openSUSE-SU-2022:0287-1

Опубликовано: 01 фев. 2022

Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes the following issues:

CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859)

Список пакетов

openSUSE Leap 15.4

libndr0-4.11.14+git.319.91d693db37c-4.35.1

libndr0-32bit-4.11.14+git.319.91d693db37c-4.35.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RB554CLNYEUAEMABV3LV3T5P4BYDLS7H/
E-Mail link for openSUSE-SU-2022:0287-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194859
SUSE Bug 1194859
https://www.suse.com/security/cve/CVE-2021-44142/
SUSE CVE CVE-2021-44142 page

Описание

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Затронутые продукты

openSUSE Leap 15.4:libndr0-32bit-4.11.14+git.319.91d693db37c-4.35.1

openSUSE Leap 15.4:libndr0-4.11.14+git.319.91d693db37c-4.35.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-44142.html
CVE-2021-44142
https://bugzilla.suse.com/1194859
SUSE Bug 1194859
https://bugzilla.suse.com/1195611
SUSE Bug 1195611
https://bugzilla.suse.com/1196455
SUSE Bug 1196455

openSUSE-SU-2022:0287-1

Описание

Список пакетов

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2021-44142

Описание

Затронутые продукты

Ссылки