SUSE: 2023:2929-1 Critical Updates for Samba DoS Vulnerabilities

suse

February 27, 2024

* bsc#1212375 * bsc#1213170 * bsc#1213171 * bsc#1213172 * bsc#1213173

Summary

## This update for samba fixes the following issues: samba was updated to version 4.17.9: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). * CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). * CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). * CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). * CVE-2023-3347: Fixed issue where SMB2 packet signing not enforced (bsc#1213170). * CVE-2020-25720: Fixed issue where creating child permission allowed full write to all attributes (bsc#1213386). Bugfixes: * Fixed trust relationship failure (bsc#1213384).

Topics Covered

security advisory DoS security fix patch SUSE Samba important update

References

* bsc#1212375

* bsc#1213170

* bsc#1213171

* bsc#1213172

* bsc#1213173

* bsc#1213174

* bsc#1213384

* bsc#1213386

Cross-

* CVE-2020-25720

* CVE-2022-2127

* CVE-2023-3347

* CVE-2023-34966

* CVE-2023-34967

* CVE-2023-34968

CVSS scores:

* CVE-2022-2127 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2022-2127 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-3347 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

* CVE-2023-3347 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2023-34966 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-34966 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-34967 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2023:2929-1

Rating: important

Topics Covered

security advisory DoS security fix patch SUSE Samba important update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

SUSE: 2023:2929-1 Critical Updates for Samba DoS Vulnerabilities

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

SUSE: 2023:2929-1 Critical Updates for Samba DoS Vulnerabilities

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!