{"schema_version":"1.7.2","id":"OESA-2023-1018","modified":"2023-01-06T11:04:46Z","published":"2023-01-06T11:04:46Z","upstream":["CVE-2022-45141","CVE-2022-37966"],"summary":"samba security update","details":"Samba is a suite of programs for Linux and Unix to interoperate with Windows.\r\n\r\nSecurity Fix(es):\r\n\r\nSince the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).(CVE-2022-45141)\r\n\r\nWindows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.(CVE-2022-37966)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS","name":"samba","purl":"pkg:rpm/openEuler/samba\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.15.3-18.oe2203"}]}],"ecosystem_specific":{"aarch64":["ctdb-4.15.3-18.oe2203.aarch64.rpm","samba-client-4.15.3-18.oe2203.aarch64.rpm","samba-common-4.15.3-18.oe2203.aarch64.rpm","samba-4.15.3-18.oe2203.aarch64.rpm","samba-dc-4.15.3-18.oe2203.aarch64.rpm","samba-devel-4.15.3-18.oe2203.aarch64.rpm","libsmbclient-4.15.3-18.oe2203.aarch64.rpm","samba-winbind-modules-4.15.3-18.oe2203.aarch64.rpm","samba-dc-provision-4.15.3-18.oe2203.aarch64.rpm","python3-samba-4.15.3-18.oe2203.aarch64.rpm","libwbclient-4.15.3-18.oe2203.aarch64.rpm","libsmbclient-devel-4.15.3-18.oe2203.aarch64.rpm","samba-debuginfo-4.15.3-18.oe2203.aarch64.rpm","samba-libs-4.15.3-18.oe2203.aarch64.rpm","samba-krb5-printing-4.15.3-18.oe2203.aarch64.rpm","samba-test-4.15.3-18.oe2203.aarch64.rpm","samba-winbind-4.15.3-18.oe2203.aarch64.rpm","samba-common-tools-4.15.3-18.oe2203.aarch64.rpm","libwbclient-devel-4.15.3-18.oe2203.aarch64.rpm","python3-samba-dc-4.15.3-18.oe2203.aarch64.rpm","samba-winbind-clients-4.15.3-18.oe2203.aarch64.rpm","python3-samba-test-4.15.3-18.oe2203.aarch64.rpm","samba-winbind-krb5-locator-4.15.3-18.oe2203.aarch64.rpm","samba-debugsource-4.15.3-18.oe2203.aarch64.rpm","samba-dc-bind-dlz-4.15.3-18.oe2203.aarch64.rpm","samba-help-4.15.3-18.oe2203.aarch64.rpm"],"noarch":["samba-pidl-4.15.3-18.oe2203.noarch.rpm"],"src":["samba-4.15.3-18.oe2203.src.rpm"],"x86_64":["samba-dc-bind-dlz-4.15.3-18.oe2203.x86_64.rpm","samba-winbind-modules-4.15.3-18.oe2203.x86_64.rpm","samba-dc-4.15.3-18.oe2203.x86_64.rpm","samba-common-tools-4.15.3-18.oe2203.x86_64.rpm","ctdb-4.15.3-18.oe2203.x86_64.rpm","samba-client-4.15.3-18.oe2203.x86_64.rpm","samba-test-4.15.3-18.oe2203.x86_64.rpm","libwbclient-devel-4.15.3-18.oe2203.x86_64.rpm","samba-vfs-glusterfs-4.15.3-18.oe2203.x86_64.rpm","samba-debugsource-4.15.3-18.oe2203.x86_64.rpm","samba-devel-4.15.3-18.oe2203.x86_64.rpm","python3-samba-4.15.3-18.oe2203.x86_64.rpm","samba-winbind-4.15.3-18.oe2203.x86_64.rpm","samba-debuginfo-4.15.3-18.oe2203.x86_64.rpm","libwbclient-4.15.3-18.oe2203.x86_64.rpm","samba-help-4.15.3-18.oe2203.x86_64.rpm","samba-common-4.15.3-18.oe2203.x86_64.rpm","python3-samba-dc-4.15.3-18.oe2203.x86_64.rpm","python3-samba-test-4.15.3-18.oe2203.x86_64.rpm","libsmbclient-devel-4.15.3-18.oe2203.x86_64.rpm","samba-4.15.3-18.oe2203.x86_64.rpm","samba-winbind-clients-4.15.3-18.oe2203.x86_64.rpm","samba-libs-4.15.3-18.oe2203.x86_64.rpm","libsmbclient-4.15.3-18.oe2203.x86_64.rpm","samba-winbind-krb5-locator-4.15.3-18.oe2203.x86_64.rpm","samba-krb5-printing-4.15.3-18.oe2203.x86_64.rpm","samba-dc-provision-4.15.3-18.oe2203.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1018"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45141"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37966"}],"database_specific":{"severity":"High"}}