File _patchinfo of Package patchinfo.25011
<patchinfo incident="25011"> <issue tracker="bnc" id="1199247">Samba 4.15 regrestion - netgroups dropped</issue> <issue tracker="bnc" id="1200964">autoyast auth-client for AD does not install required packages</issue> <issue tracker="bnc" id="1198255">winbind is not starting: Failed to initialize passdb backend! after updating to recent samba-winbind packages</issue> <issue tracker="bnc" id="1200556">smbclient - NT_STATUS_OBJECT_PATH_NOT_FOUND deleting remote file on DFS</issue> <issue tracker="bnc" id="1196224">User Kerberos Tickets are not refresh or get destroyed after Update to samba 4.15.4</issue> <issue tracker="bnc" id="1199734">Cannot join windows domain with YaST</issue> <issue tracker="bnc" id="1201492">VUL-0: EMBARGOED: CVE-2022-32745: samba, ldb: AD users can crash the server process with an LDAP add or modify request</issue> <issue tracker="bnc" id="1201493">VUL-0: EMBARGOED: CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user</issue> <issue tracker="bnc" id="1201490">VUL-0: EMBARGOED: CVE-2022-32746: samba,ldb: Use-after-free occurring in database audit logging module</issue> <issue tracker="bnc" id="1201496">VUL-0: EMBARGOED: CVE-2022-32742: samba: Server memory information leak via SMB1</issue> <issue tracker="bnc" id="1201495">VUL-0: EMBARGOED: CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords</issue> <issue tracker="cve" id="2022-2031"/> <issue tracker="cve" id="2022-32744"/> <issue tracker="cve" id="2022-32746"/> <issue tracker="cve" id="2022-32742"/> <issue tracker="cve" id="2022-32745"/> <packager>scabrero</packager> <rating>important</rating> <category>security</category> <summary>Security update for ldb, samba</summary> <description>This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following security bugs were fixed: samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ldb was updated to version 2.4.3 * Fix build problems, waf produces incorrect names for python extensions; (bso#15071); </description> </patchinfo>
