
   SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:0323-1
Rating:             critical
References:         #1089938 #1139519 #1158916 #1180064 #1182058 
                    #1191227 #1192684 #1193533 #1193690 #1194859 
                    #1195048 SLE-23330 
Cross-References:   CVE-2020-29361 CVE-2021-20316 CVE-2021-43566
                    CVE-2021-44141 CVE-2021-44142 CVE-2022-0336
                   
CVSS scores:
                    CVE-2020-29361 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-29361 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-20316 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
                    CVE-2021-43566 (SUSE): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
                    CVE-2021-44141 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
                    CVE-2021-44142 (SUSE): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
                    CVE-2022-0336 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server for SAP Applications 12-SP5
                    SUSE Linux Enterprise Desktop 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server for SAP Applications 12-SP5
                    SUSE Linux Enterprise High Performance Computing 12-SP5
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Server for SAP Applications 12-SP3
                    SUSE Linux Enterprise Server 12-SP4
                    SUSE Linux Enterprise Server for SAP Applications 12-SP4
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise Server for SAP Applications 12-SP5
______________________________________________________________________________

   An update that solves 6 vulnerabilities, contains one
   feature and has 5 fixes is now available.

Description:


   This update contains a major security update for Samba.


   samba has received security fixes:

   - CVE-2021-44141: Information leak via symlinks of existance of files or
     directories outside of the exported share (bsc#1193690);
   - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS
     module vfs_fruit allows code execution (bsc#1194859);
   - CVE-2022-0336: Samba AD users with permission to write to an account can
     impersonate arbitrary services (bsc#1195048);

   samba was updated to version 4.15.4; (jsc#SLE-23330);

   + CVE-2021-43566: Symlink race error can allow directory creation
     outside of the exported share; (bso#13979); (bsc#1139519);
   + CVE-2021-20316: Symlink race error can allow metadata read and modify
     outside of the exported share; (bso#14842); (bsc#1191227);

   - Build samba with embedded talloc, pytalloc, pytalloc-util, tdb, pytdb,
     tevent, pytevent, ldb, pyldb and pyldb-util libraries. The tdb and ldb
     tools are installed in /usr/lib[64]/samba/bin and their manpages in
     /usr/lib[64]/samba/man

     This avoids removing old functionality.

   samba was updated to 4.15.4:

   * Duplicate SMB file_ids leading to Windows client cache poisoning;
     (bso#14928);
   * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
     NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
   * kill_tcp_connections does not work; (bso#14934);
   * Can't connect to Windows shares not requiring authentication using
     KDE/Gnome; (bso#14935);
   * smbclient -L doesn't set "client max protocol" to NT1 before calling the
     "Reconnecting with SMB1 for workgroup listing" path; (bso#14939);
   * Cross device copy of the crossrename module always fails; (bso#14940);
   * symlinkat function from VFS cap module always fails with an error;
     (bso#14941);
   * Fix possible fsp pointer deference; (bso#14942);
   * Missing pop_sec_ctx() in error path inside close_directory();
     (bso#14944);
   * "smbd --build-options" no longer works without an smb.conf file;
     (bso#14945);

   - Reorganize libs packages. Split samba-libs into samba-client-libs,
     samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
     public libraries depending on internal samba libraries into these
     packages as there were dependency problems everytime one of these public
     libraries changed its version (bsc#1192684). The devel packages are
     merged into samba-devel.
   - Rename package samba-core-devel to samba-devel
   - Update the symlink create by samba-dsdb-modules to private samba ldb
     modules following libldb2 changes from /usr/lib64/ldb/samba to
     /usr/lib64/ldb2/modules/ldb/samba

   sssd was updated:

   - Build with the newer samba versions; (jsc#SLE-23330);
   - Fix a dependency loop by moving internal libraries to sssd-common
     package; (bsc#1182058);

   p11-kit was updated:

   Update to 0.23.2; (jsc#SLE-23330);

   * Fix forking issues with libffi
   * Fix various crashes in corner cases
   * Updated translations
   * Build fixes

   - Fix multiple integer overflows in rpc code (bsc#1180064 CVE-2020-29361):
   - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993)

   ca-certificates was updated:

   - p11-kit 0.23.1 supports pem-directory-hash. (jsc#SLE-23330)

   This update also ships:

   - libnettle 3.1 and gnutls 3.4.17 as parallel libraries to meet the
     requires of the newer samba.

   apparmor was updated:

   - Update samba apparmor profiles for samba 4.15 (jsc#SLE-23330);

   yast2-samba-client was updated:

   - With latest versions of samba (>=4.15.0) calling 'net ads lookup' with
     '-U%' fails; (boo#1193533).
   - yast-samba-client fails to join if /etc/samba/smb.conf or /etc/krb5.conf
     don't exist; (bsc#1089938)
   - Do not stop nmbd while nmbstatus is running, it is not necessary
     anymore; (bsc#1158916);


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-323=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-323=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2022-323=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      apparmor-debugsource-2.8.2-56.6.3
      libapparmor-devel-2.8.2-56.6.3
      libipa_hbac-devel-1.16.1-7.28.9
      libsamba-policy-devel-4.15.4+git.324.8332acf1a63-3.54.1
      libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1
      libsss_idmap-devel-1.16.1-7.28.9
      libsss_nss_idmap-devel-1.16.1-7.28.9
      p11-kit-debuginfo-0.23.2-8.3.2
      p11-kit-debugsource-0.23.2-8.3.2
      p11-kit-devel-0.23.2-8.3.2
      samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
      samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1
      samba-devel-4.15.4+git.324.8332acf1a63-3.54.1
      sssd-debugsource-1.16.1-7.28.9

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64):

      samba-devel-32bit-4.15.4+git.324.8332acf1a63-3.54.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      apache2-mod_apparmor-2.8.2-56.6.3
      apache2-mod_apparmor-debuginfo-2.8.2-56.6.3
      apparmor-debugsource-2.8.2-56.6.3
      apparmor-parser-2.8.2-56.6.3
      apparmor-parser-debuginfo-2.8.2-56.6.3
      libapparmor1-2.8.2-56.6.3
      libapparmor1-debuginfo-2.8.2-56.6.3
      libgnutls30-3.4.17-8.4.1
      libgnutls30-debuginfo-3.4.17-8.4.1
      libhogweed4-3.1-21.3.2
      libhogweed4-debuginfo-3.1-21.3.2
      libipa_hbac0-1.16.1-7.28.9
      libipa_hbac0-debuginfo-1.16.1-7.28.9
      libnettle6-3.1-21.3.2
      libnettle6-debuginfo-3.1-21.3.2
      libp11-kit0-0.23.2-8.3.2
      libp11-kit0-debuginfo-0.23.2-8.3.2
      libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-3.54.1
      libsamba-policy0-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
      libsss_certmap0-1.16.1-7.28.9
      libsss_certmap0-debuginfo-1.16.1-7.28.9
      libsss_idmap0-1.16.1-7.28.9
      libsss_idmap0-debuginfo-1.16.1-7.28.9
      libsss_nss_idmap0-1.16.1-7.28.9
      libsss_nss_idmap0-debuginfo-1.16.1-7.28.9
      libsss_simpleifp0-1.16.1-7.28.9
      libsss_simpleifp0-debuginfo-1.16.1-7.28.9
      p11-kit-0.23.2-8.3.2
      p11-kit-debuginfo-0.23.2-8.3.2
      p11-kit-debugsource-0.23.2-8.3.2
      p11-kit-nss-trust-0.23.2-8.3.2
      p11-kit-tools-0.23.2-8.3.2
      p11-kit-tools-debuginfo-0.23.2-8.3.2
      pam_apparmor-2.8.2-56.6.3
      perl-apparmor-2.8.2-56.6.3
      perl-apparmor-debuginfo-2.8.2-56.6.3
      python-sssd-config-1.16.1-7.28.9
      python-sssd-config-debuginfo-1.16.1-7.28.9
      samba-4.15.4+git.324.8332acf1a63-3.54.1
      samba-client-4.15.4+git.324.8332acf1a63-3.54.1
      samba-client-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
      samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1
      samba-client-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
      samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
      samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1
      samba-ldb-ldap-4.15.4+git.324.8332acf1a63-3.54.1
      samba-ldb-ldap-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
      samba-libs-4.15.4+git.324.8332acf1a63-3.54.1
      samba-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
      samba-libs-python3-4.15.4+git.324.8332acf1a63-3.54.1
      samba-libs-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
      samba-python3-4.15.4+git.324.8332acf1a63-3.54.1
      samba-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
      samba-tool-4.15.4+git.324.8332acf1a63-3.54.1
      samba-winbind-4.15.4+git.324.8332acf1a63-3.54.1
      samba-winbind-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
      samba-winbind-libs-4.15.4+git.324.8332acf1a63-3.54.1
      samba-winbind-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
      sssd-1.16.1-7.28.9
      sssd-ad-1.16.1-7.28.9
      sssd-ad-debuginfo-1.16.1-7.28.9
      sssd-common-1.16.1-7.28.9
      sssd-common-debuginfo-1.16.1-7.28.9
      sssd-dbus-1.16.1-7.28.9
      sssd-dbus-debuginfo-1.16.1-7.28.9
      sssd-debugsource-1.16.1-7.28.9
      sssd-ipa-1.16.1-7.28.9
      sssd-ipa-debuginfo-1.16.1-7.28.9
      sssd-krb5-1.16.1-7.28.9
      sssd-krb5-common-1.16.1-7.28.9
      sssd-krb5-common-debuginfo-1.16.1-7.28.9
      sssd-krb5-debuginfo-1.16.1-7.28.9
      sssd-ldap-1.16.1-7.28.9
      sssd-ldap-debuginfo-1.16.1-7.28.9
      sssd-proxy-1.16.1-7.28.9
      sssd-proxy-debuginfo-1.16.1-7.28.9
      sssd-tools-1.16.1-7.28.9
      sssd-tools-debuginfo-1.16.1-7.28.9

   - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64):

      gnutls-debugsource-3.4.17-8.4.1
      libnettle-debugsource-3.1-21.3.2
      pam_apparmor-debuginfo-2.8.2-56.6.3

   - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):

      libapparmor1-32bit-2.8.2-56.6.3
      libapparmor1-debuginfo-32bit-2.8.2-56.6.3
      libgnutls30-32bit-3.4.17-8.4.1
      libgnutls30-debuginfo-32bit-3.4.17-8.4.1
      libhogweed4-32bit-3.1-21.3.2
      libhogweed4-debuginfo-32bit-3.1-21.3.2
      libnettle6-32bit-3.1-21.3.2
      libnettle6-debuginfo-32bit-3.1-21.3.2
      libp11-kit0-32bit-0.23.2-8.3.2
      libp11-kit0-debuginfo-32bit-0.23.2-8.3.2
      libsamba-policy0-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1
      libsamba-policy0-python3-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1
      p11-kit-32bit-0.23.2-8.3.2
      p11-kit-debuginfo-32bit-0.23.2-8.3.2
      pam_apparmor-32bit-2.8.2-56.6.3
      pam_apparmor-debuginfo-32bit-2.8.2-56.6.3
      samba-client-32bit-4.15.4+git.324.8332acf1a63-3.54.1
      samba-client-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1
      samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1
      samba-client-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1
      samba-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1
      samba-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1
      samba-libs-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1
      samba-libs-python3-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1
      samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1
      samba-winbind-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64):

      libsss_nss_idmap-devel-1.16.1-7.28.9
      samba-devel-4.15.4+git.324.8332acf1a63-3.54.1

   - SUSE Linux Enterprise Server 12-SP5 (ppc64le):

      libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      apparmor-docs-2.8.2-56.6.3
      apparmor-profiles-2.8.2-56.6.3
      apparmor-utils-2.8.2-56.6.3
      ca-certificates-1_201403302107-15.3.3
      samba-doc-4.15.4+git.324.8332acf1a63-3.54.1
      yast2-samba-client-3.1.23-3.3.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      ctdb-4.15.4+git.324.8332acf1a63-3.54.1
      ctdb-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
      samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1
      samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1


References:

   https://www.suse.com/security/cve/CVE-2020-29361.html
   https://www.suse.com/security/cve/CVE-2021-20316.html
   https://www.suse.com/security/cve/CVE-2021-43566.html
   https://www.suse.com/security/cve/CVE-2021-44141.html
   https://www.suse.com/security/cve/CVE-2021-44142.html
   https://www.suse.com/security/cve/CVE-2022-0336.html
   https://bugzilla.suse.com/1089938
   https://bugzilla.suse.com/1139519
   https://bugzilla.suse.com/1158916
   https://bugzilla.suse.com/1180064
   https://bugzilla.suse.com/1182058
   https://bugzilla.suse.com/1191227
   https://bugzilla.suse.com/1192684
   https://bugzilla.suse.com/1193533
   https://bugzilla.suse.com/1193690
   https://bugzilla.suse.com/1194859
   https://bugzilla.suse.com/1195048

SUSE: 2022:0323-1 critical: samba

February 3, 2022

An update that solves 6 vulnerabilities, contains one feature and has 5 fixes is now available

Summary

This update contains a major security update for Samba. samba has received security fixes: - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services (bsc#1195048); samba was updated to version 4.15.4; (jsc#SLE-23330); + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bso#13979); (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bso#14842); (bsc#1191227); - Build samba with embedded talloc, pytalloc, pytalloc-util, tdb, pytdb, tevent, pytevent, ldb, pyldb and pyldb-util libraries. The tdb and ldb tools are installed in /usr/lib[64]/samba/bin and their manpages in /usr/lib[64]/samba/man This avoids removing old functionality. samba was updated to 4.15.4: * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set "client max protocol" to NT1 before calling the "Reconnecting with SMB1 for workgroup listing" path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * "smbd --build-options" no longer works without an smb.conf file; (bso#14945); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba sssd was updated: - Build with the newer samba versions; (jsc#SLE-23330); - Fix a dependency loop by moving internal libraries to sssd-common package; (bsc#1182058); p11-kit was updated: Update to 0.23.2; (jsc#SLE-23330); * Fix forking issues with libffi * Fix various crashes in corner cases * Updated translations * Build fixes - Fix multiple integer overflows in rpc code (bsc#1180064 CVE-2020-29361): - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993) ca-certificates was updated: - p11-kit 0.23.1 supports pem-directory-hash. (jsc#SLE-23330) This update also ships: - libnettle 3.1 and gnutls 3.4.17 as parallel libraries to meet the requires of the newer samba. apparmor was updated: - Update samba apparmor profiles for samba 4.15 (jsc#SLE-23330); yast2-samba-client was updated: - With latest versions of samba (>=4.15.0) calling 'net ads lookup' with '-U%' fails; (boo#1193533). - yast-samba-client fails to join if /etc/samba/smb.conf or /etc/krb5.conf don't exist; (bsc#1089938) - Do not stop nmbd while nmbstatus is running, it is not necessary anymore; (bsc#1158916); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-323=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-323=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-323=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.8.2-56.6.3 libapparmor-devel-2.8.2-56.6.3 libipa_hbac-devel-1.16.1-7.28.9 libsamba-policy-devel-4.15.4+git.324.8332acf1a63-3.54.1 libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1 libsss_idmap-devel-1.16.1-7.28.9 libsss_nss_idmap-devel-1.16.1-7.28.9 p11-kit-debuginfo-0.23.2-8.3.2 p11-kit-debugsource-0.23.2-8.3.2 p11-kit-devel-0.23.2-8.3.2 samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1 samba-devel-4.15.4+git.324.8332acf1a63-3.54.1 sssd-debugsource-1.16.1-7.28.9 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): samba-devel-32bit-4.15.4+git.324.8332acf1a63-3.54.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-56.6.3 apache2-mod_apparmor-debuginfo-2.8.2-56.6.3 apparmor-debugsource-2.8.2-56.6.3 apparmor-parser-2.8.2-56.6.3 apparmor-parser-debuginfo-2.8.2-56.6.3 libapparmor1-2.8.2-56.6.3 libapparmor1-debuginfo-2.8.2-56.6.3 libgnutls30-3.4.17-8.4.1 libgnutls30-debuginfo-3.4.17-8.4.1 libhogweed4-3.1-21.3.2 libhogweed4-debuginfo-3.1-21.3.2 libipa_hbac0-1.16.1-7.28.9 libipa_hbac0-debuginfo-1.16.1-7.28.9 libnettle6-3.1-21.3.2 libnettle6-debuginfo-3.1-21.3.2 libp11-kit0-0.23.2-8.3.2 libp11-kit0-debuginfo-0.23.2-8.3.2 libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-3.54.1 libsamba-policy0-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 libsss_certmap0-1.16.1-7.28.9 libsss_certmap0-debuginfo-1.16.1-7.28.9 libsss_idmap0-1.16.1-7.28.9 libsss_idmap0-debuginfo-1.16.1-7.28.9 libsss_nss_idmap0-1.16.1-7.28.9 libsss_nss_idmap0-debuginfo-1.16.1-7.28.9 libsss_simpleifp0-1.16.1-7.28.9 libsss_simpleifp0-debuginfo-1.16.1-7.28.9 p11-kit-0.23.2-8.3.2 p11-kit-debuginfo-0.23.2-8.3.2 p11-kit-debugsource-0.23.2-8.3.2 p11-kit-nss-trust-0.23.2-8.3.2 p11-kit-tools-0.23.2-8.3.2 p11-kit-tools-debuginfo-0.23.2-8.3.2 pam_apparmor-2.8.2-56.6.3 perl-apparmor-2.8.2-56.6.3 perl-apparmor-debuginfo-2.8.2-56.6.3 python-sssd-config-1.16.1-7.28.9 python-sssd-config-debuginfo-1.16.1-7.28.9 samba-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1 samba-ldb-ldap-4.15.4+git.324.8332acf1a63-3.54.1 samba-ldb-ldap-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-python3-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-python3-4.15.4+git.324.8332acf1a63-3.54.1 samba-python3-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-tool-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-libs-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-libs-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 sssd-1.16.1-7.28.9 sssd-ad-1.16.1-7.28.9 sssd-ad-debuginfo-1.16.1-7.28.9 sssd-common-1.16.1-7.28.9 sssd-common-debuginfo-1.16.1-7.28.9 sssd-dbus-1.16.1-7.28.9 sssd-dbus-debuginfo-1.16.1-7.28.9 sssd-debugsource-1.16.1-7.28.9 sssd-ipa-1.16.1-7.28.9 sssd-ipa-debuginfo-1.16.1-7.28.9 sssd-krb5-1.16.1-7.28.9 sssd-krb5-common-1.16.1-7.28.9 sssd-krb5-common-debuginfo-1.16.1-7.28.9 sssd-krb5-debuginfo-1.16.1-7.28.9 sssd-ldap-1.16.1-7.28.9 sssd-ldap-debuginfo-1.16.1-7.28.9 sssd-proxy-1.16.1-7.28.9 sssd-proxy-debuginfo-1.16.1-7.28.9 sssd-tools-1.16.1-7.28.9 sssd-tools-debuginfo-1.16.1-7.28.9 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): gnutls-debugsource-3.4.17-8.4.1 libnettle-debugsource-3.1-21.3.2 pam_apparmor-debuginfo-2.8.2-56.6.3 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libapparmor1-32bit-2.8.2-56.6.3 libapparmor1-debuginfo-32bit-2.8.2-56.6.3 libgnutls30-32bit-3.4.17-8.4.1 libgnutls30-debuginfo-32bit-3.4.17-8.4.1 libhogweed4-32bit-3.1-21.3.2 libhogweed4-debuginfo-32bit-3.1-21.3.2 libnettle6-32bit-3.1-21.3.2 libnettle6-debuginfo-32bit-3.1-21.3.2 libp11-kit0-32bit-0.23.2-8.3.2 libp11-kit0-debuginfo-32bit-0.23.2-8.3.2 libsamba-policy0-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1 libsamba-policy0-python3-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 p11-kit-32bit-0.23.2-8.3.2 p11-kit-debuginfo-32bit-0.23.2-8.3.2 pam_apparmor-32bit-2.8.2-56.6.3 pam_apparmor-debuginfo-32bit-2.8.2-56.6.3 samba-client-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-client-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-libs-python3-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1 samba-winbind-libs-debuginfo-32bit-4.15.4+git.324.8332acf1a63-3.54.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): libsss_nss_idmap-devel-1.16.1-7.28.9 samba-devel-4.15.4+git.324.8332acf1a63-3.54.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apparmor-docs-2.8.2-56.6.3 apparmor-profiles-2.8.2-56.6.3 apparmor-utils-2.8.2-56.6.3 ca-certificates-1_201403302107-15.3.3 samba-doc-4.15.4+git.324.8332acf1a63-3.54.1 yast2-samba-client-3.1.23-3.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.15.4+git.324.8332acf1a63-3.54.1 ctdb-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debuginfo-4.15.4+git.324.8332acf1a63-3.54.1 samba-debugsource-4.15.4+git.324.8332acf1a63-3.54.1

References

#1089938 #1139519 #1158916 #1180064 #1182058

#1191227 #1192684 #1193533 #1193690 #1194859

#1195048 SLE-23330

Cross- CVE-2020-29361 CVE-2021-20316 CVE-2021-43566

CVE-2021-44141 CVE-2021-44142 CVE-2022-0336

CVSS scores:

CVE-2020-29361 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-29361 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-20316 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N

CVE-2021-43566 (SUSE): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CVE-2021-44141 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVE-2021-44142 (SUSE): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2022-0336 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP Applications 12-SP5

SUSE Linux Enterprise Desktop 12-SP5

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise High Availability 12-SP5

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP Applications 12-SP5

SUSE Linux Enterprise High Performance Computing 12-SP5

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Server for SAP Applications 12-SP3

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server for SAP Applications 12-SP4

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP Applications 12-SP5

https://www.suse.com/security/cve/CVE-2020-29361.html

https://www.suse.com/security/cve/CVE-2021-20316.html

https://www.suse.com/security/cve/CVE-2021-43566.html

https://www.suse.com/security/cve/CVE-2021-44141.html

https://www.suse.com/security/cve/CVE-2021-44142.html

https://www.suse.com/security/cve/CVE-2022-0336.html

https://bugzilla.suse.com/1089938

https://bugzilla.suse.com/1139519

https://bugzilla.suse.com/1158916

https://bugzilla.suse.com/1180064

https://bugzilla.suse.com/1182058

https://bugzilla.suse.com/1191227

https://bugzilla.suse.com/1192684

https://bugzilla.suse.com/1193533

https://bugzilla.suse.com/1193690

https://bugzilla.suse.com/1194859

https://bugzilla.suse.com/1195048

Severity

Announcement ID: SUSE-SU-2022:0323-1

Rating: critical

SUSE: 2022:0323-1 critical: samba

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By