SUSE-SU-2023:0160-1 -- SLES samba, libsamba-policy-devel, libsamba-policy-python3-devel, libsamba-policy0-python3ID: oval:org.secpod.oval:def:89048164 | Date: (C)2023-02-02 (M)2024-04-29 |
Class: PATCH | Family: unix |
This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user"s password . - Updated to version 4.15.13: - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation . - CVE-2022-37967: Fixed a potential privilege escalation issue via constrained delegation due to weak a cryptographic algorithm being selected . - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel . - Updated to version 4.15.12: - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on 32-bit systems . - Updated to version 4.15.11: - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3 . - Updated to version 4.15.10: - Fixed a potential crash due to a concurrency issue . - Updated to version 4.15.9: - CVE-2022-32742: Fixed an information leak that could be triggered via SMB1 . - CVE-2022-32746: Fixed a memory corruption issue in database audit logging . - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords . - CVE-2022-32745: Fixed a remote server crash that could be triggered with certain LDAP requests . - CVE-2022-32744: Fixed an issue where AD users could have forged password change requests on behalf of other users . Other fixes: - Fixed a problem when using bind as samba-ad-dc backend related to the named service .
Platform: |
SUSE Linux Enterprise Desktop 15 SP4 |
SUSE Linux Enterprise Server 15 SP4 |
Product: |
samba |
libsamba-policy-devel |
libsamba-policy-python3-devel |
libsamba-policy0-python3 |