ALAS2023-2023-206

Amazon Linux 2023 Security Advisory: ALAS-2023-206
Advisory Release Date: 2023-06-05 16:39 Pacific
Advisory Updated Date: 2023-06-07 20:09 Pacific

Severity: Important

References: CVE-2018-14628 CVE-2020-25720 CVE-2023-0225 CVE-2023-0614 CVE-2023-0922
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. (CVE-2018-14628)

A user with sufficient privileges to create a computer account, such as a user granted CreateChild permissions for computer objects, may potentially set arbitrary values on security-sensitive attributes of specific objects stored in Active Directory (AD). (CVE-2020-25720)

Samba AD DC "dnsHostname" attribute can be deleted by unprivileged authenticated users. (CVE-2023-0225)

Access controlled AD LDAP attributes can be discovered (CVE-2023-0614)

Samba AD DC admin tool samba-tool sends passwords in cleartext (CVE-2023-0922)

Affected Packages:

samba

Issue Correction:
Run dnf update samba --releasever 2023.0.20230607 to update your system.

New Packages:

aarch64:
    samba-dcerpc-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-winbind-clients-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-client-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-4.17.8-0.amzn2023.0.2.aarch64
    samba-test-libs-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-common-tools-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-test-libs-4.17.8-0.amzn2023.0.2.aarch64
    libwbclient-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-winbind-modules-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-dc-libs-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-krb5-printing-4.17.8-0.amzn2023.0.2.aarch64
    samba-common-libs-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    python3-samba-test-4.17.8-0.amzn2023.0.2.aarch64
    samba-winbind-modules-4.17.8-0.amzn2023.0.2.aarch64
    libnetapi-4.17.8-0.amzn2023.0.2.aarch64
    libwbclient-4.17.8-0.amzn2023.0.2.aarch64
    samba-libs-4.17.8-0.amzn2023.0.2.aarch64
    libsmbclient-devel-4.17.8-0.amzn2023.0.2.aarch64
    samba-client-libs-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-debugsource-4.17.8-0.amzn2023.0.2.aarch64
    samba-test-4.17.8-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-4.17.8-0.amzn2023.0.2.aarch64
    python3-samba-dc-4.17.8-0.amzn2023.0.2.aarch64
    samba-devel-4.17.8-0.amzn2023.0.2.aarch64
    samba-common-tools-4.17.8-0.amzn2023.0.2.aarch64
    libsmbclient-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    libsmbclient-4.17.8-0.amzn2023.0.2.aarch64
    samba-winbind-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-winbind-clients-4.17.8-0.amzn2023.0.2.aarch64
    samba-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-winbind-krb5-locator-4.17.8-0.amzn2023.0.2.aarch64
    samba-client-4.17.8-0.amzn2023.0.2.aarch64
    python3-samba-4.17.8-0.amzn2023.0.2.aarch64
    samba-test-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-libs-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-winbind-4.17.8-0.amzn2023.0.2.aarch64
    python3-samba-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-dcerpc-4.17.8-0.amzn2023.0.2.aarch64
    samba-4.17.8-0.amzn2023.0.2.aarch64
    samba-ldb-ldap-modules-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-common-libs-4.17.8-0.amzn2023.0.2.aarch64
    samba-dc-libs-4.17.8-0.amzn2023.0.2.aarch64
    python3-samba-dc-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-client-libs-4.17.8-0.amzn2023.0.2.aarch64
    libnetapi-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    libnetapi-devel-4.17.8-0.amzn2023.0.2.aarch64
    samba-vfs-iouring-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    libwbclient-devel-4.17.8-0.amzn2023.0.2.aarch64
    samba-krb5-printing-debuginfo-4.17.8-0.amzn2023.0.2.aarch64
    samba-tools-4.17.8-0.amzn2023.0.2.aarch64
    python3-samba-devel-4.17.8-0.amzn2023.0.2.aarch64
    samba-usershares-4.17.8-0.amzn2023.0.2.aarch64

noarch:
    samba-common-4.17.8-0.amzn2023.0.2.noarch
    samba-pidl-4.17.8-0.amzn2023.0.2.noarch

src:
    samba-4.17.8-0.amzn2023.0.2.src

x86_64:
    samba-client-4.17.8-0.amzn2023.0.2.x86_64
    samba-winbind-modules-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-common-tools-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-test-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-common-libs-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    libwbclient-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-4.17.8-0.amzn2023.0.2.x86_64
    python3-samba-dc-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-winbind-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    libsmbclient-4.17.8-0.amzn2023.0.2.x86_64
    samba-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-dcerpc-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-test-libs-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-libs-4.17.8-0.amzn2023.0.2.x86_64
    samba-common-libs-4.17.8-0.amzn2023.0.2.x86_64
    libsmbclient-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    libnetapi-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    python3-samba-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-libs-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-client-libs-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-winbind-clients-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-debugsource-4.17.8-0.amzn2023.0.2.x86_64
    python3-samba-dc-4.17.8-0.amzn2023.0.2.x86_64
    python3-samba-test-4.17.8-0.amzn2023.0.2.x86_64
    samba-devel-4.17.8-0.amzn2023.0.2.x86_64
    samba-winbind-clients-4.17.8-0.amzn2023.0.2.x86_64
    samba-client-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    libnetapi-4.17.8-0.amzn2023.0.2.x86_64
    samba-test-4.17.8-0.amzn2023.0.2.x86_64
    samba-common-tools-4.17.8-0.amzn2023.0.2.x86_64
    python3-samba-4.17.8-0.amzn2023.0.2.x86_64
    samba-dcerpc-4.17.8-0.amzn2023.0.2.x86_64
    samba-winbind-4.17.8-0.amzn2023.0.2.x86_64
    samba-client-libs-4.17.8-0.amzn2023.0.2.x86_64
    libsmbclient-devel-4.17.8-0.amzn2023.0.2.x86_64
    samba-winbind-modules-4.17.8-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-test-libs-4.17.8-0.amzn2023.0.2.x86_64
    samba-dc-libs-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    libnetapi-devel-4.17.8-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    libwbclient-4.17.8-0.amzn2023.0.2.x86_64
    libwbclient-devel-4.17.8-0.amzn2023.0.2.x86_64
    samba-dc-libs-4.17.8-0.amzn2023.0.2.x86_64
    samba-ldb-ldap-modules-4.17.8-0.amzn2023.0.2.x86_64
    samba-winbind-krb5-locator-4.17.8-0.amzn2023.0.2.x86_64
    samba-vfs-iouring-4.17.8-0.amzn2023.0.2.x86_64
    samba-krb5-printing-debuginfo-4.17.8-0.amzn2023.0.2.x86_64
    samba-krb5-printing-4.17.8-0.amzn2023.0.2.x86_64
    samba-tools-4.17.8-0.amzn2023.0.2.x86_64
    python3-samba-devel-4.17.8-0.amzn2023.0.2.x86_64
    samba-usershares-4.17.8-0.amzn2023.0.2.x86_64

Additional References

Red Hat: CVE-2018-14628, CVE-2020-25720, CVE-2023-0225, CVE-2023-0614, CVE-2023-0922

Mitre: CVE-2018-14628, CVE-2020-25720, CVE-2023-0225, CVE-2023-0614, CVE-2023-0922

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2023-2023-206

Additional References