Overview

File _patchinfo of Package patchinfo.30951

<patchinfo incident="30951">
  <issue tracker="cve" id="2023-4154"/>
  <issue tracker="cve" id="2023-4091"/>
  <issue tracker="cve" id="2023-42669"/>
  <issue tracker="bnc" id="1215908">VUL-0: EMBARGOED: CVE-2023-4154: samba: dirsync allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES"</issue>
  <issue tracker="bnc" id="1213940">samba-client-libs has dependency on libcluster-samba4.so which isn't provided by anything &#8212; ref:_00D1igLOd._5005qUNQqN:ref</issue>
  <issue tracker="bnc" id="1215905">VUL-0: EMBARGOED: CVE-2023-42669: samba: rpcecho, enabled and running in AD DC, allows blocking sleep on request</issue>
  <issue tracker="bnc" id="1215904">VUL-0: EMBARGOED: CVE-2023-4091: samba: Client can truncate file with read-only permissions</issue>
  <packager>scabrero</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for samba</summary>
  <description>This update for samba fixes the following issues:

- CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904)
- CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905)
- CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right. (bsc#1215908)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places