SUSE Security Update: Security update for samba
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:0323-1
Rating: critical
References: #1089938 #1139519 #1158916 #1180064 #1182058
#1191227 #1192684 #1193533 #1193690 #1194859
#1195048 SLE-23330
Cross-References: CVE-2020-29361 CVE-2021-20316 CVE-2021-43566
CVE-2021-44141 CVE-2021-44142 CVE-2022-0336
CVSS scores:
CVE-2020-29361 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-29361 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-20316 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
CVE-2021-43566 (SUSE): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CVE-2021-44141 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-44142 (SUSE): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2022-0336 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Desktop 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise High Performance Computing 12-SP5
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
______________________________________________________________________________
An update that solves 6 vulnerabilities, contains one
feature and has 5 fixes is now available.
Description:
This update contains a major security update for Samba.
samba has received security fixes:
- CVE-2021-44141: Information leak via symlinks of existance of files or
directories outside of the exported share (bsc#1193690);
- CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS
module vfs_fruit allows code execution (bsc#1194859);
- CVE-2022-0336: Samba AD users with permission to write to an account can
impersonate arbitrary services (bsc#1195048);
samba was updated to version 4.15.4; (jsc#SLE-23330);
+ CVE-2021-43566: Symlink race error can allow directory creation
outside of the exported share; (bso#13979); (bsc#1139519);
+ CVE-2021-20316: Symlink race error can allow metadata read and modify
outside of the exported share; (bso#14842); (bsc#1191227);
- Build samba with embedded talloc, pytalloc, pytalloc-util, tdb, pytdb,
tevent, pytevent, ldb, pyldb and pyldb-util libraries. The tdb and ldb
tools are installed in /usr/lib[64]/samba/bin and their manpages in
/usr/lib[64]/samba/man
This avoids removing old functionality.
samba was updated to 4.15.4:
* Duplicate SMB file_ids leading to Windows client cache poisoning;
(bso#14928);
* Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
* kill_tcp_connections does not work; (bso#14934);
* Can't connect to Windows shares not requiring authentication using
KDE/Gnome; (bso#14935);
* smbclient -L doesn't set "client max protocol" to NT1 before calling the
"Reconnecting with SMB1 for workgroup listing" path; (bso#14939);
* Cross device copy of the crossrename module always fails; (bso#14940);
* symlinkat function from VFS cap module always fails with an error;
(bso#14941);
* Fix possible fsp pointer deference; (bso#14942);
* Missing pop_sec_ctx() in error path inside close_directory();
(bso#14944);
* "smbd --build-options" no longer works without an smb.conf file;
(bso#14945);
- Reorganize libs packages. Split samba-libs into samba-client-libs,
samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
public libraries depending on internal samba libraries into these
packages as there were dependency problems everytime one of these public
libraries changed its version (bsc#1192684). The devel packages are
merged into samba-devel.
- Rename package samba-core-devel to samba-devel
- Update the symlink create by samba-dsdb-modules to private samba ldb
modules following libldb2 changes from /usr/lib64/ldb/samba to
/usr/lib64/ldb2/modules/ldb/samba
sssd was updated:
- Build with the newer samba versions; (jsc#SLE-23330);
- Fix a dependency loop by moving internal libraries to sssd-common
package; (bsc#1182058);
p11-kit was updated:
Update to 0.23.2; (jsc#SLE-23330);
* Fix forking issues with libffi
* Fix various crashes in corner cases
* Updated translations
* Build fixes
- Fix multiple integer overflows in rpc code (bsc#1180064 CVE-2020-29361):
- Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993)
ca-certificates was updated:
- p11-kit 0.23.1 supports pem-directory-hash. (jsc#SLE-23330)
This update also ships:
- libnettle 3.1 and gnutls 3.4.17 as parallel libraries to meet the
requires of the newer samba.
apparmor was updated:
- Update samba apparmor profiles for samba 4.15 (jsc#SLE-23330);
yast2-samba-client was updated:
- With latest versions of samba (>=4.15.0) calling 'net ads lookup' with
'-U%' fails; (boo#1193533).
- yast-samba-client fails to join if /etc/samba/smb.conf or /etc/krb5.conf
don't exist; (bsc#1089938)
- Do not stop nmbd while nmbstatus is running, it is not necessary
anymore; (bsc#1158916);
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-323=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-323=1
- SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2022-323=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
apparmor-debugsource-2.8.2-56.6.3
libapparmor-devel-2.8.2-56.6.3
libipa_hbac-devel-1.16.1-7.28.9
libsamba-policy-devel-4.15.4+git.324.8332acf1a63-3.54.1
libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1
libsss_idmap-devel-1.16.1-7.28.9
libsss_nss_idmap-devel-1.16.1-7.28.9
p11-kit-debuginfo-0.23.2-8.3.2
p11-kit-debugsource-0.23.2-8.3.2
p11-kit-devel-0.23.2-8.3.2
samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1
samba-devel-4.15.4+git.324.8332acf1a63-3.54.1
sssd-debugsource-1.16.1-7.28.9
- SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64):
samba-devel-32bit-4.15.4+git.324.8332acf1a63-3.54.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
apache2-mod_apparmor-2.8.2-56.6.3
apache2-mod_apparmor-debuginfo-2.8.2-56.6.3
apparmor-debugsource-2.8.2-56.6.3
apparmor-parser-2.8.2-56.6.3
apparmor-parser-debuginfo-2.8.2-56.6.3
libapparmor1-2.8.2-56.6.3
libapparmor1-debuginfo-2.8.2-56.6.3
libgnutls30-3.4.17-8.4.1
libgnutls30-debuginfo-3.4.17-8.4.1
libhogweed4-3.1-21.3.2
libhogweed4-debuginfo-3.1-21.3.2
libipa_hbac0-1.16.1-7.28.9
libipa_hbac0-debuginfo-1.16.1-7.28.9
libnettle6-3.1-21.3.2
libnettle6-debuginfo-3.1-21.3.2
libp11-kit0-0.23.2-8.3.2
libp11-kit0-debuginfo-0.23.2-8.3.2
libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-3.54.1
libsamba-policy0-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
libsss_certmap0-1.16.1-7.28.9
libsss_certmap0-debuginfo-1.16.1-7.28.9
libsss_idmap0-1.16.1-7.28.9
libsss_idmap0-debuginfo-1.16.1-7.28.9
libsss_nss_idmap0-1.16.1-7.28.9
libsss_nss_idmap0-debuginfo-1.16.1-7.28.9
libsss_simpleifp0-1.16.1-7.28.9
libsss_simpleifp0-debuginfo-1.16.1-7.28.9
p11-kit-0.23.2-8.3.2
p11-kit-debuginfo-0.23.2-8.3.2
p11-kit-debugsource-0.23.2-8.3.2
p11-kit-nss-trust-0.23.2-8.3.2
p11-kit-tools-0.23.2-8.3.2
p11-kit-tools-debuginfo-0.23.2-8.3.2
pam_apparmor-2.8.2-56.6.3
perl-apparmor-2.8.2-56.6.3
perl-apparmor-debuginfo-2.8.2-56.6.3
python-sssd-config-1.16.1-7.28.9
python-sssd-config-debuginfo-1.16.1-7.28.9
samba-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1
samba-ldb-ldap-4.15.4+git.324.8332acf1a63-3.54.1
samba-ldb-ldap-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-python3-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
samba-python3-4.15.4+git.324.8332acf1a63-3.54.1
samba-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
samba-tool-4.15.4+git.324.8332acf1a63-3.54.1
samba-winbind-4.15.4+git.324.8332acf1a63-3.54.1
samba-winbind-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
samba-winbind-libs-4.15.4+git.324.8332acf1a63-3.54.1
samba-winbind-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
sssd-1.16.1-7.28.9
sssd-ad-1.16.1-7.28.9
sssd-ad-debuginfo-1.16.1-7.28.9
sssd-common-1.16.1-7.28.9
sssd-common-debuginfo-1.16.1-7.28.9
sssd-dbus-1.16.1-7.28.9
sssd-dbus-debuginfo-1.16.1-7.28.9
sssd-debugsource-1.16.1-7.28.9
sssd-ipa-1.16.1-7.28.9
sssd-ipa-debuginfo-1.16.1-7.28.9
sssd-krb5-1.16.1-7.28.9
sssd-krb5-common-1.16.1-7.28.9
sssd-krb5-common-debuginfo-1.16.1-7.28.9
sssd-krb5-debuginfo-1.16.1-7.28.9
sssd-ldap-1.16.1-7.28.9
sssd-ldap-debuginfo-1.16.1-7.28.9
sssd-proxy-1.16.1-7.28.9
sssd-proxy-debuginfo-1.16.1-7.28.9
sssd-tools-1.16.1-7.28.9
sssd-tools-debuginfo-1.16.1-7.28.9
- SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64):
gnutls-debugsource-3.4.17-8.4.1
libnettle-debugsource-3.1-21.3.2
pam_apparmor-debuginfo-2.8.2-56.6.3
- SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libapparmor1-32bit-2.8.2-56.6.3
libapparmor1-debuginfo-32bit-2.8.2-56.6.3
libgnutls30-32bit-3.4.17-8.4.1
libgnutls30-debuginfo-32bit-3.4.17-8.4.1
libhogweed4-32bit-3.1-21.3.2
libhogweed4-debuginfo-32bit-3.1-21.3.2
libnettle6-32bit-3.1-21.3.2
libnettle6-debuginfo-32bit-3.1-21.3.2
libp11-kit0-32bit-0.23.2-8.3.2
libp11-kit0-debuginfo-32bit-0.23.2-8.3.2
libsamba-policy0-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1
libsamba-policy0-python3-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1
p11-kit-32bit-0.23.2-8.3.2
p11-kit-debuginfo-32bit-0.23.2-8.3.2
pam_apparmor-32bit-2.8.2-56.6.3
pam_apparmor-debuginfo-32bit-2.8.2-56.6.3
samba-client-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-client-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-libs-python3-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1
samba-winbind-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64):
libsss_nss_idmap-devel-1.16.1-7.28.9
samba-devel-4.15.4+git.324.8332acf1a63-3.54.1
- SUSE Linux Enterprise Server 12-SP5 (ppc64le):
libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1
- SUSE Linux Enterprise Server 12-SP5 (noarch):
apparmor-docs-2.8.2-56.6.3
apparmor-profiles-2.8.2-56.6.3
apparmor-utils-2.8.2-56.6.3
ca-certificates-1_201403302107-15.3.3
samba-doc-4.15.4+git.324.8332acf1a63-3.54.1
yast2-samba-client-3.1.23-3.3.1
- SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
ctdb-4.15.4+git.324.8332acf1a63-3.54.1
ctdb-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1
References:
https://www.suse.com/security/cve/CVE-2020-29361.html
https://www.suse.com/security/cve/CVE-2021-20316.html
https://www.suse.com/security/cve/CVE-2021-43566.html
https://www.suse.com/security/cve/CVE-2021-44141.html
https://www.suse.com/security/cve/CVE-2021-44142.html
https://www.suse.com/security/cve/CVE-2022-0336.html
https://bugzilla.suse.com/1089938
https://bugzilla.suse.com/1139519
https://bugzilla.suse.com/1158916
https://bugzilla.suse.com/1180064
https://bugzilla.suse.com/1182058
https://bugzilla.suse.com/1191227
https://bugzilla.suse.com/1192684
https://bugzilla.suse.com/1193533
https://bugzilla.suse.com/1193690
https://bugzilla.suse.com/1194859
https://bugzilla.suse.com/1195048
SUSE: 2022:0323-1 critical: samba
February 3, 2022
An update that solves 6 vulnerabilities, contains one feature and has 5 fixes is now available
Summary
This update contains a major security update for Samba. samba has received security fixes: - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services (bsc#1195048); samba was updated to version 4.15.4; (jsc#SLE-23330); + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bso#13979); (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bso#14842); (bsc#1191227); - Build samba with embedded talloc, pytalloc, pytalloc-util, tdb, pytdb, tevent, pytevent, ldb, pyldb and pyldb-util libraries. The tdb and ldb tools are installed in /usr/lib[64]/samba/bin and their manpages in /usr/lib[64]/samba/man This avoids removing old functionality. samba was updated to 4.15.4: * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set "client max protocol" to NT1 before calling the "Reconnecting with SMB1 for workgroup listing" path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * "smbd --build-options" no longer works without an smb.conf file; (bso#14945); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba sssd was updated: - Build with the newer samba versions; (jsc#SLE-23330); - Fix a dependency loop by moving internal libraries to sssd-common package; (bsc#1182058); p11-kit was updated: Update to 0.23.2; (jsc#SLE-23330); * Fix forking issues with libffi * Fix various crashes in corner cases * Updated translations * Build fixes - Fix multiple integer overflows in rpc code (bsc#1180064 CVE-2020-29361): - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993) ca-certificates was updated: - p11-kit 0.23.1 supports pem-directory-hash. (jsc#SLE-23330) This update also ships: - libnettle 3.1 and gnutls 3.4.17 as parallel libraries to meet the requires of the newer samba. apparmor was updated: - Update samba apparmor profiles for samba 4.15 (jsc#SLE-23330); yast2-samba-client was updated: - With latest versions of samba (>=4.15.0) calling 'net ads lookup' with '-U%' fails; (boo#1193533). - yast-samba-client fails to join if /etc/samba/smb.conf or /etc/krb5.conf don't exist; (bsc#1089938) - Do not stop nmbd while nmbstatus is running, it is not necessary anymore; (bsc#1158916); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-323=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-323=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-323=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.8.2-56.6.3 libapparmor-devel-2.8.2-56.6.3 libipa_hbac-devel-1.16.1-7.28.9 libsamba-policy-devel-4.15.4+git.324.8332acf1a63-3.54.1 libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1 libsss_idmap-devel-1.16.1-7.28.9 libsss_nss_idmap-devel-1.16.1-7.28.9 p11-kit-debuginfo-0.23.2-8.3.2 p11-kit-debugsource-0.23.2-8.3.2 p11-kit-devel-0.23.2-8.3.2 samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1 samba-devel-4.15.4+git.324.8332acf1a63-3.54.1 sssd-debugsource-1.16.1-7.28.9 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): samba-devel-32bit-4.15.4+git.324.8332acf1a63-3.54.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-56.6.3 apache2-mod_apparmor-debuginfo-2.8.2-56.6.3 apparmor-debugsource-2.8.2-56.6.3 apparmor-parser-2.8.2-56.6.3 apparmor-parser-debuginfo-2.8.2-56.6.3 libapparmor1-2.8.2-56.6.3 libapparmor1-debuginfo-2.8.2-56.6.3 libgnutls30-3.4.17-8.4.1 libgnutls30-debuginfo-3.4.17-8.4.1 libhogweed4-3.1-21.3.2 libhogweed4-debuginfo-3.1-21.3.2 libipa_hbac0-1.16.1-7.28.9 libipa_hbac0-debuginfo-1.16.1-7.28.9 libnettle6-3.1-21.3.2 libnettle6-debuginfo-3.1-21.3.2 libp11-kit0-0.23.2-8.3.2 libp11-kit0-debuginfo-0.23.2-8.3.2 libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-3.54.1 libsamba-policy0-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 libsss_certmap0-1.16.1-7.28.9 libsss_certmap0-debuginfo-1.16.1-7.28.9 libsss_idmap0-1.16.1-7.28.9 libsss_idmap0-debuginfo-1.16.1-7.28.9 libsss_nss_idmap0-1.16.1-7.28.9 libsss_nss_idmap0-debuginfo-1.16.1-7.28.9 libsss_simpleifp0-1.16.1-7.28.9 libsss_simpleifp0-debuginfo-1.16.1-7.28.9 p11-kit-0.23.2-8.3.2 p11-kit-debuginfo-0.23.2-8.3.2 p11-kit-debugsource-0.23.2-8.3.2 p11-kit-nss-trust-0.23.2-8.3.2 p11-kit-tools-0.23.2-8.3.2 p11-kit-tools-debuginfo-0.23.2-8.3.2 pam_apparmor-2.8.2-56.6.3 perl-apparmor-2.8.2-56.6.3 perl-apparmor-debuginfo-2.8.2-56.6.3 python-sssd-config-1.16.1-7.28.9 python-sssd-config-debuginfo-1.16.1-7.28.9 samba-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1 samba-ldb-ldap-4.15.4+git.324.8332acf1a63-3.54.1 samba-ldb-ldap-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-python3-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-python3-4.15.4+git.324.8332acf1a63-3.54.1 samba-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-tool-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-libs-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 sssd-1.16.1-7.28.9 sssd-ad-1.16.1-7.28.9 sssd-ad-debuginfo-1.16.1-7.28.9 sssd-common-1.16.1-7.28.9 sssd-common-debuginfo-1.16.1-7.28.9 sssd-dbus-1.16.1-7.28.9 sssd-dbus-debuginfo-1.16.1-7.28.9 sssd-debugsource-1.16.1-7.28.9 sssd-ipa-1.16.1-7.28.9 sssd-ipa-debuginfo-1.16.1-7.28.9 sssd-krb5-1.16.1-7.28.9 sssd-krb5-common-1.16.1-7.28.9 sssd-krb5-common-debuginfo-1.16.1-7.28.9 sssd-krb5-debuginfo-1.16.1-7.28.9 sssd-ldap-1.16.1-7.28.9 sssd-ldap-debuginfo-1.16.1-7.28.9 sssd-proxy-1.16.1-7.28.9 sssd-proxy-debuginfo-1.16.1-7.28.9 sssd-tools-1.16.1-7.28.9 sssd-tools-debuginfo-1.16.1-7.28.9 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): gnutls-debugsource-3.4.17-8.4.1 libnettle-debugsource-3.1-21.3.2 pam_apparmor-debuginfo-2.8.2-56.6.3 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libapparmor1-32bit-2.8.2-56.6.3 libapparmor1-debuginfo-32bit-2.8.2-56.6.3 libgnutls30-32bit-3.4.17-8.4.1 libgnutls30-debuginfo-32bit-3.4.17-8.4.1 libhogweed4-32bit-3.1-21.3.2 libhogweed4-debuginfo-32bit-3.1-21.3.2 libnettle6-32bit-3.1-21.3.2 libnettle6-debuginfo-32bit-3.1-21.3.2 libp11-kit0-32bit-0.23.2-8.3.2 libp11-kit0-debuginfo-32bit-0.23.2-8.3.2 libsamba-policy0-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1 libsamba-policy0-python3-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 p11-kit-32bit-0.23.2-8.3.2 p11-kit-debuginfo-32bit-0.23.2-8.3.2 pam_apparmor-32bit-2.8.2-56.6.3 pam_apparmor-debuginfo-32bit-2.8.2-56.6.3 samba-client-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-python3-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): libsss_nss_idmap-devel-1.16.1-7.28.9 samba-devel-4.15.4+git.324.8332acf1a63-3.54.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apparmor-docs-2.8.2-56.6.3 apparmor-profiles-2.8.2-56.6.3 apparmor-utils-2.8.2-56.6.3 ca-certificates-1_201403302107-15.3.3 samba-doc-4.15.4+git.324.8332acf1a63-3.54.1 yast2-samba-client-3.1.23-3.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.15.4+git.324.8332acf1a63-3.54.1 ctdb-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1
References
#1089938 #1139519 #1158916 #1180064 #1182058
#1191227 #1192684 #1193533 #1193690 #1194859
#1195048 SLE-23330
Cross- CVE-2020-29361 CVE-2021-20316 CVE-2021-43566
CVE-2021-44141 CVE-2021-44142 CVE-2022-0336
CVSS scores:
CVE-2020-29361 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-29361 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-20316 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
CVE-2021-43566 (SUSE): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CVE-2021-44141 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-44142 (SUSE): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2022-0336 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Desktop 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise High Performance Computing 12-SP5
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
https://www.suse.com/security/cve/CVE-2020-29361.html
https://www.suse.com/security/cve/CVE-2021-20316.html
https://www.suse.com/security/cve/CVE-2021-43566.html
https://www.suse.com/security/cve/CVE-2021-44141.html
https://www.suse.com/security/cve/CVE-2021-44142.html
https://www.suse.com/security/cve/CVE-2022-0336.html
https://bugzilla.suse.com/1089938
https://bugzilla.suse.com/1139519
https://bugzilla.suse.com/1158916
https://bugzilla.suse.com/1180064
https://bugzilla.suse.com/1182058
https://bugzilla.suse.com/1191227
https://bugzilla.suse.com/1192684
https://bugzilla.suse.com/1193533
https://bugzilla.suse.com/1193690
https://bugzilla.suse.com/1194859
https://bugzilla.suse.com/1195048
Severity
Announcement ID: SUSE-SU-2022:0323-1
Rating: critical
News
HOWTOs
About Us
Powered By
