openSUSE has issued an advisory on May 9: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DVDBCJM6TSTZQNECLEKK3QRJ6HVNZU7N/ The issue is fixed upstream in 2.3.3. *As the comment in the SPEC says, make sure to rebuild samba and sssd!*
From the Samba bug ( https://bugzilla.samba.org/show_bug.cgi?id=14694 ) > Removing advisory as this is just confusing as we won't do a security release for this any more, as this has been downgraded to a hardening. > 2021-12-15 14:53:18 UTC > This bug was referenced in samba v4-14-stable (Release samba-4.14.11): We have 4.14.12 I don't know if it makes sense to update, test and release this now taking the above into account. In the case of a future samba security bug, we can ship the update ldb version. Re-open if you don't agree.
Status: NEW => RESOLVEDResolution: (none) => WONTFIX
We're already on the 2.3.x branch so there's very little risk in updating it. Samba version is irrelevant because we don't use the bundled ldb. We probably should have updated this when we updated samba. If you want to hold this update for the next Samba update, that's probably fine.
Resolution: WONTFIX => (none)Status: RESOLVED => REOPENED
Fixed in Bug 30675. *** This bug has been marked as a duplicate of bug 30675 ***
Resolution: (none) => DUPLICATEStatus: REOPENED => RESOLVED