SUSE alert SUSE-SU-2023:0164-1 (samba)
| From: | sle-security-updates@lists.suse.com | |
| To: | sle-security-updates@lists.suse.com | |
| Subject: | SUSE-SU-2023:0164-1: important: Security update for samba | |
| Date: | Thu, 26 Jan 2023 21:38:04 +0100 | |
| Message-ID: | <20230126203804.2FEFDFD2D@maintenance.suse.de> |
SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0164-1 Rating: important References: #1205385 #1206504 #1206546 Cross-References: CVE-2021-20251 CVE-2022-37966 CVE-2022-38023 CVSS scores: CVE-2021-20251 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37966 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37966 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-164=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-164=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2023-164=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsamba-policy-devel-4.15.13+git.534.0d9f8ece26-3.77.1 libsamba-policy-python3-devel-4.15.13+git.534.0d9f8ece26-3.77.1 samba-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-debugsource-4.15.13+git.534.0d9f8ece26-3.77.1 samba-devel-4.15.13+git.534.0d9f8ece26-3.77.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): samba-devel-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsamba-policy0-python3-4.15.13+git.534.0d9f8ece26-3.77.1 libsamba-policy0-python3-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-libs-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-libs-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-debugsource-4.15.13+git.534.0d9f8ece26-3.77.1 samba-ldb-ldap-4.15.13+git.534.0d9f8ece26-3.77.1 samba-ldb-ldap-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-python3-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-python3-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-python3-4.15.13+git.534.0d9f8ece26-3.77.1 samba-python3-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-tool-4.15.13+git.534.0d9f8ece26-3.77.1 samba-winbind-4.15.13+git.534.0d9f8ece26-3.77.1 samba-winbind-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-winbind-libs-4.15.13+git.534.0d9f8ece26-3.77.1 samba-winbind-libs-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsamba-policy0-python3-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 libsamba-policy0-python3-debuginfo-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-debuginfo-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-libs-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-libs-debuginfo-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-debuginfo-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-python3-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-python3-debuginfo-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-winbind-libs-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-winbind-libs-debuginfo-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): samba-devel-4.15.13+git.534.0d9f8ece26-3.77.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): libsamba-policy-python3-devel-4.15.13+git.534.0d9f8ece26-3.77.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.15.13+git.534.0d9f8ece26-3.77.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.15.13+git.534.0d9f8ece26-3.77.1 ctdb-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-debugsource-4.15.13+git.534.0d9f8ece26-3.77.1 References: https://www.suse.com/security/cve/CVE-2021-20251.html https://www.suse.com/security/cve/CVE-2022-37966.html https://www.suse.com/security/cve/CVE-2022-38023.html https://bugzilla.suse.com/1205385 https://bugzilla.suse.com/1206504 https://bugzilla.suse.com/1206546