Bug 1216440 (CVE-2023-5568)

Summary: VUL-0: CVE-2023-5568: samba: heap buffer overflow with freshness tokens in the Heimdal KDC
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: nopower, samba, thomas.leroy
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/382496/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2023-10-20 10:14:57 UTC 
The KDC doesn’t allocate enough memory for the ‘heim_octet_string’ containing the freshness token. Potential denial of service and likely low impact. Patched in Samba 4.19.2.

Reference: 
- https://www.samba.org/samba/history/samba-4.19.2.html
- https://bugzilla.samba.org/show_bug.cgi?id=15491

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5568
https://github.com/samba-team/samba/commit/3280893ae80507e36653a0c7da03c82b88ece30b
Comment 1 Thomas Leroy 2023-10-20 10:16:22 UTC 
Issue added in 4.19.0rc2, so only openSUSE:Factory is affected
Comment 2 Noel Power 2023-10-21 10:01:33 UTC 
(In reply to Thomas Leroy from comment #1)
> Issue added in 4.19.0rc2, so only openSUSE:Factory is affected

4.19.2 has this fix. 4.19.2 already been submitted and already is in factory

reassigning to sec team to close
Comment 3 Thomas Leroy 2023-10-23 06:54:02 UTC 
(In reply to Noel Power from comment #2)
> (In reply to Thomas Leroy from comment #1)
> > Issue added in 4.19.0rc2, so only openSUSE:Factory is affected
> 
> 4.19.2 has this fix. 4.19.2 already been submitted and already is in factory
> 
> reassigning to sec team to close

Thanks Noel. Closing