Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:0361-1 Critical: LDB and Samba Security Update

suse
Calendar Grey February 10, 2022
Dist Suse Esm H88
Important security patch released for SUSE tackling 11 vulnerabilities in ldb and samba. Vital for maintaining system integrity and protection.
An update that solves 11 vulnerabilities, contains one feature and has two fixes is now available

Summary

This update for ldb, samba fixes the following issues: Changes in ldb: + CVE-2020-25718: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246) + CVE-2021-3738: Fixed a crash in dsdb stack (bsc#1192215) Release ldb 2.2.2 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message + Fix memory handling in ldb.msg_diff + Backport bronze bit fixes, tests, and selftest improvements. Changes in samba: - CVE-2021-44142: Fixed an Out-of-Bound Read/Write on Samba vfs_fruit module; (bsc#1194859) - The username map [script] advice from CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails; (bsc#1192849); (bso#14901).

Topics%20covered

Topics Covered

security advisory critical samba security fix patch SUSE ldb

References

#1014440 #1188727 #1189017 #1189875 #1192214

#1192215 #1192246 #1192247 #1192283 #1192284

#1192505 #1192849 #1194859 SLE-18456

Cross- CVE-2016-2124 CVE-2020-17049 CVE-2020-25717

CVE-2020-25718 CVE-2020-25719 CVE-2020-25721

CVE-2020-25722 CVE-2021-20254 CVE-2021-23192

CVE-2021-3738 CVE-2021-44142

CVSS scores:

CVE-2020-17049 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE-2020-25718 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-25719 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2020-25721 (SUSE): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CVE-2020-25722 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0361-1
Rating: critical

Topics%20covered

Topics Covered

security advisory critical samba security fix patch SUSE ldb

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here