Overview

File _patchinfo of Package patchinfo.27270

<patchinfo incident="27270">
  <issue tracker="cve" id="2022-37967"/>
  <issue tracker="cve" id="2022-37966"/>
  <issue tracker="cve" id="2022-38023"/>
  <issue tracker="bnc" id="1205946">bind fails to start after update system namespeced</issue>
  <issue tracker="bnc" id="1206504">VUL-0: CVE-2022-38023: samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided</issue>
  <issue tracker="bnc" id="1205385">VUL-0: CVE-2022-37966: samba: Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.</issue>
  <issue tracker="bnc" id="1205386">VUL-0: CVE-2022-37967: samba: Windows Kerberos Elevation of Privilege Vulnerability.</issue>
  <packager>scabrero</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for samba</summary>
  <description>This update for samba fixes the following issues:

Update to 4.15.13

- CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers (bsc#1205385).
- CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC (bsc#1205386).
- CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (bsc#1206504).
- Fixed issue with bind start up (bsc#1205946).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places