SUSE-SU-2022:0323-1

Advisory lineage Upstream: 7 Downstream: 0
Published: 14 Feb 2022, 09:58
Last modified:04 Feb 2026, 03:29

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

14 Feb 2022, 09:58
Published
Vulnerability first disclosed
04 Feb 2026, 03:29
Last Modified
Vulnerability information updated

Description

Security update for samba This update contains a major security update for Samba. samba has received security fixes: - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services (bsc#1195048); samba was updated to version 4.15.4; (jsc#SLE-23330); + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bso#13979); (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bso#14842); (bsc#1191227); - Build samba with embedded talloc, pytalloc, pytalloc-util, tdb, pytdb, tevent, pytevent, ldb, pyldb and pyldb-util libraries. The tdb and ldb tools are installed in /usr/lib[64]/samba/bin and their manpages in /usr/lib[64]/samba/man This avoids removing old functionality. samba was updated to 4.15.4: * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba sssd was updated: - Build with the newer samba versions; (jsc#SLE-23330); - Fix a dependency loop by moving internal libraries to sssd-common package; (bsc#1182058); p11-kit was updated: Update to 0.23.2; (jsc#SLE-23330); * Fix forking issues with libffi * Fix various crashes in corner cases * Updated translations * Build fixes - Fix multiple integer overflows in rpc code (bsc#1180064 CVE-2020-29361): - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993) ca-certificates was updated: - p11-kit 0.23.1 supports pem-directory-hash. (jsc#SLE-23330) This update also ships: - libnettle 3.1 and gnutls 3.4.17 as parallel libraries to meet the requires of the newer samba. apparmor was updated: - Update samba apparmor profiles for samba 4.15 (jsc#SLE-23330); yast2-samba-client was updated: - With latest versions of samba (>=4.15.0) calling 'net ads lookup' with '-U%' fails; (boo#1193533). - yast-samba-client fails to join if /etc/samba/smb.conf or /etc/krb5.conf don't exist; (bsc#1089938) - Do not stop nmbd while nmbstatus is running, it is not necessary anymore; (bsc#1158916);

Affected Systems

  • suseapparmor&distro=SUSE Linux Enterprise Server 12 SP5

    < 2.8.2-56.6.3

  • suseapparmor&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

    < 2.8.2-56.6.3

  • suseapparmor&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

    < 2.8.2-56.6.3

  • suseca-certificates&distro=SUSE Linux Enterprise Server 12 SP5

    < 1_201403302107-15.3.3

  • suseca-certificates&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

    < 1_201403302107-15.3.3

  • susegnutls&distro=SUSE Linux Enterprise Server 12 SP5

    < 3.4.17-8.4.1

  • susegnutls&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

    < 3.4.17-8.4.1

  • suselibnettle&distro=SUSE Linux Enterprise Server 12 SP5

    < 3.1-21.3.2

  • suselibnettle&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

    < 3.1-21.3.2

  • susep11-kit&distro=SUSE Linux Enterprise Server 12 SP5

    < 0.23.2-8.3.2

  • susep11-kit&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

    < 0.23.2-8.3.2

  • susep11-kit&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

    < 0.23.2-8.3.2

  • susesamba&distro=SUSE Linux Enterprise High Availability Extension 12 SP5

    < 4.15.4+git.324.8332acf1a63-3.54.1

  • susesamba&distro=SUSE Linux Enterprise Server 12 SP5

    < 4.15.4+git.324.8332acf1a63-3.54.1

  • susesamba&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

    < 4.15.4+git.324.8332acf1a63-3.54.1

  • susesamba&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

    < 4.15.4+git.324.8332acf1a63-3.54.1

  • susesssd&distro=SUSE Linux Enterprise Server 12 SP5

    < 1.16.1-7.28.9

  • susesssd&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

    < 1.16.1-7.28.9

  • susesssd&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

    < 1.16.1-7.28.9

  • suseyast2-samba-client&distro=SUSE Linux Enterprise Server 12 SP5

    < 3.1.23-3.3.1

  • suseyast2-samba-client&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

    < 3.1.23-3.3.1

References (20)