File _patchinfo of Package patchinfo.27433

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.27433

<patchinfo incident="27433">
  <issue tracker="cve" id="2022-37967"/>
  <issue tracker="cve" id="2021-20251"/>
  <issue tracker="cve" id="2022-3437"/>
  <issue tracker="cve" id="2022-37966"/>
  <issue tracker="cve" id="2022-38023"/>
  <issue tracker="cve" id="2022-32746"/>
  <issue tracker="cve" id="2022-32745"/>
  <issue tracker="cve" id="2022-42898"/>
  <issue tracker="cve" id="2022-2031"/>
  <issue tracker="cve" id="2022-32742"/>
  <issue tracker="cve" id="2022-32744"/>
  <issue tracker="bnc" id="1201493">VUL-0: CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user</issue>
  <issue tracker="bnc" id="1206546">VUL-0: CVE-2021-20251: samba: Bad password count not incremented atomically</issue>
  <issue tracker="bnc" id="1201492">VUL-0: CVE-2022-32745: samba, ldb: AD users can crash the server process with an LDAP add or modify request</issue>
  <issue tracker="bnc" id="1200102">SLES 15 SP3 - smbd dumps core randomly  - ref:_00D1igLOd._5005q5zV47:ref</issue>
  <issue tracker="bnc" id="1205126">VUL-0: CVE-2022-42898: krb5: samba: heimdal: Samba buffer overflow vulnerabilities on 32-bit systems</issue>
  <issue tracker="bnc" id="1205386">VUL-0: CVE-2022-37967: samba: Windows Kerberos Elevation of Privilege Vulnerability.</issue>
  <issue tracker="bnc" id="1205385">VUL-0: CVE-2022-37966: samba: Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.</issue>
  <issue tracker="bnc" id="1201490">VUL-0: CVE-2022-32746: samba,ldb: Use-after-free occurring in database audit logging module</issue>
  <issue tracker="bnc" id="1206504">VUL-0: CVE-2022-38023: samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided</issue>
  <issue tracker="bnc" id="1204254">VUL-0: CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3()</issue>
  <issue tracker="bnc" id="1201689">bind9.16 and samba-ad-dc-4.15.7 using bind as backed systemd issue</issue>
  <issue tracker="bnc" id="1201495">VUL-0: CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords</issue>
  <issue tracker="bnc" id="1201496">VUL-0: CVE-2022-32742: samba: Server memory information leak via SMB1</issue>
  <packager>scabrero</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for samba</summary>
  <description>This update for samba fixes the following issues:

- CVE-2021-20251: Fixed an issue where the bad password count would
  not be properly incremented, which could allow attackers to brute
  force a user's password (bsc#1206546).

- Updated to version 4.15.13:
  - CVE-2022-37966: Fixed an issue where a weak cipher would be
    selected to encrypt session keys, which could lead to privilege
    escalation (bsc#1205385).
  - CVE-2022-37967: Fixed a potential privilege escalation issue via
    constrained delegation due to weak a cryptographic algorithm
    being selected (bsc#1205386).
  - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon
    Secure channel (bsc#1206504).

- Updated to version 4.15.12:
  - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on
  32-bit systems (bsc#1205126).

- Updated to version 4.15.11:
  - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3()
  (bsc#1204254).

- Updated to version 4.15.10:
  - Fixed a potential crash due to a concurrency issue (bsc#1200102).

- Updated to version 4.15.9:
  - CVE-2022-32742: Fixed an information leak that could be triggered
    via SMB1 (bsc#1201496).
  - CVE-2022-32746: Fixed a memory corruption issue in database
    audit logging (bsc#1201490).
  - CVE-2022-2031: Fixed AD restrictions bypass associated with
    changing passwords (bsc#1201495).
  - CVE-2022-32745: Fixed a remote server crash that could be
    triggered with certain LDAP requests (bsc#1201492).
  - CVE-2022-32744: Fixed an issue where AD users could have forged
    password change requests on behalf of other users (bsc#1201493).

Other fixes:

- Fixed a problem when using bind as samba-ad-dc backend related to
  the named service (bsc#1201689).
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.27433

Places