Security update for samba

Announcement ID: SUSE-SU-2023:0122-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2020-14323 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
  • CVE-2020-14323 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-20251 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2021-20251 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
  • CVE-2022-32742 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2022-32742 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2022-37966 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-37966 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-38023 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2022-38023 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2

An update that solves five vulnerabilities can now be installed.

Description:

This update for samba fixes the following issues:

  • CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546).
  • CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504).
  • CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385).
  • CVE-2020-14323: Fixed a denial of service in winbindd (bsc#1173994).
  • CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bsc#1201496).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-122=1

Package List:

  • SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64)
    • libsmbldap0-4.4.2-38.55.1
    • samba-winbind-4.4.2-38.55.1
    • libsmbconf0-debuginfo-4.4.2-38.55.1
    • libndr-krb5pac0-debuginfo-4.4.2-38.55.1
    • libwbclient0-4.4.2-38.55.1
    • libdcerpc0-4.4.2-38.55.1
    • libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.55.1
    • libsamba-util0-32bit-4.4.2-38.55.1
    • libndr-nbt0-debuginfo-32bit-4.4.2-38.55.1
    • libsmbldap0-32bit-4.4.2-38.55.1
    • samba-client-debuginfo-4.4.2-38.55.1
    • libsamba-hostconfig0-debuginfo-4.4.2-38.55.1
    • libsamba-passdb0-4.4.2-38.55.1
    • libdcerpc0-debuginfo-32bit-4.4.2-38.55.1
    • libsamba-errors0-debuginfo-32bit-4.4.2-38.55.1
    • libtevent-util0-4.4.2-38.55.1
    • libdcerpc0-32bit-4.4.2-38.55.1
    • libtevent-util0-debuginfo-4.4.2-38.55.1
    • samba-winbind-debuginfo-4.4.2-38.55.1
    • libsamba-credentials0-debuginfo-4.4.2-38.55.1
    • samba-debugsource-4.4.2-38.55.1
    • libsamdb0-debuginfo-4.4.2-38.55.1
    • libndr0-4.4.2-38.55.1
    • libsamdb0-32bit-4.4.2-38.55.1
    • libndr0-debuginfo-32bit-4.4.2-38.55.1
    • libsmbclient0-debuginfo-32bit-4.4.2-38.55.1
    • libtevent-util0-32bit-4.4.2-38.55.1
    • libwbclient0-32bit-4.4.2-38.55.1
    • samba-winbind-debuginfo-32bit-4.4.2-38.55.1
    • libsamba-credentials0-32bit-4.4.2-38.55.1
    • libsamba-passdb0-32bit-4.4.2-38.55.1
    • libndr0-debuginfo-4.4.2-38.55.1
    • libnetapi0-debuginfo-4.4.2-38.55.1
    • libsamba-errors0-debuginfo-4.4.2-38.55.1
    • samba-winbind-32bit-4.4.2-38.55.1
    • samba-client-4.4.2-38.55.1
    • samba-client-debuginfo-32bit-4.4.2-38.55.1
    • libsmbldap0-debuginfo-32bit-4.4.2-38.55.1
    • libsamba-util0-4.4.2-38.55.1
    • libsamba-util0-debuginfo-32bit-4.4.2-38.55.1
    • libsamba-util0-debuginfo-4.4.2-38.55.1
    • libsmbclient0-4.4.2-38.55.1
    • libsamba-passdb0-debuginfo-4.4.2-38.55.1
    • libndr-standard0-debuginfo-32bit-4.4.2-38.55.1
    • libsamba-credentials0-4.4.2-38.55.1
    • libwbclient0-debuginfo-4.4.2-38.55.1
    • libdcerpc-binding0-4.4.2-38.55.1
    • libsamdb0-4.4.2-38.55.1
    • libndr-nbt0-4.4.2-38.55.1
    • libsmbclient0-32bit-4.4.2-38.55.1
    • libndr-krb5pac0-4.4.2-38.55.1
    • libwbclient0-debuginfo-32bit-4.4.2-38.55.1
    • libsmbconf0-debuginfo-32bit-4.4.2-38.55.1
    • samba-client-32bit-4.4.2-38.55.1
    • libndr0-32bit-4.4.2-38.55.1
    • libnetapi0-4.4.2-38.55.1
    • libsamdb0-debuginfo-32bit-4.4.2-38.55.1
    • libdcerpc0-debuginfo-4.4.2-38.55.1
    • samba-libs-debuginfo-32bit-4.4.2-38.55.1
    • libdcerpc-binding0-debuginfo-32bit-4.4.2-38.55.1
    • libnetapi0-32bit-4.4.2-38.55.1
    • samba-debuginfo-4.4.2-38.55.1
    • samba-libs-32bit-4.4.2-38.55.1
    • libsamba-hostconfig0-32bit-4.4.2-38.55.1
    • libtevent-util0-debuginfo-32bit-4.4.2-38.55.1
    • libndr-krb5pac0-32bit-4.4.2-38.55.1
    • libsamba-passdb0-debuginfo-32bit-4.4.2-38.55.1
    • libndr-standard0-debuginfo-4.4.2-38.55.1
    • samba-libs-debuginfo-4.4.2-38.55.1
    • samba-4.4.2-38.55.1
    • libsmbldap0-debuginfo-4.4.2-38.55.1
    • libndr-krb5pac0-debuginfo-32bit-4.4.2-38.55.1
    • samba-libs-4.4.2-38.55.1
    • libsamba-hostconfig0-4.4.2-38.55.1
    • libndr-nbt0-debuginfo-4.4.2-38.55.1
    • libdcerpc-binding0-debuginfo-4.4.2-38.55.1
    • libnetapi0-debuginfo-32bit-4.4.2-38.55.1
    • libndr-standard0-32bit-4.4.2-38.55.1
    • libndr-standard0-4.4.2-38.55.1
    • libsamba-errors0-4.4.2-38.55.1
    • libsamba-credentials0-debuginfo-32bit-4.4.2-38.55.1
    • libsamba-errors0-32bit-4.4.2-38.55.1
    • libsmbclient0-debuginfo-4.4.2-38.55.1
    • libsmbconf0-4.4.2-38.55.1
    • libndr-nbt0-32bit-4.4.2-38.55.1
    • libdcerpc-binding0-32bit-4.4.2-38.55.1
    • libsmbconf0-32bit-4.4.2-38.55.1
  • SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch)
    • samba-doc-4.4.2-38.55.1

References: