Bug 31346

Summary: samba new security issues CVE-2021-20251, CVE-2022-1615, CVE-2022-32743
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Buchan Milne <bgmilne>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: samba-4.16.8-1.mga8.src.rpm CVE:
Status comment: Fixed upstream in 4.17.4
Bug Depends on: 30843, 31735    
Bug Blocks:    

Description David Walser 2022-12-31 22:06:08 CET 
+++ This bug was initially created as a clone of Bug #30843 +++

SUSE has issued an advisory today (September 12):
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012209.html

Equivalent openSUSE advisory:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OO5PL2WBIOJ6AX5KEDZSYH6ILAFYPCOW/

Fedora has issued an advisory for this today (September 16):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YOHL3O2H4FYUTUK2D4PURO24UAX3EBPW/

It doesn't look like the upstream fixes have made it into any stable releases yet.

Mageia 8 is also affected.
David Walser 2022-12-31 22:06:34 CET

Source RPM: samba-4.16.8-1.mga8 => samba-4.16.8-1.mga8.src.rpm
Status comment: (none) => Fixed upstream in 4.17.0
Severity: normal => major

Comment 1 David Walser 2023-01-23 21:57:29 CET 
SUSE has issued an advisory today (January 23):
https://lists.suse.com/pipermail/sle-security-updates/2023-January/013509.html

The CVE-2021-20251 issue is fixed upstream in 4.17.4.

Summary: samba new security issues CVE-2022-1615 and CVE-2022-32743 => samba new security issues CVE-2021-20251, CVE-2022-1615, CVE-2022-32743
Status comment: Fixed upstream in 4.17.0 => Fixed upstream in 4.17.4

Comment 2 David Walser 2023-01-25 16:10:32 CET 
(In reply to David Walser from comment #1)
> SUSE has issued an advisory today (January 23):
> https://lists.suse.com/pipermail/sle-security-updates/2023-January/013509.
> html
> 
> The CVE-2021-20251 issue is fixed upstream in 4.17.4.

Ubuntu has issued an advisory for this on January 24:
https://ubuntu.com/security/notices/USN-5822-1
Comment 3 David Walser 2023-01-27 16:24:03 CET 
(In reply to David Walser from comment #1)
> SUSE has issued an advisory today (January 23):
> https://lists.suse.com/pipermail/sle-security-updates/2023-January/013509.
> html
> 
> The CVE-2021-20251 issue is fixed upstream in 4.17.4.

Equivalent openSUSE advisory:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZOBTTQFF6GG7YAS7P57L3YTPEJ3NCLRE/
David Walser 2023-03-30 20:18:16 CEST

Depends on: (none) => 31735

Comment 4 Nicolas Salguero 2024-01-12 10:34:20 CET 
Mageia 8 EOL

CC: (none) => nicolas.salguero
Resolution: (none) => OLD
Status: NEW => RESOLVED