Overview

File _patchinfo of Package patchinfo.27033

<patchinfo incident="27033">
  <issue tracker="bnc" id="1201492">VUL-0: CVE-2022-32745: samba, ldb: AD users can crash the server process with an LDAP add or modify request</issue>
  <issue tracker="bnc" id="1205126">VUL-0: CVE-2022-42898: krb5: samba: heimdal: Samba buffer overflow vulnerabilities on 32-bit systems</issue>
  <issue tracker="bnc" id="1201490">VUL-0: CVE-2022-32746: samba,ldb: Use-after-free occurring in database audit logging module</issue>
  <issue tracker="bnc" id="1201689">bind9.16 and samba-ad-dc-4.15.7 using bind as backed systemd issue</issue>
  <issue tracker="bnc" id="1201493">VUL-0: CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user</issue>
  <issue tracker="bnc" id="1201496">VUL-0: CVE-2022-32742: samba: Server memory information leak via SMB1</issue>
  <issue tracker="bnc" id="1200102">SLES 15 SP3 - smbd dumps core randomly  - ref:_00D1igLOd._5005q5zV47:ref</issue>
  <issue tracker="bnc" id="1204254">VUL-0: CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3()</issue>
  <issue tracker="bnc" id="1201495">VUL-0: CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords</issue>
  <issue tracker="cve" id="2022-32744"/>
  <issue tracker="cve" id="2022-32742"/>
  <issue tracker="cve" id="2022-2031"/>
  <issue tracker="cve" id="2022-32746"/>
  <issue tracker="cve" id="2022-42898"/>
  <issue tracker="cve" id="2022-3437"/>
  <issue tracker="cve" id="2022-32745"/>
  <packager>scabrero</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for samba</summary>
  <description>This update for samba fixes the following issues:

Version update to 4.15.12.

Security issues fixed:

- CVE-2022-2031: Fixed AD users that could have bypassed certain restrictions associated with changing passwords (bsc#1201495).
- CVE-2022-32742: Fixed SMB1 code that does not correctly verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths (bsc#1201496).
- CVE-2022-32744: Fixed AD users that could have forged password change requests for any user (bsc#1201493).
- CVE-2022-32745: Fixed AD users that could have crashed the server process with an LDAP add or modify request (bsc#1201492).
- CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490).
- CVE-2022-3437: Fixed buffer overflow in Heimdal unwrap_des3() (bsc#1204254).
- CVE-2022-42898: Fixed Samba buffer overflow vulnerabilities on 32-bit systems (bsc#1205126).

Bug fixes:

- Install a systemd drop-in file for named service to allow read/write access to the DLZ directory (bsc#1201689).
- Possible use after free of connection_struct when iterating smbd_server_connection-&gt;connections (bsc#1200102).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places