Vulnerability CVE-2022-32746: Information
Description
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.
Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
samba | sisyphus | 4.15.9-alt1 | 4.20.1-alt2 | ALT-PU-2022-2322-1 | 304593 | Fixed |
samba | sisyphus_e2k | 4.15.9-alt1 | 4.20.1-alt1 | ALT-PU-2022-5705-1 | - | Fixed |
samba | sisyphus_riscv64 | 4.15.9-alt1 | 4.20.1-alt2 | ALT-PU-2022-5651-1 | - | Fixed |
samba | p10 | 4.15.9-alt1 | 4.19.6-alt2 | ALT-PU-2022-2438-1 | 302667 | Fixed |
samba | p10_e2k | 4.15.9-alt1 | 4.19.6-alt2 | ALT-PU-2022-5796-1 | - | Fixed |
samba | c10f1 | 4.15.9-alt1 | 4.16.11-alt2 | ALT-PU-2022-2438-1 | 302667 | Fixed |
samba | c9f2 | 4.14.14-alt0.c9.1 | 4.14.14-alt0.c9.1 | ALT-PU-2023-1616-1 | 316738 | Fixed |
samba | p11 | 4.15.9-alt1 | 4.20.1-alt1 | ALT-PU-2022-2322-1 | 304593 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.samba.org/samba/security/CVE-2022-32746.html |
|
GLSA-202309-06 |