SUSE-SU-2023:4046-1
Vulnerability Summary
Timeline
Description
Security update for samba This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bsc#1215905) - CVE-2023-42670: Fixed the procedure number which was out of range when starting Active Directory Users and Computers. (bsc#1215906) - CVE-2023-3961: Fixed an unsanitized client pipe name passed to local_np_connect(). (bsc#1215907) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908)
Affected Systems
- opensuse•samba&distro=openSUSE Leap 15.5
< 4.17.9+git.421.abde31ca5c2-150500.3.11.1
- suse•samba&distro=SUSE Linux Enterprise High Availability Extension 15 SP5
< 4.17.9+git.421.abde31ca5c2-150500.3.11.1
- suse•samba&distro=SUSE Linux Enterprise Micro 5.5
< 4.17.9+git.421.abde31ca5c2-150500.3.11.1
- suse•samba&distro=SUSE Linux Enterprise Module for Basesystem 15 SP5
< 4.17.9+git.421.abde31ca5c2-150500.3.11.1
References (11)
- https://www.suse.com/support/update/announcement/2023/suse-su-20234046-1/
- https://bugzilla.suse.com/1215904
- https://bugzilla.suse.com/1215905
- https://bugzilla.suse.com/1215906
- https://bugzilla.suse.com/1215907
- https://bugzilla.suse.com/1215908
- https://www.suse.com/security/cve/CVE-2023-3961
- https://www.suse.com/security/cve/CVE-2023-4091
- https://www.suse.com/security/cve/CVE-2023-4154
- https://www.suse.com/security/cve/CVE-2023-42669
- https://www.suse.com/security/cve/CVE-2023-42670