openSUSE Leap 15.2: 2020:1819-1 Important Samba Software Update
opensuse
November 2, 2020
An update that fixes three vulnerabilities is now available.
Description
This update for samba fixes the following issues:
Update to samba 4.11.14
- CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with
easily crafted records (bsc#1177613).
- CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).
- CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify
(bsc#1173902).
- lib/util: Do not install /usr/bin/test_util
- smbd: don't log success as error
- idmap_ad does not deal properly with a RFC4511 section 4.4.1 response;
- winbind: Fix a memleak
- idmap_ad: Pass tldap debug messages on to DEBUG()
- lib/replace: Move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to
REPLACE_HOSTCC_SOURCE
- ctdb disable/enable can fail due to race condition
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1819=1
Package List
- openSUSE Leap 15.2 (i586 x86_64):
ctdb-4.11.14+git.202.344b137b75d-lp152.3.16.1
ctdb-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1
ctdb-pcp-pmda-4.11.14+git.202.344b137b75d-lp152.3.16.1
ctdb-pcp-pmda-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1
ctdb-tests-4.11.14+git.202.344b137b75d-lp152.3.16.1
ctdb-tests-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1
libdcerpc-binding0-4.11.14+git.202.344b137b75d-lp152.3.16.1
libdcerpc-binding0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1
libdcerpc-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1
libdcerpc-samr-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1
libdcerpc-samr0-4.11.14+git.202.344b137b75d-lp152.3.16.1
libdcerpc-samr0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1
libdcerpc0-4.11.14+git.202.344b137b75d-lp152.3.16.1
libdcerpc0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1
libndr-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1
libndr-krb5pac-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1
libndr-krb5pac0-4.11.14+git.202.344b137b75...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2020-14318.html
https://www.suse.com/security/cve/CVE-2020-14323.html
https://www.suse.com/security/cve/CVE-2020-14383.html
https://bugzilla.suse.com/1173902
https://bugzilla.suse.com/1173994
https://bugzilla.suse.com/1177613
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2020:1819-1
Rating: important
Affected Products:
openSUSE Leap 15.2
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!