SUSE-SU-2023:0122-1 -- SLES samba, libdcerpc-binding0, libdcerpc0, libndr-krb5pac0, libndr-nbt0, libndr-standard0, libndr0, libnetapi0, libsamba-credentials0, libsamba-errors0, libsamba-hostconfig0, libsamba-passdb0, libsamba-util0, libsamdb0, libsmbclient0, libsmbconf0, libsmbldap0, libtevent-util0, libwbclient0| ID: oval:org.secpod.oval:def:89048151 | Date: (C)2023-02-02 (M)2024-04-29 |
| Class: PATCH | Family: unix |
This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user"s password . - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel . - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation . - CVE-2020-14323: Fixed a denial of service in winbindd . - CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock .
| Platform: |
| SUSE Linux Enterprise Server 12 SP2 |
| Product: |
| samba |
| libdcerpc-binding0 |
| libdcerpc0 |
| libndr-krb5pac0 |
| libndr-nbt0 |
| libndr-standard0 |
| libndr0 |
| libnetapi0 |
| libsamba-credentials0 |
| libsamba-errors0 |
| libsamba-hostconfig0 |
| libsamba-passdb0 |
| libsamba-util0 |
| libsamdb0 |
| libsmbclient0 |
| libsmbconf0 |
| libsmbldap0 |
| libtevent-util0 |
| libwbclient0 |
