Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.27433
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.27433
<patchinfo incident="27433"> <issue tracker="cve" id="2022-37967"/> <issue tracker="cve" id="2021-20251"/> <issue tracker="cve" id="2022-3437"/> <issue tracker="cve" id="2022-37966"/> <issue tracker="cve" id="2022-38023"/> <issue tracker="cve" id="2022-32746"/> <issue tracker="cve" id="2022-32745"/> <issue tracker="cve" id="2022-42898"/> <issue tracker="cve" id="2022-2031"/> <issue tracker="cve" id="2022-32742"/> <issue tracker="cve" id="2022-32744"/> <issue tracker="bnc" id="1201493">VUL-0: CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user</issue> <issue tracker="bnc" id="1206546">VUL-0: CVE-2021-20251: samba: Bad password count not incremented atomically</issue> <issue tracker="bnc" id="1201492">VUL-0: CVE-2022-32745: samba, ldb: AD users can crash the server process with an LDAP add or modify request</issue> <issue tracker="bnc" id="1200102">SLES 15 SP3 - smbd dumps core randomly - ref:_00D1igLOd._5005q5zV47:ref</issue> <issue tracker="bnc" id="1205126">VUL-0: CVE-2022-42898: krb5: samba: heimdal: Samba buffer overflow vulnerabilities on 32-bit systems</issue> <issue tracker="bnc" id="1205386">VUL-0: CVE-2022-37967: samba: Windows Kerberos Elevation of Privilege Vulnerability.</issue> <issue tracker="bnc" id="1205385">VUL-0: CVE-2022-37966: samba: Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.</issue> <issue tracker="bnc" id="1201490">VUL-0: CVE-2022-32746: samba,ldb: Use-after-free occurring in database audit logging module</issue> <issue tracker="bnc" id="1206504">VUL-0: CVE-2022-38023: samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided</issue> <issue tracker="bnc" id="1204254">VUL-0: CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3()</issue> <issue tracker="bnc" id="1201689">bind9.16 and samba-ad-dc-4.15.7 using bind as backed systemd issue</issue> <issue tracker="bnc" id="1201495">VUL-0: CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords</issue> <issue tracker="bnc" id="1201496">VUL-0: CVE-2022-32742: samba: Server memory information leak via SMB1</issue> <packager>scabrero</packager> <rating>important</rating> <category>security</category> <summary>Security update for samba</summary> <description>This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - Updated to version 4.15.13: - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). - CVE-2022-37967: Fixed a potential privilege escalation issue via constrained delegation due to weak a cryptographic algorithm being selected (bsc#1205386). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - Updated to version 4.15.12: - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). - Updated to version 4.15.11: - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - Updated to version 4.15.10: - Fixed a potential crash due to a concurrency issue (bsc#1200102). - Updated to version 4.15.9: - CVE-2022-32742: Fixed an information leak that could be triggered via SMB1 (bsc#1201496). - CVE-2022-32746: Fixed a memory corruption issue in database audit logging (bsc#1201490). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32745: Fixed a remote server crash that could be triggered with certain LDAP requests (bsc#1201492). - CVE-2022-32744: Fixed an issue where AD users could have forged password change requests on behalf of other users (bsc#1201493). Other fixes: - Fixed a problem when using bind as samba-ad-dc backend related to the named service (bsc#1201689). </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor