Описание
Security update for ldb, samba
This update for ldb, samba fixes the following issues:
- CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490).
- CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492).
- CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495).
- CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496).
- CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493).
The following security bugs were fixed:
samba was updated to 4.15.8:
- Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042);
- Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099);
- Add support for bind 9.18; (bso#14986);
- logging dsdb audit to specific files does not work; (bso#15076);
- vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069);
- netgroups support removed; (bso#15087); (bsc#1199247);
- net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734);
- waf produces incorrect names for python extensions with Python 3.11; (bso#15071);
- smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556);
- vfs_gpfs recalls=no option prevents listing files; (bso#15055);
- waf produces incorrect names for python extensions with Python 3.11; (bso#15071);
- Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
- ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108);
- smbd doesn't handle UPNs for looking up names; (bso#15054);
- Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979);
- Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556).
ldb was updated to version 2.4.3
- Fix build problems, waf produces incorrect names for python extensions; (bso#15071);
Список пакетов
Image SLES15-SP3-BYOS-Azure
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-BYOS-EC2-HVM
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-BYOS-GCE
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-CHOST-BYOS-Azure
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-CHOST-BYOS-EC2
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-CHOST-BYOS-GCE
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-HPC-BYOS-Azure
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-HPC-BYOS-GCE
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-SAP-BYOS-Azure
ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-SAP-BYOS-GCE
ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-SAPCAL-Azure
libldb2-2.4.3-150300.3.20.1
libldb2-32bit-2.4.3-150300.3.20.1
samba-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-SAPCAL-EC2-HVM
libldb2-2.4.3-150300.3.20.1
libldb2-32bit-2.4.3-150300.3.20.1
samba-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-SAPCAL-GCE
libldb2-2.4.3-150300.3.20.1
libldb2-32bit-2.4.3-150300.3.20.1
samba-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
SUSE Enterprise Storage 7.1
ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1
libldb2-2.4.3-150300.3.20.1
python3-ldb-2.4.3-150300.3.20.1
samba-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1
SUSE Linux Enterprise High Availability Extension 15 SP3
ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1
SUSE Linux Enterprise Micro 5.1
libldb2-2.4.3-150300.3.20.1
SUSE Linux Enterprise Micro 5.2
libldb2-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
ldb-tools-2.4.3-150300.3.20.1
libldb-devel-2.4.3-150300.3.20.1
libldb2-2.4.3-150300.3.20.1
libldb2-32bit-2.4.3-150300.3.20.1
libsamba-policy-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1
libsamba-policy-python3-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1
libsamba-policy0-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1
python3-ldb-2.4.3-150300.3.20.1
python3-ldb-devel-2.4.3-150300.3.20.1
samba-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ad-dc-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ad-dc-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-devel-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-dsdb-modules-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-gpupdate-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ldb-ldap-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-tool-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
SUSE Linux Enterprise Module for Python 2 15 SP3
samba-ad-dc-4.15.8+git.500.d5910280cc7-150300.3.37.1
openSUSE Leap 15.3
ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1
ctdb-pcp-pmda-4.15.8+git.500.d5910280cc7-150300.3.37.1
ldb-tools-2.4.3-150300.3.20.1
libldb-devel-2.4.3-150300.3.20.1
libldb2-2.4.3-150300.3.20.1
libldb2-32bit-2.4.3-150300.3.20.1
libsamba-policy-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1
libsamba-policy-python3-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1
libsamba-policy0-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1
libsamba-policy0-python3-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
libsamba-policy0-python3-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
python3-ldb-2.4.3-150300.3.20.1
python3-ldb-32bit-2.4.3-150300.3.20.1
python3-ldb-devel-2.4.3-150300.3.20.1
samba-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ad-dc-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ad-dc-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ad-dc-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-devel-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-doc-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-dsdb-modules-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-gpupdate-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ldb-ldap-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-test-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-tool-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
Ссылки
- Link for SUSE-SU-2022:2586-1
- E-Mail link for SUSE-SU-2022:2586-1
- SUSE Security Ratings
- SUSE Bug 1196224
- SUSE Bug 1198255
- SUSE Bug 1199247
- SUSE Bug 1199734
- SUSE Bug 1200556
- SUSE Bug 1200964
- SUSE Bug 1201490
- SUSE Bug 1201492
- SUSE Bug 1201493
- SUSE Bug 1201495
- SUSE Bug 1201496
- SUSE CVE CVE-2022-2031 page
- SUSE CVE CVE-2022-32742 page
- SUSE CVE CVE-2022-32744 page
- SUSE CVE CVE-2022-32745 page
- SUSE CVE CVE-2022-32746 page
Описание
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:libldb2-2.4.3-150300.3.20.1
Image SLES15-SP3-BYOS-Azure:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-BYOS-EC2-HVM:libldb2-2.4.3-150300.3.20.1
Image SLES15-SP3-BYOS-EC2-HVM:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Ссылки
- CVE-2022-2031
- SUSE Bug 1201495
- SUSE Bug 1202815
- SUSE Bug 1202999
- SUSE Bug 1205061
- SUSE Bug 1208433
- SUSE Bug 1209664
Описание
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:libldb2-2.4.3-150300.3.20.1
Image SLES15-SP3-BYOS-Azure:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-BYOS-EC2-HVM:libldb2-2.4.3-150300.3.20.1
Image SLES15-SP3-BYOS-EC2-HVM:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Ссылки
- CVE-2022-32742
- SUSE Bug 1201496
- SUSE Bug 1202815
Описание
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:libldb2-2.4.3-150300.3.20.1
Image SLES15-SP3-BYOS-Azure:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-BYOS-EC2-HVM:libldb2-2.4.3-150300.3.20.1
Image SLES15-SP3-BYOS-EC2-HVM:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Ссылки
- CVE-2022-32744
- SUSE Bug 1201493
- SUSE Bug 1202815
- SUSE Bug 1209664
Описание
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:libldb2-2.4.3-150300.3.20.1
Image SLES15-SP3-BYOS-Azure:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-BYOS-EC2-HVM:libldb2-2.4.3-150300.3.20.1
Image SLES15-SP3-BYOS-EC2-HVM:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Ссылки
- CVE-2022-32745
- SUSE Bug 1201492
Описание
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:libldb2-2.4.3-150300.3.20.1
Image SLES15-SP3-BYOS-Azure:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Image SLES15-SP3-BYOS-EC2-HVM:libldb2-2.4.3-150300.3.20.1
Image SLES15-SP3-BYOS-EC2-HVM:samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
Ссылки
- CVE-2022-32746
- SUSE Bug 1201490