Vulnerability CVE-2023-0614: Information
Description
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
samba | sisyphus | 4.17.7-alt1 | 4.20.1-alt2 | ALT-PU-2023-1808-1 | 317734 | Fixed |
samba | sisyphus_e2k | 4.17.7-alt1 | 4.20.1-alt1 | ALT-PU-2023-3545-1 | - | Fixed |
samba | sisyphus_riscv64 | 4.17.7-alt1 | 4.20.1-alt2 | ALT-PU-2023-3550-1 | - | Fixed |
samba | p10 | 4.16.10-alt1 | 4.19.6-alt2 | ALT-PU-2023-1618-1 | 317735 | Fixed |
samba | p10_e2k | 4.16.10-alt1 | 4.19.6-alt2 | ALT-PU-2023-3193-1 | - | Fixed |
samba | c10f1 | 4.16.10-alt1 | 4.16.11-alt2 | ALT-PU-2023-1618-1 | 317735 | Fixed |
samba | c9f2 | 4.16.11-alt0.c9.1 | 4.14.14-alt0.c9.1 | ALT-PU-2024-8329-1 | 334763 | In work |
samba | p11 | 4.17.7-alt1 | 4.20.1-alt1 | ALT-PU-2023-1808-1 | 317734 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.samba.org/samba/security/CVE-2023-0614.html |
|
https://security.netapp.com/advisory/ntap-20230406-0007/ |
|
GLSA-202309-06 | |
FEDORA-2023-1c172e3264 |