OPENSUSE-SU-2021:0636-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 30 Apr 2021, 19:22
Last modified:04 Feb 2026, 02:51
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
30 Apr 2021, 19:22
Published
Vulnerability first disclosed
04 Feb 2026, 02:51
Last Modified
Vulnerability information updated
Description
Security update for samba This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). - s3-libads: use dns name to open a ldap session (bsc#1184310). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). This update was imported from the SUSE:SLE-15-SP2:Update update project.
Affected Systems
- opensuse•samba&distro=openSUSE Leap 15.2
< 4.11.14+git.247.8c858f7ee14-lp152.3.19.1
References (10)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PJGQFNCBDL3CAZODHIFOKKWU3XGKLEKA/
- https://bugzilla.suse.com/1178469
- https://bugzilla.suse.com/1179156
- https://bugzilla.suse.com/1183572
- https://bugzilla.suse.com/1183574
- https://bugzilla.suse.com/1184310
- https://bugzilla.suse.com/1184677
- https://www.suse.com/security/cve/CVE-2020-27840
- https://www.suse.com/security/cve/CVE-2021-20254
- https://www.suse.com/security/cve/CVE-2021-20277