SUSE update for samba

Published: 2022-11-16

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2022-1615
CWE-ID	CWE-330
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software Subscribe	SUSE Enterprise Storage Operating systems & Components / Operating system samba-winbind-debuginfo Operating systems & Components / Operating system package or component samba-winbind Operating systems & Components / Operating system package or component samba-libs-python3-debuginfo Operating systems & Components / Operating system package or component samba-libs-python3 Operating systems & Components / Operating system package or component samba-libs-debuginfo Operating systems & Components / Operating system package or component samba-libs Operating systems & Components / Operating system package or component samba-debugsource Operating systems & Components / Operating system package or component samba-debuginfo Operating systems & Components / Operating system package or component samba-client-debuginfo Operating systems & Components / Operating system package or component samba-client Operating systems & Components / Operating system package or component samba-ceph-debuginfo Operating systems & Components / Operating system package or component samba-ceph Operating systems & Components / Operating system package or component samba Operating systems & Components / Operating system package or component libwbclient0-debuginfo Operating systems & Components / Operating system package or component libwbclient0 Operating systems & Components / Operating system package or component libtevent-util0-debuginfo Operating systems & Components / Operating system package or component libtevent-util0 Operating systems & Components / Operating system package or component libsmbldap2-debuginfo Operating systems & Components / Operating system package or component libsmbldap2 Operating systems & Components / Operating system package or component libsmbconf0-debuginfo Operating systems & Components / Operating system package or component libsmbconf0 Operating systems & Components / Operating system package or component libsmbclient0-debuginfo Operating systems & Components / Operating system package or component libsmbclient0 Operating systems & Components / Operating system package or component libsamdb0-debuginfo Operating systems & Components / Operating system package or component libsamdb0 Operating systems & Components / Operating system package or component libsamba-util0-debuginfo Operating systems & Components / Operating system package or component libsamba-util0 Operating systems & Components / Operating system package or component libsamba-passdb0-debuginfo Operating systems & Components / Operating system package or component libsamba-passdb0 Operating systems & Components / Operating system package or component libsamba-hostconfig0-debuginfo Operating systems & Components / Operating system package or component libsamba-hostconfig0 Operating systems & Components / Operating system package or component libsamba-errors0-debuginfo Operating systems & Components / Operating system package or component libsamba-errors0 Operating systems & Components / Operating system package or component libsamba-credentials0-debuginfo Operating systems & Components / Operating system package or component libsamba-credentials0 Operating systems & Components / Operating system package or component libnetapi0-debuginfo Operating systems & Components / Operating system package or component libnetapi0 Operating systems & Components / Operating system package or component libndr1-debuginfo Operating systems & Components / Operating system package or component libndr1 Operating systems & Components / Operating system package or component libndr-standard0-debuginfo Operating systems & Components / Operating system package or component libndr-standard0 Operating systems & Components / Operating system package or component libndr-nbt0-debuginfo Operating systems & Components / Operating system package or component libndr-nbt0 Operating systems & Components / Operating system package or component libndr-krb5pac0-debuginfo Operating systems & Components / Operating system package or component libndr-krb5pac0 Operating systems & Components / Operating system package or component libdcerpc0-debuginfo Operating systems & Components / Operating system package or component libdcerpc0 Operating systems & Components / Operating system package or component libdcerpc-binding0-debuginfo Operating systems & Components / Operating system package or component libdcerpc-binding0 Operating systems & Components / Operating system package or component ctdb-debuginfo Operating systems & Components / Operating system package or component ctdb Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Use of insufficiently random values

EUVDB-ID: #VU67270

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1615

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to usage of predictable random values within the GnuTLS gnutls_rnd() function. A remote user can decrypt sensitive information.

Mitigation

Update the affected package samba to the latest version.

Vulnerable software versions

SUSE Enterprise Storage: 7.1

samba-winbind-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

samba-winbind: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

samba-libs-python3-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

samba-libs-python3: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

samba-libs-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

samba-libs: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

samba-debugsource: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

samba-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

samba-client-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

samba-client: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

samba-ceph-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

samba-ceph: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

samba: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libwbclient0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libwbclient0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libtevent-util0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libtevent-util0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsmbldap2-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsmbldap2: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsmbconf0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsmbconf0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsmbclient0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsmbclient0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsamdb0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsamdb0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsamba-util0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsamba-util0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsamba-passdb0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsamba-passdb0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsamba-hostconfig0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsamba-hostconfig0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsamba-errors0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsamba-errors0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsamba-credentials0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libsamba-credentials0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libnetapi0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libnetapi0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libndr1-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libndr1: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libndr-standard0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libndr-standard0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libndr-nbt0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libndr-nbt0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libndr-krb5pac0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libndr-krb5pac0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libdcerpc0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libdcerpc0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libdcerpc-binding0-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

libdcerpc-binding0: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

ctdb-debuginfo: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

ctdb: before 4.13.13+git.554.0742ec9cb74-150200.3.18.2

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20224014-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.