Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2022:4395-1 Important: Samba Buffer Overflow Security Advisory

suse
Calendar Grey December 9, 2022
Dist Suse Esm H88
Crucial SUSE Security Patch for OpenSSH has been released, tackling various high-priority bugs and weaknesses.
An update that solves 7 vulnerabilities and has two fixes is now available

Summary

This update for samba fixes the following issues: Version update to 4.15.12. Security issues fixed: - CVE-2022-2031: Fixed AD users that could have bypassed certain restrictions associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed SMB1 code that does not correctly verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths (bsc#1201496). - CVE-2022-32744: Fixed AD users that could have forged password change requests for any user (bsc#1201493). - CVE-2022-32745: Fixed AD users that could have crashed the server process with an LDAP add or modify request (bsc#1201492). - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-3437: Fixed buffer overflow in Heimdal unwrap_des3() (bsc#1204254).

Topics%20covered

Topics Covered

security advisory buffer overflow samba patch important fixes suse

References

#1200102 #1201490 #1201492 #1201493 #1201495

#1201496 #1201689 #1204254 #1205126

Cross- CVE-2022-2031 CVE-2022-32742 CVE-2022-32744

CVE-2022-32745 CVE-2022-32746 CVE-2022-3437

CVE-2022-42898

CVSS scores:

CVE-2022-2031 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-2031 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-32742 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVE-2022-32742 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVE-2022-32744 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-32744 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-32745 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:4395-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow samba patch important fixes suse

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here