openSUSE Security Update: Security update for ldb, samba
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2020:1313-1
Rating:             important
References:         #1141320 #1162680 #1169095 #1169521 #1169850 
                    #1169851 #1171437 #1172307 #1173159 #1173160 
                    #1173161 #1173359 #1174120 
Cross-References:   CVE-2020-10700 CVE-2020-10704 CVE-2020-10730
                    CVE-2020-10745 CVE-2020-10760 CVE-2020-14303
                   
Affected Products:
                    openSUSE Leap 15.2
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has 7 fixes is
   now available.

Description:

   This update for ldb, samba fixes the following issues:

   Changes in samba:
   - Update to samba 4.11.11
     + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and
       VLV combined; (bso#14364); (bsc#1173159]
     + CVE-2020-10745: invalid DNS or NBT queries containing dots use several
       seconds of CPU each; (bso#14378); (bsc#1173160).
     + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server
       with paged_result or VLV; (bso#14402); (bsc#1173161)
     + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC
       nbt_server; (bso#14417); (bsc#1173359).
   - Update to samba 4.11.10
     + Fix segfault when using SMBC_opendir_ctx() routine for share folder
       that contains incorrect symbols in any file name; (bso#14374).
     + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode;
       (bso#14350)
     + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413).
     + Malicous SMB1 server can crash libsmbclient; (bso#14366)
     + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382)
     + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds.
       (bso#14330)
   - Update to samba 4.11.9
     + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242).
     + 'samba-tool group' commands do not handle group names with special
       chars correctly; (bso#14296).
     + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid;
       (bso#14237).
     + Missing check for DMAPI offline status in async DOS attributes;
       (bso#14293).
     + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs;
       (bso#14307).
     + vfs_recycle: Prevent flooding the log if we're called on non-existant
       paths; (bso#14316)
     + smbd mistakenly updates a file's write-time on close; (bso#14320).
     + RPC handles cannot be differentiated in source3 RPC server;
       (bso#14359).
     + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313).
     + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred;
       (bso#14327).
     + Fix fruit:time machine max size on arm; (bso#13622)
     + CTDB recovery corner cases can cause record resurrection and node
       banning; (bso#14294).
     + ctdb: Fix a memleak; (bso#14348).
     + libsmb: Don't try to find posix stat info in SMBC_getatr().
     + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295);
       (bsc#1162680).
     + s3/librpc/crypto: Fix double free with unresolved credential cache;
       (bso#14344); (bsc#1169095)
     + s3:libads: Fix ads_get_upn(); (bso#14336).
     + CTDB recovery corner cases can cause record resurrection and node
       banning; (bso#14294)
     + Starting ctdb node that was powered off hard before results in
       recovery loop; (bso#14295); (bsc#1162680).
     + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324)
   - Update to samba 4.11.8
     + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ;
       (bso#14331); (bsc#1169850);
     + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD
       DC; (bso#14334); (bsc#1169851);
   - Update to samba 4.11.7
     + s3: lib: nmblib. Clean up and harden nmb packet processing;
       (bso#14239).
     + s3: VFS: full_audit. Use system session_info if called from a
       temporary share definition; (bso#14283)
     + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258).
     + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for
       SCOPE_ONE searches; (bso#14270)
     + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences;
       (bso#14247).
     + smbd: Handle EINTR from open(2) properly; (bso#14285)
     + winbind member (source3) fails local SAM auth with empty domain name;
       (bso#14247)
     + winbindd: Handling missing idmap in getgrgid(); (bso#14265).
     + lib:util: Log mkdir error on correct debug levels; (bso#14253).
     + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9;
       (bso#14266).
     + ctdb-tcp: Make error handling for outbound connection consistent;
       (bso#14274).
   - Update to samba 4.11.6
     + pygpo: Use correct method flags; (bso#14209).
     + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216);
       (bsc#1141320).
     + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of
       zero; (bso#14209).
     + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h;
       (bso#14218).
     + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc;
       (bso#14122).
     + smbd: Fix the build with clang; (bso#14251).
     + upgradedns: Ensure lmdb lock files linked; (bso#14199).
     + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir;
       (bso#14182).
     + smbc_stat() doesn't return the correct st_mode and also the uid/gid is
       not filled (SMBv1) file; (bso#14101).
     + librpc: Fix string length checking in ndr_pull_charset_to_null();
       (bso#14219).
     + ctdb-scripts: Strip square brackets when gathering connection info;
       (bso#14227).

   - Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307);

   - Installing: samba - samba-ad-dc.service does not exist and unit not
     found; (bsc#1171437);

   - Fix samba_winbind package is installing python3-base without python3
     package; (bsc#1169521);

   Changes in ldb:
   - Update to version 2.0.12
     + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and
       VLV combined; (bso#14364); (bsc#1173159).
     + ldb_ldap: fix off-by-one increment in lldb_add_msg_attr; (bso#14413).
     + lib/ldb: add unit test for ldb_ldap internal code.
   - Update to version 2.0.11
     + lib ldb: lmdb init var before calling mdb_reader_check.
     + lib ldb: lmdb clear stale readers on write txn start; (bso#14330).
     + ldb tests: Confirm lmdb free list handling

   This update was imported from the SUSE:SLE-15-SP2:Update update project.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2020-1313=1



Package List:

   - openSUSE Leap 15.2 (i586 x86_64):

      ctdb-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      ctdb-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      ctdb-pcp-pmda-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      ctdb-pcp-pmda-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      ctdb-tests-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      ctdb-tests-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      ldb-debugsource-2.0.12-lp152.2.6.1
      ldb-tools-2.0.12-lp152.2.6.1
      ldb-tools-debuginfo-2.0.12-lp152.2.6.1
      libdcerpc-binding0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libdcerpc-binding0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libdcerpc-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libdcerpc-samr-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libdcerpc-samr0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libdcerpc-samr0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libdcerpc0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libdcerpc0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libldb-devel-2.0.12-lp152.2.6.1
      libldb2-2.0.12-lp152.2.6.1
      libldb2-debuginfo-2.0.12-lp152.2.6.1
      libndr-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr-krb5pac-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr-krb5pac0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr-krb5pac0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr-nbt-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr-nbt0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr-nbt0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr-standard-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr-standard0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr-standard0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libnetapi-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libnetapi0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libnetapi0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-credentials-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-credentials0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-credentials0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-errors-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-errors0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-errors0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-hostconfig-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-hostconfig0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-hostconfig0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-passdb-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-passdb0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-passdb0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-policy-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-policy-python3-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-policy0-python3-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-policy0-python3-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-util-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-util0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-util0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamdb-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamdb0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamdb0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbclient-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbclient0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbclient0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbconf-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbconf0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbconf0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbldap-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbldap2-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbldap2-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libtevent-util-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libtevent-util0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libtevent-util0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libwbclient-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libwbclient0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libwbclient0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      python3-ldb-2.0.12-lp152.2.6.1
      python3-ldb-debuginfo-2.0.12-lp152.2.6.1
      python3-ldb-devel-2.0.12-lp152.2.6.1
      samba-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-ad-dc-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-ad-dc-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-client-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-client-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-core-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-debugsource-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-dsdb-modules-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-dsdb-modules-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-libs-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-libs-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-libs-python3-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-libs-python3-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-python3-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-python3-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-test-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-test-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-winbind-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-winbind-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1

   - openSUSE Leap 15.2 (x86_64):

      libdcerpc-binding0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libdcerpc-binding0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libdcerpc-samr0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libdcerpc-samr0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libdcerpc0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libdcerpc0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libldb2-32bit-2.0.12-lp152.2.6.1
      libldb2-32bit-debuginfo-2.0.12-lp152.2.6.1
      libndr-krb5pac0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr-krb5pac0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr-nbt0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr-nbt0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr-standard0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr-standard0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libndr0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libnetapi-devel-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libnetapi0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libnetapi0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-credentials0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-credentials0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-errors0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-errors0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-hostconfig0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-hostconfig0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-passdb0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-passdb0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-policy0-python3-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-policy0-python3-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-util0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamba-util0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamdb0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsamdb0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbclient0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbclient0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbconf0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbconf0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbldap2-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libsmbldap2-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libtevent-util0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libtevent-util0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libwbclient0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      libwbclient0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      python3-ldb-32bit-2.0.12-lp152.2.6.1
      python3-ldb-32bit-debuginfo-2.0.12-lp152.2.6.1
      samba-ad-dc-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-ad-dc-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-ceph-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-ceph-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-client-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-client-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-libs-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-libs-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-libs-python3-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-libs-python3-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-winbind-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1
      samba-winbind-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1

   - openSUSE Leap 15.2 (noarch):

      samba-doc-4.11.11+git.180.2cf3b203f07-lp152.3.6.1


References:

   https://www.suse.com/security/cve/CVE-2020-10700.html
   https://www.suse.com/security/cve/CVE-2020-10704.html
   https://www.suse.com/security/cve/CVE-2020-10730.html
   https://www.suse.com/security/cve/CVE-2020-10745.html
   https://www.suse.com/security/cve/CVE-2020-10760.html
   https://www.suse.com/security/cve/CVE-2020-14303.html
   https://bugzilla.suse.com/1141320
   https://bugzilla.suse.com/1162680
   https://bugzilla.suse.com/1169095
   https://bugzilla.suse.com/1169521
   https://bugzilla.suse.com/1169850
   https://bugzilla.suse.com/1169851
   https://bugzilla.suse.com/1171437
   https://bugzilla.suse.com/1172307
   https://bugzilla.suse.com/1173159
   https://bugzilla.suse.com/1173160
   https://bugzilla.suse.com/1173161
   https://bugzilla.suse.com/1173359
   https://bugzilla.suse.com/1174120

--

openSUSE: 2020:1313-1: important: ldb, samba

September 1, 2020
An update that solves 6 vulnerabilities and has 7 fixes is now available.

Description

This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227). - Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307); - Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437); - Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521); Changes in ldb: - Update to version 2.0.12 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159). + ldb_ldap: fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + lib/ldb: add unit test for ldb_ldap internal code. - Update to version 2.0.11 + lib ldb: lmdb init var before calling mdb_reader_check. + lib ldb: lmdb clear stale readers on write txn start; (bso#14330). + ldb tests: Confirm lmdb free list handling This update was imported from the SUSE:SLE-15-SP2:Update update project.

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-1313=1


Package List

- openSUSE Leap 15.2 (i586 x86_64): ctdb-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 ctdb-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 ctdb-pcp-pmda-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 ctdb-pcp-pmda-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 ctdb-tests-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 ctdb-tests-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 ldb-debugsource-2.0.12-lp152.2.6.1 ldb-tools-2.0.12-lp152.2.6.1 ldb-tools-debuginfo-2.0.12-lp152.2.6.1 libdcerpc-binding0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-binding0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-samr-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-samr0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-samr0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libldb-devel-2.0.12-lp152.2.6.1 libldb2-2.0.12-lp152.2.6.1 libldb2-debuginfo-2.0.12-lp152.2.6.1 libndr-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-krb5pac-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-krb5pac0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-krb5pac0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-nbt-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-nbt0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-nbt0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-standard-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-standard0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-standard0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libnetapi-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libnetapi0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libnetapi0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-credentials-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-credentials0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-credentials0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-errors-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-errors0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-errors0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-hostconfig-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-hostconfig0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-hostconfig0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-passdb-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-passdb0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-passdb0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-policy-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-policy-python3-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-policy0-python3-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-policy0-python3-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-util-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-util0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-util0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamdb-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamdb0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamdb0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbclient-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbclient0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbclient0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbconf-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbconf0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbconf0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbldap-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbldap2-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbldap2-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libtevent-util-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libtevent-util0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libtevent-util0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libwbclient-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libwbclient0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libwbclient0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 python3-ldb-2.0.12-lp152.2.6.1 python3-ldb-debuginfo-2.0.12-lp152.2.6.1 python3-ldb-devel-2.0.12-lp152.2.6.1 samba-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-ad-dc-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-ad-dc-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-client-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-client-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-core-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-debugsource-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-dsdb-modules-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-dsdb-modules-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-python3-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-python3-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-python3-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-python3-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-test-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-test-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-winbind-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-winbind-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 - openSUSE Leap 15.2 (x86_64): libdcerpc-binding0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-binding0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-samr0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-samr0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libldb2-32bit-2.0.12-lp152.2.6.1 libldb2-32bit-debuginfo-2.0.12-lp152.2.6.1 libndr-krb5pac0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-krb5pac0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-nbt0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-nbt0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-standard0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-standard0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libnetapi-devel-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libnetapi0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libnetapi0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-credentials0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-credentials0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-errors0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-errors0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-hostconfig0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-hostconfig0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-passdb0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-passdb0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-policy0-python3-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-policy0-python3-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-util0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-util0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamdb0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamdb0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbclient0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbclient0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbconf0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbconf0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbldap2-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbldap2-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libtevent-util0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libtevent-util0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libwbclient0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libwbclient0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 python3-ldb-32bit-2.0.12-lp152.2.6.1 python3-ldb-32bit-debuginfo-2.0.12-lp152.2.6.1 samba-ad-dc-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-ad-dc-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-ceph-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-ceph-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-client-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-client-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-python3-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-python3-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-winbind-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-winbind-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 - openSUSE Leap 15.2 (noarch): samba-doc-4.11.11+git.180.2cf3b203f07-lp152.3.6.1


References

https://www.suse.com/security/cve/CVE-2020-10700.html https://www.suse.com/security/cve/CVE-2020-10704.html https://www.suse.com/security/cve/CVE-2020-10730.html https://www.suse.com/security/cve/CVE-2020-10745.html https://www.suse.com/security/cve/CVE-2020-10760.html https://www.suse.com/security/cve/CVE-2020-14303.html https://bugzilla.suse.com/1141320 https://bugzilla.suse.com/1162680 https://bugzilla.suse.com/1169095 https://bugzilla.suse.com/1169521 https://bugzilla.suse.com/1169850 https://bugzilla.suse.com/1169851 https://bugzilla.suse.com/1171437 https://bugzilla.suse.com/1172307 https://bugzilla.suse.com/1173159 https://bugzilla.suse.com/1173160 https://bugzilla.suse.com/1173161 https://bugzilla.suse.com/1173359 https://bugzilla.suse.com/1174120--


Severity
Announcement ID: openSUSE-SU-2020:1313-1
Rating: important
Affected Products: openSUSE Leap 15.2 le.

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved