openSUSE Leap 15.2 Advisory: 2020:1023-1 Important Samba and ldb Fixes
opensuse
July 21, 2020
An update that solves 6 vulnerabilities and has 7 fixes is now available.
Description
This update for ldb, samba fixes the following issues:
Changes in samba:
- Update to samba 4.11.11
+ CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and
VLV combined; (bso#14364); (bsc#1173159]
+ CVE-2020-10745: invalid DNS or NBT queries containing dots use several
seconds of CPU each; (bso#14378); (bsc#1173160).
+ CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server
with paged_result or VLV; (bso#14402); (bsc#1173161)
+ CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC
nbt_server; (bso#14417); (bsc#1173359).
- Update to samba 4.11.10
+ Fix segfault when using SMBC_opendir_ctx() routine for share folder
that contains incorrect symbols in any file name; (bso#14374).
+ vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode;
(bso#14350)
+ ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413).
+ Malicous SMB1 server can...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1023=1
Package List
- openSUSE Leap 15.2 (i586 x86_64):
ctdb-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
ctdb-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
ctdb-pcp-pmda-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
ctdb-pcp-pmda-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
ctdb-tests-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
ctdb-tests-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
ldb-debugsource-2.0.12-lp152.2.3.1
ldb-tools-2.0.12-lp152.2.3.1
ldb-tools-debuginfo-2.0.12-lp152.2.3.1
libdcerpc-binding0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc-binding0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc-samr-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc-samr0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc-samr0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libldb-devel-2.0.12-lp152.2.3.1
libldb2-2.0.12-lp152.2.3.1
libldb2-debug...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2020-10700.html
https://www.suse.com/security/cve/CVE-2020-10704.html
https://www.suse.com/security/cve/CVE-2020-10730.html
https://www.suse.com/security/cve/CVE-2020-10745.html
https://www.suse.com/security/cve/CVE-2020-10760.html
https://www.suse.com/security/cve/CVE-2020-14303.html
https://bugzilla.suse.com/1141320
https://bugzilla.suse.com/1162680
https://bugzilla.suse.com/1169095
https://bugzilla.suse.com/1169521
https://bugzilla.suse.com/1169850
https://bugzilla.suse.com/1169851
https://bugzilla.suse.com/1171437
https://bugzilla.suse.com/1172307
https://bugzilla.suse.com/1173159
https://bugzilla.suse.com/1173160
https://bugzilla.suse.com/1173161
https://bugzilla.suse.com/1173359
https://bugzilla.suse.com/1174120
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2020:1023-1
Rating: important
Affected Products:
openSUSE Leap 15.2
le.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!