Oval Definition:oval:org.opensuse.security:def:95420
Revision Date:2022-08-03Version:1
Title:Security update for ldb, samba (Important)
Description:

This update for ldb, samba fixes the following issues:

- CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493).

The following non-security bug were fixed:

ldb was updated to version 2.4.3:

+ Fix build problems, waf produces incorrect names for python extensions; (bso#15071);

samba was updated to 4.15.8:

Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443);

- Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556).
Family:unixClass:patch
Status:Reference(s):1122417
1125886
1178236
1188921
1196224
1198255
1199247
1199734
1200556
1200964
1201490
1201492
1201493
1201495
1201496
CVE-2021-37600
CVE-2022-2031
CVE-2022-32742
CVE-2022-32744
CVE-2022-32745
CVE-2022-32746
SUSE-SU-2022:2659-1
Platform(s):SUSE Linux Enterprise High Availability 15 SP4
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability 15 SP4 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Retail Branch Server 4.3 is installed
  • OR SUSE Manager Server 4.3 is installed
  • AND ctdb-4.15.8+git.500.d5910280cc7-150400.3.11.1 is installed
  • BACK