Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

SUSE Linux Enterprise 12-SP5: 2022:3270-1 Important Samba Error Fix

suse
Calendar Grey September 14, 2022
Dist Suse Esm H88
SUSE has released a vital security update for Samba to fix a significant vulnerability threatening system integrity, urging admins to apply it promptly to safeguard systems
An update that solves one vulnerability and has one errata is now available

Summary

This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976). Bugfixes: - Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3270=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3270=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-3270=1

References

#1200102 #1202976

Cross- CVE-2022-1615

CVSS scores:

CVE-2022-1615 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2022-1615 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise High Availability 12-SP5

SUSE Linux Enterprise High Performance Computing 12-SP5

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP Applications 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP5

https://www.suse.com/security/cve/CVE-2022-1615.html

https://bugzilla.suse.com/1200102

https://bugzilla.suse.com/1202976

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3270-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.