File _patchinfo of Package patchinfo.30943

<patchinfo incident="30943">
  <issue tracker="cve" id="2023-4154"/>
  <issue tracker="cve" id="2023-4091"/>
  <issue tracker="cve" id="2023-3961"/>
  <issue tracker="cve" id="2023-42670"/>
  <issue tracker="cve" id="2023-42669"/>
  <issue tracker="bnc" id="1215904">VUL-0: EMBARGOED: CVE-2023-4091: samba: Client can truncate file with read-only permissions</issue>
  <issue tracker="bnc" id="1215906">VUL-0: EMBARGOED: CVE-2023-42670: samba: The procedure number is out of range when starting Active Directory The procedure number is out of range when starting Active Directory Users and ComputersUsers and Computers</issue>
  <issue tracker="bnc" id="1215905">VUL-0: EMBARGOED: CVE-2023-42669: samba: rpcecho, enabled and running in AD DC, allows blocking sleep on request</issue>
  <issue tracker="bnc" id="1215907">VUL-0: EMBARGOED:  CVE-2023-3961: samba: Unsanitized client pipe name passed to local_np_connect()</issue>
  <issue tracker="bnc" id="1215908">VUL-0: EMBARGOED: CVE-2023-4154: samba: dirsync allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES"</issue>
  <packager>npower</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for samba</summary>
  <description>This update for samba fixes the following issues:

- CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904)
- CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep() call on AD DC. (bsc#1215905)
- CVE-2023-42670: Fixed the procedure number which was out of range when starting Active Directory Users and Computers. (bsc#1215906)
- CVE-2023-3961: Fixed an unsanitized client pipe name passed to local_np_connect(). (bsc#1215907)
- CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right. (bsc#1215908)
</description>
</patchinfo>