Bugzilla – Bug 1201493
VUL-0: CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user
Last modified: 2022-08-03 22:18:17 UTC
Thanks for the submissions! However we also need submission for SUSE:SLE-11-SP3:Update SUSE:SLE-12-SP1:Update SUSE:SLE-12-SP2:Update SUSE:SLE-12-SP3:Update SUSE:SLE-15:Update SUSE:SLE-15-SP1:Update SUSE:SLE-15-SP2:Update SUSE:SLE-15-SP2:Update:Products:SES7:Update
(In reply to Thomas Leroy from comment #5) > Thanks for the submissions! However we also need submission for > SUSE:SLE-11-SP3:Update > SUSE:SLE-12-SP1:Update > SUSE:SLE-12-SP2:Update > SUSE:SLE-12-SP3:Update > SUSE:SLE-15:Update These did not have the AD domain controller shipped > SUSE:SLE-15-SP1:Update > SUSE:SLE-15-SP2:Update These two had AD domain controller but only as a tech preview, and it would be risky to backport a massive changeset to LTSS-only releases for a tech preview. > SUSE:SLE-15-SP2:Update:Products:SES7:Update This did not have the AD domain controller shipped
public: https://www.samba.org/samba/security/CVE-2022-32744.html
SUSE-SU-2022:2586-1: An update that solves 5 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 1196224,1198255,1199247,1199734,1200556,1200964,1201490,1201492,1201493,1201495,1201496 CVE References: CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746 JIRA References: Sources used: openSUSE Leap 15.3 (src): ldb-2.4.3-150300.3.20.1, samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 SUSE Linux Enterprise Module for Python2 15-SP3 (src): samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): ldb-2.4.3-150300.3.20.1, samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 SUSE Linux Enterprise Micro 5.2 (src): ldb-2.4.3-150300.3.20.1, samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 SUSE Linux Enterprise Micro 5.1 (src): ldb-2.4.3-150300.3.20.1 SUSE Linux Enterprise High Availability 15-SP3 (src): samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 SUSE Enterprise Storage 7.1 (src): ldb-2.4.3-150300.3.20.1, samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2582-1: An update that solves 5 vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1198255,1199247,1199734,1200556,1200964,1201490,1201492,1201493,1201495,1201496 CVE References: CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): samba-4.15.8+git.462.e73f4310487-3.68.1 SUSE Linux Enterprise Server 12-SP5 (src): samba-4.15.8+git.462.e73f4310487-3.68.1 SUSE Linux Enterprise High Availability 12-SP5 (src): samba-4.15.8+git.462.e73f4310487-3.68.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:2659-1: An update that solves 5 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 1196224,1198255,1199247,1199734,1200556,1200964,1201490,1201492,1201493,1201495,1201496 CVE References: CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746 JIRA References: Sources used: openSUSE Leap 15.4 (src): ldb-2.4.3-150400.4.8.1, samba-4.15.8+git.500.d5910280cc7-150400.3.11.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): ldb-2.4.3-150400.4.8.1, samba-4.15.8+git.500.d5910280cc7-150400.3.11.1 SUSE Linux Enterprise High Availability 15-SP4 (src): samba-4.15.8+git.500.d5910280cc7-150400.3.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.