Overview

File _patchinfo of Package patchinfo.27938

<?xml version="1.0"?>
<patchinfo incident="27938">
  <issue tracker="cve" id="2022-32746"/>
  <issue tracker="cve" id="2023-0922"/>
  <issue tracker="cve" id="2023-0225"/>
  <issue tracker="cve" id="2023-0614"/>
  <issue tracker="bnc" id="1201490">VUL-0: CVE-2022-32746: samba,ldb: Use-after-free occurring in database audit logging module</issue>
  <issue tracker="bnc" id="1207416">PANIC (pid 12062): Signal 11: Segmentation fault in 4.15.13-git.482.1ac2c665c73.74.1-SUSE-SLE_12-x86_64 | samba</issue>
  <issue tracker="bnc" id="1207723">samba-libs package dependency missing for package samba-client-libs</issue>
  <issue tracker="bnc" id="1207996">samba-winbind-libs-32bit package missing</issue>
  <issue tracker="bnc" id="1209481">VUL-0: EMBARGOED: CVE-2023-0922: samba: AD DC admin tool samba-tool sends passwords in cleartext</issue>
  <issue tracker="bnc" id="1209483">VUL-0: EMBARGOED: CVE-2023-0225: samba: AD DC "dnsHostname" attribute can be deleted by unprivileged authenticated users.</issue>
  <issue tracker="bnc" id="1209485">VUL-0: EMBARGOED: CVE-2023-0614: samba: Access controlled AD LDAP attributes can be discovered</issue>
  <packager>npower</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for ldb, samba</summary>
  <description>This update for ldb, samba fixes the following issues:

ldb: 
    
- CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490).
- CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485).

samba:

- CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481).
- CVE-2023-0225: Fixed deletion of AD DC "dnsHostname" attribute by unprivileged authenticated users (bso#15276) (bsc#1209483).
- CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485).

The following non-security bug were fixed:

- Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416).
- Ship missing samba-winbind-libs-32bit package (bsc#1207996)
- Ship missing samba-libs to SLE Micro 5.3 (bsc#1207723)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places