SUSE-SU-2023:4040-1

Опубликовано: 10 окт. 2023

Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes the following issues:

CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904)

Список пакетов

Image SLES12-SP5-Azure-BYOS

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-Azure-Basic-On-Demand

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-Azure-HPC-BYOS

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-Azure-HPC-On-Demand

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-Azure-SAP-BYOS

ctdb-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-Azure-SAP-On-Demand

ctdb-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-Azure-Standard-On-Demand

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-EC2-BYOS

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-EC2-ECS-On-Demand

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-EC2-On-Demand

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-EC2-SAP-BYOS

ctdb-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-EC2-SAP-On-Demand

ctdb-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-GCE-BYOS

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-GCE-On-Demand

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-GCE-SAP-BYOS

ctdb-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-GCE-SAP-On-Demand

ctdb-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

ctdb-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

ctdb-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

SUSE Linux Enterprise High Availability Extension 12 SP5

ctdb-4.15.13+git.625.ac658f2f12-3.88.1

SUSE Linux Enterprise Server 12 SP5

libsamba-policy-python3-devel-4.15.13+git.625.ac658f2f12-3.88.1

libsamba-policy0-python3-4.15.13+git.625.ac658f2f12-3.88.1

libsamba-policy0-python3-32bit-4.15.13+git.625.ac658f2f12-3.88.1

samba-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-32bit-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1

samba-devel-4.15.13+git.625.ac658f2f12-3.88.1

samba-doc-4.15.13+git.625.ac658f2f12-3.88.1

samba-ldb-ldap-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-python3-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-python3-32bit-4.15.13+git.625.ac658f2f12-3.88.1

samba-python3-4.15.13+git.625.ac658f2f12-3.88.1

samba-tool-4.15.13+git.625.ac658f2f12-3.88.1

samba-winbind-4.15.13+git.625.ac658f2f12-3.88.1

samba-winbind-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-winbind-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libsamba-policy-python3-devel-4.15.13+git.625.ac658f2f12-3.88.1

libsamba-policy0-python3-4.15.13+git.625.ac658f2f12-3.88.1

libsamba-policy0-python3-32bit-4.15.13+git.625.ac658f2f12-3.88.1

samba-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-32bit-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-client-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1

samba-devel-4.15.13+git.625.ac658f2f12-3.88.1

samba-doc-4.15.13+git.625.ac658f2f12-3.88.1

samba-ldb-ldap-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-python3-4.15.13+git.625.ac658f2f12-3.88.1

samba-libs-python3-32bit-4.15.13+git.625.ac658f2f12-3.88.1

samba-python3-4.15.13+git.625.ac658f2f12-3.88.1

samba-tool-4.15.13+git.625.ac658f2f12-3.88.1

samba-winbind-4.15.13+git.625.ac658f2f12-3.88.1

samba-winbind-libs-4.15.13+git.625.ac658f2f12-3.88.1

samba-winbind-libs-32bit-4.15.13+git.625.ac658f2f12-3.88.1

SUSE Linux Enterprise Software Development Kit 12 SP5

libsamba-policy-devel-4.15.13+git.625.ac658f2f12-3.88.1

libsamba-policy-python3-devel-4.15.13+git.625.ac658f2f12-3.88.1

samba-devel-4.15.13+git.625.ac658f2f12-3.88.1

samba-devel-32bit-4.15.13+git.625.ac658f2f12-3.88.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20234040-1/
Link for SUSE-SU-2023:4040-1
https://lists.suse.com/pipermail/sle-security-updates/2023-October/016619.html
E-Mail link for SUSE-SU-2023:4040-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1215904
SUSE Bug 1215904
https://www.suse.com/security/cve/CVE-2023-4091/
SUSE CVE CVE-2023-4091 page

Описание

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.

Затронутые продукты

Image SLES12-SP5-Azure-BYOS:samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-Azure-BYOS:samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-Azure-Basic-On-Demand:samba-client-libs-4.15.13+git.625.ac658f2f12-3.88.1

Image SLES12-SP5-Azure-Basic-On-Demand:samba-libs-4.15.13+git.625.ac658f2f12-3.88.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-4091.html
CVE-2023-4091
https://bugzilla.suse.com/1215904
SUSE Bug 1215904

SUSE-SU-2023:4040-1

Описание

Список пакетов

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise High Availability Extension 12 SP5

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2023-4091

Описание

Затронутые продукты

Ссылки