bug 1201495
- SUSE Bug 1202815
- SUSE Bug 1202999
- SUSE Bug 1205061
- SUSE Bug 1208433
- SUSE Bug 1209664
Описание
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-BYOS:samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-Basic-On-Demand:samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-Basic-On-Demand:samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Ссылки
- CVE-2022-32742
- SUSE Bug 1201496
- SUSE Bug 1202815
Описание
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-BYOS:samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-Basic-On-Demand:samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-Basic-On-Demand:samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Ссылки
- CVE-2022-32744
- SUSE Bug 1201493
- SUSE Bug 1202815
- SUSE Bug 1209664
Описание
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-BYOS:samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-Basic-On-Demand:samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-Basic-On-Demand:samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Ссылки
- CVE-2022-32745
- SUSE Bug 1201492
Описание
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-BYOS:samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-Basic-On-Demand:samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
Image SLES12-SP5-Azure-Basic-On-Demand:samba-libs-4.15.8+git.462.e73f4310487-3.68.1
Ссылки
- CVE-2022-32746
- SUSE Bug 1201490