SUSE-SU-2023:0122-1: important: Security update for samba

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Jan 23 14:15:36 UTC 2023


   SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID:    SUSE-SU-2023:0122-1
Rating:             important
References:         #1173994 #1201496 #1205385 #1206504 #1206546 
                    
Cross-References:   CVE-2020-14323 CVE-2021-20251 CVE-2022-32742
                    CVE-2022-37966 CVE-2022-38023
CVSS scores:
                    CVE-2020-14323 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-14323 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-20251 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-32742 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2022-32742 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2022-37966 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-37966 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-38023 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-38023 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Server 12-SP2-BCL
______________________________________________________________________________

   An update that fixes 5 vulnerabilities is now available.

Description:

   This update for samba fixes the following issues:

   - CVE-2021-20251: Fixed an issue where the bad password count would not be
     properly incremented, which could allow attackers to brute force a
     user's password (bsc#1206546).
   - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure
     channel (bsc#1206504).
   - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to
     encrypt session keys, which could lead to privilege escalation
     (bsc#1205385).
   - CVE-2020-14323: Fixed a denial of service in winbindd (bsc#1173994).
   - CVE-2022-32742: Fixed incorrect length check in SMB1write,
     SMB1write_and_close, SMB1write_and_unlock (bsc#1201496).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12-SP2-BCL:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-122=1



Package List:

   - SUSE Linux Enterprise Server 12-SP2-BCL (noarch):

      samba-doc-4.4.2-38.55.1

   - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):

      libdcerpc-binding0-32bit-4.4.2-38.55.1
      libdcerpc-binding0-4.4.2-38.55.1
      libdcerpc-binding0-debuginfo-32bit-4.4.2-38.55.1
      libdcerpc-binding0-debuginfo-4.4.2-38.55.1
      libdcerpc0-32bit-4.4.2-38.55.1
      libdcerpc0-4.4.2-38.55.1
      libdcerpc0-debuginfo-32bit-4.4.2-38.55.1
      libdcerpc0-debuginfo-4.4.2-38.55.1
      libndr-krb5pac0-32bit-4.4.2-38.55.1
      libndr-krb5pac0-4.4.2-38.55.1
      libndr-krb5pac0-debuginfo-32bit-4.4.2-38.55.1
      libndr-krb5pac0-debuginfo-4.4.2-38.55.1
      libndr-nbt0-32bit-4.4.2-38.55.1
      libndr-nbt0-4.4.2-38.55.1
      libndr-nbt0-debuginfo-32bit-4.4.2-38.55.1
      libndr-nbt0-debuginfo-4.4.2-38.55.1
      libndr-standard0-32bit-4.4.2-38.55.1
      libndr-standard0-4.4.2-38.55.1
      libndr-standard0-debuginfo-32bit-4.4.2-38.55.1
      libndr-standard0-debuginfo-4.4.2-38.55.1
      libndr0-32bit-4.4.2-38.55.1
      libndr0-4.4.2-38.55.1
      libndr0-debuginfo-32bit-4.4.2-38.55.1
      libndr0-debuginfo-4.4.2-38.55.1
      libnetapi0-32bit-4.4.2-38.55.1
      libnetapi0-4.4.2-38.55.1
      libnetapi0-debuginfo-32bit-4.4.2-38.55.1
      libnetapi0-debuginfo-4.4.2-38.55.1
      libsamba-credentials0-32bit-4.4.2-38.55.1
      libsamba-credentials0-4.4.2-38.55.1
      libsamba-credentials0-debuginfo-32bit-4.4.2-38.55.1
      libsamba-credentials0-debuginfo-4.4.2-38.55.1
      libsamba-errors0-32bit-4.4.2-38.55.1
      libsamba-errors0-4.4.2-38.55.1
      libsamba-errors0-debuginfo-32bit-4.4.2-38.55.1
      libsamba-errors0-debuginfo-4.4.2-38.55.1
      libsamba-hostconfig0-32bit-4.4.2-38.55.1
      libsamba-hostconfig0-4.4.2-38.55.1
      libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.55.1
      libsamba-hostconfig0-debuginfo-4.4.2-38.55.1
      libsamba-passdb0-32bit-4.4.2-38.55.1
      libsamba-passdb0-4.4.2-38.55.1
      libsamba-passdb0-debuginfo-32bit-4.4.2-38.55.1
      libsamba-passdb0-debuginfo-4.4.2-38.55.1
      libsamba-util0-32bit-4.4.2-38.55.1
      libsamba-util0-4.4.2-38.55.1
      libsamba-util0-debuginfo-32bit-4.4.2-38.55.1
      libsamba-util0-debuginfo-4.4.2-38.55.1
      libsamdb0-32bit-4.4.2-38.55.1
      libsamdb0-4.4.2-38.55.1
      libsamdb0-debuginfo-32bit-4.4.2-38.55.1
      libsamdb0-debuginfo-4.4.2-38.55.1
      libsmbclient0-32bit-4.4.2-38.55.1
      libsmbclient0-4.4.2-38.55.1
      libsmbclient0-debuginfo-32bit-4.4.2-38.55.1
      libsmbclient0-debuginfo-4.4.2-38.55.1
      libsmbconf0-32bit-4.4.2-38.55.1
      libsmbconf0-4.4.2-38.55.1
      libsmbconf0-debuginfo-32bit-4.4.2-38.55.1
      libsmbconf0-debuginfo-4.4.2-38.55.1
      libsmbldap0-32bit-4.4.2-38.55.1
      libsmbldap0-4.4.2-38.55.1
      libsmbldap0-debuginfo-32bit-4.4.2-38.55.1
      libsmbldap0-debuginfo-4.4.2-38.55.1
      libtevent-util0-32bit-4.4.2-38.55.1
      libtevent-util0-4.4.2-38.55.1
      libtevent-util0-debuginfo-32bit-4.4.2-38.55.1
      libtevent-util0-debuginfo-4.4.2-38.55.1
      libwbclient0-32bit-4.4.2-38.55.1
      libwbclient0-4.4.2-38.55.1
      libwbclient0-debuginfo-32bit-4.4.2-38.55.1
      libwbclient0-debuginfo-4.4.2-38.55.1
      samba-4.4.2-38.55.1
      samba-client-32bit-4.4.2-38.55.1
      samba-client-4.4.2-38.55.1
      samba-client-debuginfo-32bit-4.4.2-38.55.1
      samba-client-debuginfo-4.4.2-38.55.1
      samba-debuginfo-4.4.2-38.55.1
      samba-debugsource-4.4.2-38.55.1
      samba-libs-32bit-4.4.2-38.55.1
      samba-libs-4.4.2-38.55.1
      samba-libs-debuginfo-32bit-4.4.2-38.55.1
      samba-libs-debuginfo-4.4.2-38.55.1
      samba-winbind-32bit-4.4.2-38.55.1
      samba-winbind-4.4.2-38.55.1
      samba-winbind-debuginfo-32bit-4.4.2-38.55.1
      samba-winbind-debuginfo-4.4.2-38.55.1


References:

   https://www.suse.com/security/cve/CVE-2020-14323.html
   https://www.suse.com/security/cve/CVE-2021-20251.html
   https://www.suse.com/security/cve/CVE-2022-32742.html
   https://www.suse.com/security/cve/CVE-2022-37966.html
   https://www.suse.com/security/cve/CVE-2022-38023.html
   https://bugzilla.suse.com/1173994
   https://bugzilla.suse.com/1201496
   https://bugzilla.suse.com/1205385
   https://bugzilla.suse.com/1206504
   https://bugzilla.suse.com/1206546



More information about the sle-security-updates mailing list