Overview

File _patchinfo of Package patchinfo.27442

<patchinfo incident="27442">
  <issue tracker="cve" id="2021-20251"/>
  <issue tracker="cve" id="2022-37966"/>
  <issue tracker="cve" id="2022-38023"/>
  <issue tracker="bnc" id="1205385">VUL-0: CVE-2022-37966: samba: Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.</issue>
  <issue tracker="bnc" id="1206546">VUL-0: CVE-2021-20251: samba: Bad password count not incremented atomically</issue>
  <issue tracker="bnc" id="1206504">VUL-0: CVE-2022-38023: samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided</issue>
  <packager>scabrero</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for samba</summary>
  <description>This update for samba fixes the following issues:

- CVE-2021-20251: Fixed an issue where the bad password count would
  not be properly incremented, which could allow attackers to brute
  force a user's password (bsc#1206546).
- CVE-2022-38023: Disabled weak ciphers by default in the Netlogon
  Secure channel (bsc#1206504).
- CVE-2022-37966: Fixed an issue where a weak cipher would be
  selected to encrypt session keys, which could lead to privilege
  escalation (bsc#1205385).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places