Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2022:0283-1 Important: Samba Critical Issues and Denial of Service

suse
Calendar Grey February 1, 2022
Dist Suse Esm H88
SUSE Security Patch: Significant samba upgrade resolving severe vulnerabilities and enhancing performance.
An update that solves 8 vulnerabilities, contains one feature and has two fixes is now available

Summary

- CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935);

Topics%20covered

Topics Covered

security advisory update critical samba vulnerability patch SUSE

References

#1139519 #1183572 #1183574 #1188571 #1191227

#1191532 #1192684 #1193690 #1194859 #1195048

SLE-23329

Cross- CVE-2020-27840 CVE-2021-20277 CVE-2021-20316

CVE-2021-36222 CVE-2021-43566 CVE-2021-44141

CVE-2021-44142 CVE-2022-0336

CVSS scores:

CVE-2020-27840 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-27840 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-20277 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-20277 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

CVE-2021-20316 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N

CVE-2021-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0283-1
Rating: important

Topics%20covered

Topics Covered

security advisory update critical samba vulnerability patch SUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here