Security update for samba SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:0284-1 Final 1 1 2022-02-01T16:15:53Z current 2022-02-01T16:15:53Z 2022-02-01T16:15:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for samba This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/K7LELM65YZ36YQVKZDECL77ZYNXAWR6D/ E-Mail link for openSUSE-SU-2022:0284-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1194859 SUSE Bug 1194859 https://www.suse.com/security/cve/CVE-2021-44142/ SUSE CVE CVE-2021-44142 page openSUSE Leap 15.4 libsamba-policy-python-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy-python-devel-4.9.5+git.483.212a7ebca6b-3.64.1 as a component of openSUSE Leap 15.4 libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1 as a component of openSUSE Leap 15.4 libsamba-policy0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 as a component of openSUSE Leap 15.4 samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1 as a component of openSUSE Leap 15.4 samba-libs-python-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 as a component of openSUSE Leap 15.4 samba-python-4.9.5+git.483.212a7ebca6b-3.64.1 as a component of openSUSE Leap 15.4 The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. CVE-2021-44142 openSUSE Leap 15.4:libsamba-policy-python-devel-4.9.5+git.483.212a7ebca6b-3.64.1 openSUSE Leap 15.4:libsamba-policy0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 openSUSE Leap 15.4:libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1 openSUSE Leap 15.4:samba-libs-python-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 openSUSE Leap 15.4:samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1 openSUSE Leap 15.4:samba-python-4.9.5+git.483.212a7ebca6b-3.64.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/K7LELM65YZ36YQVKZDECL77ZYNXAWR6D/ https://www.suse.com/security/cve/CVE-2021-44142.html CVE-2021-44142 https://bugzilla.suse.com/1194859 SUSE Bug 1194859 https://bugzilla.suse.com/1195611 SUSE Bug 1195611 https://bugzilla.suse.com/1196455 SUSE Bug 1196455