Bug 31346 - samba new security issues CVE-2021-20251, CVE-2022-1615, CVE-2022-32743
Summary: samba new security issues CVE-2021-20251, CVE-2022-1615, CVE-2022-32743
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Buchan Milne
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on: 30843 31735
Blocks:
  Show dependency treegraph
 
Reported: 2022-12-31 22:06 CET by David Walser
Modified: 2024-01-12 10:34 CET (History)
1 user (show)

See Also:
Source RPM: samba-4.16.8-1.mga8.src.rpm
CVE:
Status comment: Fixed upstream in 4.17.4


Attachments

Description David Walser 2022-12-31 22:06:08 CET
+++ This bug was initially created as a clone of Bug #30843 +++

SUSE has issued an advisory today (September 12):
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012209.html

Equivalent openSUSE advisory:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OO5PL2WBIOJ6AX5KEDZSYH6ILAFYPCOW/

Fedora has issued an advisory for this today (September 16):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YOHL3O2H4FYUTUK2D4PURO24UAX3EBPW/

It doesn't look like the upstream fixes have made it into any stable releases yet.

Mageia 8 is also affected.
David Walser 2022-12-31 22:06:34 CET

Source RPM: samba-4.16.8-1.mga8 => samba-4.16.8-1.mga8.src.rpm
Status comment: (none) => Fixed upstream in 4.17.0
Severity: normal => major

Comment 1 David Walser 2023-01-23 21:57:29 CET
SUSE has issued an advisory today (January 23):
https://lists.suse.com/pipermail/sle-security-updates/2023-January/013509.html

The CVE-2021-20251 issue is fixed upstream in 4.17.4.

Summary: samba new security issues CVE-2022-1615 and CVE-2022-32743 => samba new security issues CVE-2021-20251, CVE-2022-1615, CVE-2022-32743
Status comment: Fixed upstream in 4.17.0 => Fixed upstream in 4.17.4

Comment 2 David Walser 2023-01-25 16:10:32 CET
(In reply to David Walser from comment #1)
> SUSE has issued an advisory today (January 23):
> https://lists.suse.com/pipermail/sle-security-updates/2023-January/013509.
> html
> 
> The CVE-2021-20251 issue is fixed upstream in 4.17.4.

Ubuntu has issued an advisory for this on January 24:
https://ubuntu.com/security/notices/USN-5822-1
Comment 3 David Walser 2023-01-27 16:24:03 CET
(In reply to David Walser from comment #1)
> SUSE has issued an advisory today (January 23):
> https://lists.suse.com/pipermail/sle-security-updates/2023-January/013509.
> html
> 
> The CVE-2021-20251 issue is fixed upstream in 4.17.4.

Equivalent openSUSE advisory:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZOBTTQFF6GG7YAS7P57L3YTPEJ3NCLRE/
David Walser 2023-03-30 20:18:16 CEST

Depends on: (none) => 31735

Comment 4 Nicolas Salguero 2024-01-12 10:34:20 CET
Mageia 8 EOL

CC: (none) => nicolas.salguero
Resolution: (none) => OLD
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.