openSUSE 15.3: 2021:3647-1 Important: Samba And LDB Security Risks
opensuse
November 10, 2021
An update that fixes 8 vulnerabilities is now available
Description
This update for samba and ldb fixes the following issues:
- CVE-2020-25718: Fixed that an RODC can issue (forge) administrator
tickets to other servers (bsc#1192246).
- CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215).
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we
require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a
user could become root on domain members (bsc#1192284).
- CVE-2020-25719: Fixed AD DC Username based races when no PAC is given
(bsc#1192247).
- CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level
bug for AD DC validation issues) (bsc#1192283).
- CVE-2021-23192: Fixed dcerpc requests to don't check all fragments
against the first auth_state (bsc#1192214).
- CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values
(bsc#1192505).
Samba was updated to 4.13.13
* rodc_rwdc test...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3647=1
Package List
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ctdb-4.13.13+git.528.140935f8d6a-3.12.1
ctdb-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
ctdb-pcp-pmda-4.13.13+git.528.140935f8d6a-3.12.1
ctdb-pcp-pmda-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
ctdb-tests-4.13.13+git.528.140935f8d6a-3.12.1
ctdb-tests-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
ldb-debugsource-2.2.2-3.3.1
ldb-tools-2.2.2-3.3.1
ldb-tools-debuginfo-2.2.2-3.3.1
libdcerpc-binding0-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-binding0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-devel-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-samr-devel-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-samr0-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-samr0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc0-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libldb-devel-2.2.2-3.3.1
libldb2-2.2.2-3.3.1
libldb2-debuginfo-2.2.2-3.3.1
libndr-devel-4.13.13+git.528.140935f8d6a-3.12.1
libndr-krb5pac-devel-4.13...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2016-2124.html
https://www.suse.com/security/cve/CVE-2020-25717.html
https://www.suse.com/security/cve/CVE-2020-25718.html
https://www.suse.com/security/cve/CVE-2020-25719.html
https://www.suse.com/security/cve/CVE-2020-25721.html
https://www.suse.com/security/cve/CVE-2020-25722.html
https://www.suse.com/security/cve/CVE-2021-23192.html
https://www.suse.com/security/cve/CVE-2021-3738.html
https://bugzilla.suse.com/1014440
https://bugzilla.suse.com/1192214
https://bugzilla.suse.com/1192215
https://bugzilla.suse.com/1192246
https://bugzilla.suse.com/1192247
https://bugzilla.suse.com/1192283
https://bugzilla.suse.com/1192284
https://bugzilla.suse.com/1192505
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2021:3647-1
Rating: important
Affected Products:
openSUSE Leap 15.3
.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!