Security update for samba

Announcement ID:	SUSE-SU-2022:2582-1
Rating:	important
References:	bsc#1198255 bsc#1199247 bsc#1199734 bsc#1200556 bsc#1200964 bsc#1201490 bsc#1201492 bsc#1201493 bsc#1201495 bsc#1201496
Cross-References:	CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746
CVSS scores:	CVE-2022-2031 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2031 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32742 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32742 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32744 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32744 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32745 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-32745 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-32746 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-32746 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Affected Products:	SUSE Linux Enterprise High Availability Extension 12 SP5 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5

An update that solves five vulnerabilities and has five security fixes can now be installed.

Description:

This update for samba fixes the following issues:

• CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490).
• CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492).
• CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495).
• CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496).
• CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493).

The following non-security bugs were fixed:

• netgroups support removed; (bso#15087); (bsc#1199247).
• net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734).
• smbclient commands del and deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556).
• move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255);

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2582=1 SUSE-SLE-SERVER-12-SP5-2022-2582=1
• SUSE Linux Enterprise High Availability Extension 12 SP5
  zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2582=1
• SUSE Linux Enterprise Software Development Kit 12 SP5
  zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2582=1
• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2582=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2582=1

Package List:

• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
  • samba-winbind-libs-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-4.15.8+git.462.e73f4310487-3.68.1
  • samba-debugsource-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-libs-4.15.8+git.462.e73f4310487-3.68.1
  • ctdb-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-tool-4.15.8+git.462.e73f4310487-3.68.1
  • samba-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-python3-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • libsamba-policy0-python3-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-python3-4.15.8+git.462.e73f4310487-3.68.1
  • samba-ldb-ldap-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-libs-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-python3-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-python3-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • ctdb-4.15.8+git.462.e73f4310487-3.68.1
  • libsamba-policy0-python3-4.15.8+git.462.e73f4310487-3.68.1
  • samba-ldb-ldap-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le)
  • libsamba-policy-python3-devel-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
  • samba-doc-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
  • samba-client-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • libsamba-policy0-python3-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • libsamba-policy0-python3-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-python3-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-python3-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-libs-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-libs-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64)
  • samba-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • ctdb-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-debugsource-4.15.8+git.462.e73f4310487-3.68.1
  • ctdb-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
  • samba-debugsource-4.15.8+git.462.e73f4310487-3.68.1
  • libsamba-policy-python3-devel-4.15.8+git.462.e73f4310487-3.68.1
  • samba-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-devel-4.15.8+git.462.e73f4310487-3.68.1
  • libsamba-policy-devel-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64)
  • samba-devel-32bit-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
  • samba-winbind-libs-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-4.15.8+git.462.e73f4310487-3.68.1
  • samba-debugsource-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-libs-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-tool-4.15.8+git.462.e73f4310487-3.68.1
  • samba-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-python3-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • libsamba-policy0-python3-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-python3-4.15.8+git.462.e73f4310487-3.68.1
  • samba-ldb-ldap-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-libs-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-python3-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-python3-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • libsamba-policy0-python3-4.15.8+git.462.e73f4310487-3.68.1
  • samba-ldb-ldap-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64)
  • samba-devel-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
  • samba-doc-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
  • samba-client-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • libsamba-policy0-python3-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • libsamba-policy0-python3-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-python3-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-python3-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-libs-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-libs-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
  • samba-winbind-libs-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-4.15.8+git.462.e73f4310487-3.68.1
  • samba-debugsource-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-libs-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-tool-4.15.8+git.462.e73f4310487-3.68.1
  • samba-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-python3-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • libsamba-policy0-python3-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-python3-4.15.8+git.462.e73f4310487-3.68.1
  • samba-ldb-ldap-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-libs-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-python3-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-libs-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-python3-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • libsamba-policy0-python3-4.15.8+git.462.e73f4310487-3.68.1
  • samba-ldb-ldap-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-debuginfo-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise Server 12 SP5 (aarch64)
  • samba-devel-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise Server 12 SP5 (noarch)
  • samba-doc-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise Server 12 SP5 (ppc64le)
  • libsamba-policy-python3-devel-4.15.8+git.462.e73f4310487-3.68.1
• SUSE Linux Enterprise Server 12 SP5 (s390x x86_64)
  • samba-client-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • libsamba-policy0-python3-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • libsamba-policy0-python3-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-python3-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-libs-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-python3-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-winbind-libs-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-libs-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1
  • samba-client-libs-debuginfo-32bit-4.15.8+git.462.e73f4310487-3.68.1

References:

• https://www.suse.com/security/cve/CVE-2022-2031.html
• https://www.suse.com/security/cve/CVE-2022-32742.html
• https://www.suse.com/security/cve/CVE-2022-32744.html
• https://www.suse.com/security/cve/CVE-2022-32745.html
• https://www.suse.com/security/cve/CVE-2022-32746.html
• https://bugzilla.suse.com/show_bug.cgi?id=1198255
• https://bugzilla.suse.com/show_bug.cgi?id=1199247
• https://bugzilla.suse.com/show_bug.cgi?id=1199734
• https://bugzilla.suse.com/show_bug.cgi?id=1200556
• https://bugzilla.suse.com/show_bug.cgi?id=1200964
• https://bugzilla.suse.com/show_bug.cgi?id=1201490
• https://bugzilla.suse.com/show_bug.cgi?id=1201492
• https://bugzilla.suse.com/show_bug.cgi?id=1201493
• https://bugzilla.suse.com/show_bug.cgi?id=1201495
• https://bugzilla.suse.com/show_bug.cgi?id=1201496