Stay Vigilant with Timely Linux Security Advisories

security advisoryremote attackUbuntu

Ubuntu 22.04 LTS USN-5992-1 Moderate: ldb Sensitive Data Exposure

ldb could be made to expose sensitive information over the network.. =========================================================================Ubuntu Security Notice USN-5992-1 April 03, 2023 ldb vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: ldb could be made to expose sensitive information over the network. Software Description: - ldb: LDAP-like embedded database Details: Demi Marie Obenour discovered that ldb, when used with Samba, incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libldb2 2:2.4.4-0ubuntu0.22.04.2 Ubuntu 20.04 LTS: libldb2 2:2.4.4-0ubuntu0.20.04.2 After a standard system update you need to restart applications using ldb, such as Samba, to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5992-1 CVE-2023-0614 Package Information: https://launchpad.net/ubuntu/+source/ldb/2:2.4.4-0ubuntu0.22.04.2 https://launchpad.net/ubuntu/+source/ldb/2:2.4.4-0ubuntu0.20.04.2 . CVE flaw found in Debian might reveal confidential data. Patch your system promptly to reduce exposure to cyber threats.. Ldb Vulnerability, Ubuntu Security, Data Exposure, Network Risks. . Severity: Important. LinuxSecurity.com Team

Apr 03, 2023 •Important Ubuntu

security advisoryupdatesamba

SUSE Linux Enterprise 15-SP3 Security Notice: Critical Ldb And Samba Flaws

An update that solves 5 vulnerabilities and has 6 fixes is now available. . SUSE Security Update: Security update for ldb, samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2586-1 Rating: important References: #1196224 #1198255 #1199247 #1199734 #1200556 #1200964 #1201490 #1201492 #1201493 #1201495 #1201496 Cross-References: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVSS scores: CVE-2022-32744 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32745 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-32746 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 6 fixes is now available. Description: This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following security bugs were fixed: samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUNDwith DFS; (bso#15100); (bsc#1200556). ldb was updated to version 2.4.3 * Fix build problems, waf produces incorrect names for python extensions; (bso#15071); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2586=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2586=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2586=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2586=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2586=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2586=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-2586=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-pcp-pmda-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-pcp-pmda-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 ldb-debugsource-2.4.3-150300.3.20.1 ldb-tools-2.4.3-150300.3.20.1 ldb-tools-debuginfo-2.4.3-150300.3.20.1 libldb-devel-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 libsamba-policy-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy-python3-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 python3-ldb-2.4.3-150300.3.20.1 python3-ldb-debuginfo-2.4.3-150300.3.20.1 python3-ldb-devel-2.4.3-150300.3.20.1 samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-dsdb-modules-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-dsdb-modules-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-gpupdate-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ldb-ldap-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ldb-ldap-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-test-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-test-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-tool-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - openSUSE Leap 15.3 (aarch64 x86_64): samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ceph-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - openSUSE Leap 15.3 (aarch64_ilp32): libsamba-policy0-python3-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - openSUSE Leap 15.3 (noarch): samba-doc-4.15.8+git.500.d5910280cc7-150300.3.37.1 - openSUSE Leap 15.3 (x86_64): libldb2-32bit-2.4.3-150300.3.20.1 libldb2-32bit-debuginfo-2.4.3-150300.3.20.1 libsamba-policy0-python3-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 python3-ldb-32bit-2.4.3-150300.3.20.1 python3-ldb-32bit-debuginfo-2.4.3-150300.3.20.1 samba-ad-dc-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-devel-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ldb-debugsource-2.4.3-150300.3.20.1 ldb-tools-2.4.3-150300.3.20.1 ldb-tools-debuginfo-2.4.3-150300.3.20.1 libldb-devel-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 libsamba-policy-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy-python3-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 python3-ldb-2.4.3-150300.3.20.1 python3-ldb-debuginfo-2.4.3-150300.3.20.1 python3-ldb-devel-2.4.3-150300.3.20.1 samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-dsdb-modules-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-dsdb-modules-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-gpupdate-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ldb-ldap-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ldb-ldap-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-tool-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ceph-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libldb2-32bit-2.4.3-150300.3.20.1 libldb2-32bit-debuginfo-2.4.3-150300.3.20.1 samba-ad-dc-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-devel-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): ldb-debugsource-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): ldb-debugsource-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 ldb-debugsource-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 python3-ldb-2.4.3-150300.3.20.1 python3-ldb-debuginfo-2.4.3-150300.3.20.1 samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ceph-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 References: https://www.suse.com/security/cve/CVE-2022-2031.html https://www.suse.com/security/cve/CVE-2022-32742.html https://www.suse.com/security/cve/CVE-2022-32744.html https://www.suse.com/security/cve/CVE-2022-32745.html https://www.suse.com/security/cve/CVE-2022-32746.html https://bugzilla.suse.com/1196224 https://bugzilla.suse.com/1198255 https://bugzilla.suse.com/1199247 https://bugzilla.suse.com/1199734 https://bugzilla.suse.com/1200556 https://bugzilla.suse.com/1200964 https://bugzilla.suse.com/1201490 https://bugzilla.suse.com/1201492 https://bugzilla.suse.com/1201493 https://bugzilla.suse.com/1201495 https://bugzilla.suse.com/1201496 . SUSE has issued a Security Update that resolves 5 vulnerabilities found in ldb and samba, providing essential corrections for multiple distributions.. SUSE Update, Samba Fixes, System Security, Patch Guidance, Issue Management. . Severity: Important. LinuxSecurity.com Team

Jul 29, 2022 •Important SuSE

security advisorymoderateupdate

SUSE: 2022:2307-1 Moderate: LDB And Samba Security Update

An update that solves one vulnerability and has 10 fixes is now available. . SUSE Security Update: Security update for ldb, samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2307-1 Rating: moderate References: #1080338 #1118508 #1173429 #1195896 #1196224 #1196308 #1196788 #1197995 #1198255 #1199247 #1199362 Cross-References: CVE-2021-3670 CVSS scores: CVE-2021-3670 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. Description: This update for ldb, samba fixes the following issues: ldb was updated to version 2.4.2 to fix: + Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. samba was updated to fix: - Revert NIS support removal; (bsc#1199247); - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362); - Add missing samba-client requirement to samba-winbind package; (bsc#1198255); Update to 4.15.7 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; (bso#14983); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Crash of winbind on RODC; (bso#14641); * uncached logon on RODC always fails once; (bso#14865); * KVNO off by 100000; (bso#14951); * LDAP simple binds should honour "old password allowed period"; (bso#15001); * wbinfo -a doesn't work reliable with upn names; (bso#15003); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016); - Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995); - Add missing samba-libs requirement to samba-winbind package; (bsc#1198255); Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind willnot allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967); Other SUSE fixes: - Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files. - Drop obsolete Samba fsrvp v0-> v1 state upgrade functionality; (bsc#1080338). - Fix ntlm authentications with "winbind use default domain = yes"; (bso#13126); (bsc#1173429); (bsc#1196308). - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947). - libldb version mismatch in Samba dsdb component; (bsc#1118508); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2307=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2307=1 - SUSE Linux Enterprise HighAvailability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2307=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ctdb-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 ctdb-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 ctdb-pcp-pmda-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 ctdb-pcp-pmda-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 ldb-debugsource-2.4.2-150400.4.3.11 ldb-tools-2.4.2-150400.4.3.11 ldb-tools-debuginfo-2.4.2-150400.4.3.11 libldb-devel-2.4.2-150400.4.3.11 libldb2-2.4.2-150400.4.3.11 libldb2-debuginfo-2.4.2-150400.4.3.11 libsamba-policy-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 libsamba-policy-python3-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 libsamba-policy0-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 libsamba-policy0-python3-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 python3-ldb-2.4.2-150400.4.3.11 python3-ldb-debuginfo-2.4.2-150400.4.3.11 python3-ldb-devel-2.4.2-150400.4.3.11 samba-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ad-dc-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ad-dc-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ad-dc-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ad-dc-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-debugsource-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-dsdb-modules-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-dsdb-modules-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-gpupdate-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ldb-ldap-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ldb-ldap-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-python3-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-python3-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-test-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-test-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-tool-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 - openSUSE Leap 15.4 (aarch64 x86_64): samba-ceph-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ceph-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 - openSUSE Leap 15.4 (noarch): samba-doc-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 - openSUSE Leap 15.4 (x86_64): libldb2-32bit-2.4.2-150400.4.3.11 libldb2-32bit-debuginfo-2.4.2-150400.4.3.11 libsamba-policy0-python3-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 libsamba-policy0-python3-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 python3-ldb-32bit-2.4.2-150400.4.3.11 python3-ldb-32bit-debuginfo-2.4.2-150400.4.3.11 samba-ad-dc-libs-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ad-dc-libs-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-libs-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-libs-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-devel-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-python3-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-python3-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-libs-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-libs-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): ldb-debugsource-2.4.2-150400.4.3.11 ldb-tools-2.4.2-150400.4.3.11 ldb-tools-debuginfo-2.4.2-150400.4.3.11 libldb-devel-2.4.2-150400.4.3.11 libldb2-2.4.2-150400.4.3.11 libldb2-debuginfo-2.4.2-150400.4.3.11 libsamba-policy-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 libsamba-policy-python3-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 libsamba-policy0-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 libsamba-policy0-python3-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 python3-ldb-2.4.2-150400.4.3.11 python3-ldb-debuginfo-2.4.2-150400.4.3.11 python3-ldb-devel-2.4.2-150400.4.3.11 samba-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ad-dc-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ad-dc-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-debugsource-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-dsdb-modules-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-dsdb-modules-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-gpupdate-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ldb-ldap-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ldb-ldap-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-python3-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-python3-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-winbind-libs-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 x86_64): samba-ceph-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-ceph-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libldb2-32bit-2.4.2-150400.4.3.11 libldb2-32bit-debuginfo-2.4.2-150400.4.3.11 samba-client-libs-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-client-libs-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-libs-32bit-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ctdb-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 ctdb-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-debuginfo-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 samba-debugsource-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 References: https://www.suse.com/security/cve/CVE-2021-3670.html https://bugzilla.suse.com/1080338 https://bugzilla.suse.com/1118508 https://bugzilla.suse.com/1173429 https://bugzilla.suse.com/1195896 https://bugzilla.suse.com/1196224 https://bugzilla.suse.com/1196308 https://bugzilla.suse.com/1196788 https://bugzilla.suse.com/1197995 https://bugzilla.suse.com/1198255 https://bugzilla.suse.com/1199247 https://bugzilla.suse.com/1199362 . SUSE has released a critical security update addressing vulnerabilities in ldb and samba, along with numerous improvements for other system components.. SUSE Linux Update, Samba Issues, LDB Security Fix, Moderate Threat. . LinuxSecurity.com Team

Jul 06, 2022 SuSE

security advisorylow severityopenSUSE

SUSE: 2022:1576-1 Low: ldb Security Update for Multiple Products

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for ldb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1576-1 Rating: low References: #1198397 Cross-References: CVE-2021-3670 CVSS scores: CVE-2021-3670 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ldb fixes the following issues: - Update to version 2.4.2 - CVE-2021-3670: Fixed an issue where the LDAP server MaxQueryDuration value would not be honoured (bsc#1198397). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1576=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1576=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1576=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patchSUSE-SUSE-MicroOS-5.1-2022-1576=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-1576=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ldb-debugsource-2.4.2-150300.3.15.1 ldb-tools-2.4.2-150300.3.15.1 ldb-tools-debuginfo-2.4.2-150300.3.15.1 libldb-devel-2.4.2-150300.3.15.1 libldb2-2.4.2-150300.3.15.1 libldb2-debuginfo-2.4.2-150300.3.15.1 python3-ldb-2.4.2-150300.3.15.1 python3-ldb-debuginfo-2.4.2-150300.3.15.1 python3-ldb-devel-2.4.2-150300.3.15.1 - openSUSE Leap 15.3 (x86_64): libldb2-32bit-2.4.2-150300.3.15.1 libldb2-32bit-debuginfo-2.4.2-150300.3.15.1 python3-ldb-32bit-2.4.2-150300.3.15.1 python3-ldb-32bit-debuginfo-2.4.2-150300.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ldb-debugsource-2.4.2-150300.3.15.1 ldb-tools-2.4.2-150300.3.15.1 ldb-tools-debuginfo-2.4.2-150300.3.15.1 libldb-devel-2.4.2-150300.3.15.1 libldb2-2.4.2-150300.3.15.1 libldb2-debuginfo-2.4.2-150300.3.15.1 python3-ldb-2.4.2-150300.3.15.1 python3-ldb-debuginfo-2.4.2-150300.3.15.1 python3-ldb-devel-2.4.2-150300.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libldb2-32bit-2.4.2-150300.3.15.1 libldb2-32bit-debuginfo-2.4.2-150300.3.15.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): ldb-debugsource-2.4.2-150300.3.15.1 libldb2-2.4.2-150300.3.15.1 libldb2-debuginfo-2.4.2-150300.3.15.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): ldb-debugsource-2.4.2-150300.3.15.1 libldb2-2.4.2-150300.3.15.1 libldb2-debuginfo-2.4.2-150300.3.15.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ldb-debugsource-2.4.2-150300.3.15.1 libldb2-2.4.2-150300.3.15.1 libldb2-debuginfo-2.4.2-150300.3.15.1 python3-ldb-2.4.2-150300.3.15.1 python3-ldb-debuginfo-2.4.2-150300.3.15.1 References: https://www.suse.com/security/cve/CVE-2021-3670.html https://bugzilla.suse.com/1198397 . SUSE announces a patch for ldb tackling a minor issue, detailing installation procedures and the impacted products.. SUSE Update,lDB Security Fix,Low Severity Patch,OpenSUSE Announcement. . Severity: Low. LinuxSecurity.com Team

May 09, 2022 •Low SuSE

security advisorycriticalsamba

SUSE: 2022:0361-1 Critical: LDB and Samba Security Update

An update that solves 11 vulnerabilities, contains one feature and has two fixes is now available. . SUSE Security Update: Security update for ldb, samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0361-1 Rating: critical References: #1014440 #1188727 #1189017 #1189875 #1192214 #1192215 #1192246 #1192247 #1192283 #1192284 #1192505 #1192849 #1194859 SLE-18456 Cross-References: CVE-2016-2124 CVE-2020-17049 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722 CVE-2021-20254 CVE-2021-23192 CVE-2021-3738 CVE-2021-44142 CVSS scores: CVE-2020-17049 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-25718 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25719 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25721 (SUSE): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2020-25722 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-20254 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-20254 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2021-23192 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-3738 (SUSE): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2021-44142 (SUSE): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that solves 11 vulnerabilities, contains one feature and has two fixes is now available. Description: This updatefor ldb, samba fixes the following issues: Changes in ldb: + CVE-2020-25718: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246) + CVE-2021-3738: Fixed a crash in dsdb stack (bsc#1192215) Release ldb 2.2.2 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message + Fix memory handling in ldb.msg_diff + Backport bronze bit fixes, tests, and selftest improvements. Changes in samba: - CVE-2021-44142: Fixed an Out-of-Bound Read/Write on Samba vfs_fruit module; (bsc#1194859) - The username map [script] advice from CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails; (bsc#1192849); (bso#14901). - Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when 'allow trusted domains' is off; (bso#14899); - CVE-2020-25717: Fixed that a user on the domain can become root on domain members; (bsc#1192284); (bso#14556). - CVE-2020-25721: auth: Fill in the new HAS_SAM_NAME_AND_SID values; (bsc#1192505); (bso#14564). - CVE-2020-25718: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246);(bso#14558). - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given;(bsc#1192247);(bso#14561). - CVE-2020-25722: Fixed that AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues);(bsc#1192283); (bso#14564). - CVE-2021-3738: Fixed a crash in dsdb stack;(bsc#1192215); (bso#14468). - CVE-2021-23192: Fixed that dcerpc requests don't check all fragments against the first auth_state;(bsc#1192214);(bso#14875). - CVE-2016-2124: don't fallback to non spnego authentication if we require kerberos; (bsc#1014440); (bso#12444). Update to 4.13.13 * rodc_rwdc test flaps;(bso#14868). * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642). * Python ldb.msg_diff() memory handling failure;(bso#14836). * "in" operator on ldb.Message is case sensitive;(bso#14845). * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871). * Allow special chars like "@" in samAccountName when generating the salt;(bso#14874). * Fix transit path validation;(bso#12998). * Prepare to operate with MIT krb5 > = 1.20;(bso#14870). * rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645). * Python ldb.msg_diff() memory handling failure;(bso#14836). * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848). - Update to 4.13.12 * Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806). * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Address flapping samba_tool_drs_showrepl test;(bso#14818). * Address flapping dsdb_schema_attributes test;(bso#14819). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Fix CTDB flag/status update race conditions(bso#14784). - Update to 4.13.11 * smbd: panic on force-close share during offload write; (bso#14769). * Fix returned attributes on fake quota file handle and avoid hitting the VFS;(bso#14731). * smbd: "deadtime" parameter doesn't work anymore;(bso#14783). * net conf list crashes when run as normal user;(bso#14787). * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607). * Start the SMB encryption as soonas possible;(bso#14793). * Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792). - Fix 'net rpc' authentication when using the machine account; (bsc#1189017); (bso#14796); - Fix dependency problem upgrading from libndr0 to libndr1; (bsc#1189875); - Fix dependency problem upgrading from libsmbldap0 to libsmbldap2; (bsc#1189875); - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay; (bsc#1188727); - Add Certificate Auto Enrollment Policy; (jsc#SLE-18456). - Update to 4.13.10 * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles; (bso#14708); * Take a copy to make sure we don't reference free'd memory; (bso#14721); * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722); * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path; (bso#14736); * samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID; (bso#14575); * smbd: Correctly initialize close timestamp fields; (bso#14714); * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740); * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475); * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750); * smbXsrv_{open,session,tcon}: Protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752); * samba-tool domain backup offline doesn't work against bind DLZ backend; (bso#14027); * netcmd: Use next_free_rid() function to calculate a SID for restoring a backup; (bso#14669); - Update to 4.13.9 * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696); * Add documentation for dsdb_group_audit and dsdb_group_json_audit to "log level", synchronise "log level" in smb.conf with the code; (bso#14689); * Fix smbd panic when two clients open same file; (bso#14672); * Fix memory leak in the RPC server; (bso#14675); * s3: smbd: Fix deferred renames; (bso#14679); * s3-iremotewinspool: Set the per-request memory context; (bso#14675); * rpc_server3: Fix a memleak for internal pipes; (bso#14675); * third_party: Update socket_wrapper to version 1.3.2; (bso#11899); * third_party: Update socket_wrapper to version 1.3.3; (bso#14639); * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict; (bso#14663); * Fix the build on OmniOS; (bso#14288); - Update to 4.13.8 * CVE-2021-20254: Fix buffer overrun in sids_to_unixids(); (bso#14571 - Update to 4.13.7 * Release with dependency on ldb version 2.2.1. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-361=1 Package List: - SUSE Enterprise Storage 7 (aarch64 x86_64): ctdb-4.13.13+git.545.5897c2d94f3-3.12.1 ctdb-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 ldb-debugsource-2.2.2-4.6.1 libdcerpc-binding0-4.13.13+git.545.5897c2d94f3-3.12.1 libdcerpc-binding0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libdcerpc0-4.13.13+git.545.5897c2d94f3-3.12.1 libdcerpc0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libldb2-2.2.2-4.6.1 libldb2-debuginfo-2.2.2-4.6.1 libndr-krb5pac0-4.13.13+git.545.5897c2d94f3-3.12.1 libndr-krb5pac0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libndr-nbt0-4.13.13+git.545.5897c2d94f3-3.12.1 libndr-nbt0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libndr-standard0-4.13.13+git.545.5897c2d94f3-3.12.1 libndr-standard0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libndr1-4.13.13+git.545.5897c2d94f3-3.12.1 libndr1-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libnetapi0-4.13.13+git.545.5897c2d94f3-3.12.1 libnetapi0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-credentials0-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-credentials0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-errors0-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-errors0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-hostconfig0-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-hostconfig0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-passdb0-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-passdb0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-util0-4.13.13+git.545.5897c2d94f3-3.12.1 libsamba-util0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsamdb0-4.13.13+git.545.5897c2d94f3-3.12.1 libsamdb0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsmbclient0-4.13.13+git.545.5897c2d94f3-3.12.1 libsmbclient0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsmbconf0-4.13.13+git.545.5897c2d94f3-3.12.1 libsmbconf0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libsmbldap2-4.13.13+git.545.5897c2d94f3-3.12.1 libsmbldap2-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libtevent-util0-4.13.13+git.545.5897c2d94f3-3.12.1 libtevent-util0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 libwbclient0-4.13.13+git.545.5897c2d94f3-3.12.1 libwbclient0-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 python3-ldb-2.2.2-4.6.1 python3-ldb-debuginfo-2.2.2-4.6.1 samba-4.13.13+git.545.5897c2d94f3-3.12.1 samba-ceph-4.13.13+git.545.5897c2d94f3-3.12.1 samba-ceph-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 samba-client-4.13.13+git.545.5897c2d94f3-3.12.1 samba-client-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 samba-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 samba-debugsource-4.13.13+git.545.5897c2d94f3-3.12.1 samba-libs-4.13.13+git.545.5897c2d94f3-3.12.1 samba-libs-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 samba-libs-python3-4.13.13+git.545.5897c2d94f3-3.12.1 samba-libs-python3-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 samba-winbind-4.13.13+git.545.5897c2d94f3-3.12.1 samba-winbind-debuginfo-4.13.13+git.545.5897c2d94f3-3.12.1 References: https://www.suse.com/security/cve/CVE-2016-2124.html https://www.suse.com/security/cve/CVE-2020-17049.html https://www.suse.com/security/cve/CVE-2020-25717.html https://www.suse.com/security/cve/CVE-2020-25718.html https://www.suse.com/security/cve/CVE-2020-25719.html https://www.suse.com/security/cve/CVE-2020-25721.html https://www.suse.com/security/cve/CVE-2020-25722.html https://www.suse.com/security/cve/CVE-2021-20254.html https://www.suse.com/security/cve/CVE-2021-23192.html https://www.suse.com/security/cve/CVE-2021-3738.html https://www.suse.com/security/cve/CVE-2021-44142.html https://bugzilla.suse.com/1014440 https://bugzilla.suse.com/1188727 https://bugzilla.suse.com/1189017 https://bugzilla.suse.com/1189875 https://bugzilla.suse.com/1192214 https://bugzilla.suse.com/1192215 https://bugzilla.suse.com/1192246 https://bugzilla.suse.com/1192247 https://bugzilla.suse.com/1192283 https://bugzilla.suse.com/1192284 https://bugzilla.suse.com/1192505 https://bugzilla.suse.com/1192849 https://bugzilla.suse.com/1194859 . Important security patch released for SUSE tackling 11 vulnerabilities in ldb and samba. Vital for maintaining system integrity and protection.. SUSE Security Update, Samba Security Patch, LDB Security Fix, Critical Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Feb 10, 2022 •Critical SuSE

security advisoryupdateDoS

SUSE: 2021:3647-1 Important Samba And LDB Security Update

An update that fixes 8 vulnerabilities is now available. . SUSE Security Update: Security update for samba and ldb ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3647-1 Rating: important References: #1014440 #1192214 #1192215 #1192246 #1192247 #1192283 #1192284 #1192505 Cross-References: CVE-2016-2124 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722 CVE-2021-23192 CVE-2021-3738 CVSS scores: CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-25718 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25719 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25722 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-23192 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-3738 (SUSE): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for samba and ldb fixes the following issues: - CVE-2020-25718: Fixed that an RODC can issue (forge) administrator tickets to other servers (bsc#1192246). - CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215). - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). -CVE-2020-25719: Fixed AD DC Username based races when no PAC is given (bsc#1192247). - CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues) (bsc#1192283). - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214). - CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values (bsc#1192505). Samba was updated to 4.13.13 * rodc_rwdc test flaps;(bso#14868). * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642). * Python ldb.msg_diff() memory handling failure;(bso#14836). * "in" operator on ldb.Message is case sensitive;(bso#14845). * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871). * Allow special chars like "@" in samAccountName when generating the salt;(bso#14874). * Fix transit path validation;(bso#12998). * Prepare to operate with MIT krb5 > = 1.20;(bso#14870). * rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645). * Python ldb.msg_diff() memory handling failure;(bso#14836). * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848). Samba was updated to 4.13.12: * Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806). * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Address flapping samba_tool_drs_showrepl test;(bso#14818). * Address flapping dsdb_schema_attributes test;(bso#14819). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Fix CTDBflag/status update race conditions(bso#14784). Samba was updated to 4.13.11: * smbd: panic on force-close share during offload write; (bso#14769). * Fix returned attributes on fake quota file handle and avoid hitting the VFS;(bso#14731). * smbd: "deadtime" parameter doesn't work anymore;(bso#14783). * net conf list crashes when run as normal user;(bso#14787). * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607). * Start the SMB encryption as soon as possible;(bso#14793). * Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792). ldb was updated to 2.2.2: + CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246); (bso#14558) + CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848) Release ldb 2.2.2 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message;(bso#14845). + Fix memory handling in ldb.msg_diff Corrected python docstrings;(bso#14836) + Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3647=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-3647=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3647=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3647=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): ldb-debugsource-2.2.2-3.3.1 libldb2-2.2.2-3.3.1 libldb2-debuginfo-2.2.2-3.3.1 - SUSE Linux EnterpriseModule for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.13.13+git.528.140935f8d6a-3.12.1 samba-ad-dc-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-debugsource-4.13.13+git.528.140935f8d6a-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ldb-debugsource-2.2.2-3.3.1 ldb-tools-2.2.2-3.3.1 ldb-tools-debuginfo-2.2.2-3.3.1 libdcerpc-binding0-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-binding0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-devel-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-samr-devel-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-samr0-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-samr0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc0-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libldb-devel-2.2.2-3.3.1 libldb2-2.2.2-3.3.1 libldb2-debuginfo-2.2.2-3.3.1 libndr-devel-4.13.13+git.528.140935f8d6a-3.12.1 libndr-krb5pac-devel-4.13.13+git.528.140935f8d6a-3.12.1 libndr-krb5pac0-4.13.13+git.528.140935f8d6a-3.12.1 libndr-krb5pac0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr-nbt-devel-4.13.13+git.528.140935f8d6a-3.12.1 libndr-nbt0-4.13.13+git.528.140935f8d6a-3.12.1 libndr-nbt0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr-standard-devel-4.13.13+git.528.140935f8d6a-3.12.1 libndr-standard0-4.13.13+git.528.140935f8d6a-3.12.1 libndr-standard0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr1-4.13.13+git.528.140935f8d6a-3.12.1 libndr1-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libnetapi-devel-4.13.13+git.528.140935f8d6a-3.12.1 libnetapi0-4.13.13+git.528.140935f8d6a-3.12.1 libnetapi0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-credentials-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-credentials0-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-credentials0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-errors-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-errors0-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-errors0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-hostconfig-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-hostconfig0-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-hostconfig0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-passdb-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-passdb0-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-passdb0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-policy-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-policy-python3-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-policy0-python3-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-policy0-python3-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-util-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-util0-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-util0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamdb-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamdb0-4.13.13+git.528.140935f8d6a-3.12.1 libsamdb0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsmbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsmbclient0-4.13.13+git.528.140935f8d6a-3.12.1 libsmbclient0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsmbconf-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsmbconf0-4.13.13+git.528.140935f8d6a-3.12.1 libsmbconf0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsmbldap-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsmbldap2-4.13.13+git.528.140935f8d6a-3.12.1 libsmbldap2-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libtevent-util-devel-4.13.13+git.528.140935f8d6a-3.12.1 libtevent-util0-4.13.13+git.528.140935f8d6a-3.12.1 libtevent-util0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libwbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1 libwbclient0-4.13.13+git.528.140935f8d6a-3.12.1 libwbclient0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 python3-ldb-2.2.2-3.3.1 python3-ldb-debuginfo-2.2.2-3.3.1 python3-ldb-devel-2.2.2-3.3.1 samba-4.13.13+git.528.140935f8d6a-3.12.1 samba-client-4.13.13+git.528.140935f8d6a-3.12.1 samba-client-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-core-devel-4.13.13+git.528.140935f8d6a-3.12.1 samba-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-debugsource-4.13.13+git.528.140935f8d6a-3.12.1 samba-dsdb-modules-4.13.13+git.528.140935f8d6a-3.12.1 samba-dsdb-modules-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-gpupdate-4.13.13+git.528.140935f8d6a-3.12.1 samba-ldb-ldap-4.13.13+git.528.140935f8d6a-3.12.1 samba-ldb-ldap-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-python3-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-python3-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-python3-4.13.13+git.528.140935f8d6a-3.12.1 samba-python3-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-winbind-4.13.13+git.528.140935f8d6a-3.12.1 samba-winbind-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): samba-ceph-4.13.13+git.528.140935f8d6a-3.12.1 samba-ceph-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libdcerpc-binding0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-binding0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libldb2-32bit-2.2.2-3.3.1 libldb2-32bit-debuginfo-2.2.2-3.3.1 libndr-krb5pac0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libndr-krb5pac0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr-nbt0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libndr-nbt0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr-standard0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libndr-standard0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr1-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libndr1-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libnetapi0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libnetapi0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-credentials0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-credentials0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-errors0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-errors0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-hostconfig0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-hostconfig0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-passdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-passdb0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-util0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamdb0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsmbconf0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsmbconf0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsmbldap2-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsmbldap2-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libtevent-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libtevent-util0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libwbclient0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libwbclient0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-32bit-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-winbind-32bit-4.13.13+git.528.140935f8d6a-3.12.1 samba-winbind-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ctdb-4.13.13+git.528.140935f8d6a-3.12.1 ctdb-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-debugsource-4.13.13+git.528.140935f8d6a-3.12.1 References: https://www.suse.com/security/cve/CVE-2016-2124.html https://www.suse.com/security/cve/CVE-2020-25717.html https://www.suse.com/security/cve/CVE-2020-25718.html https://www.suse.com/security/cve/CVE-2020-25719.html https://www.suse.com/security/cve/CVE-2020-25721.html https://www.suse.com/security/cve/CVE-2020-25722.html https://www.suse.com/security/cve/CVE-2021-23192.html https://www.suse.com/security/cve/CVE-2021-3738.html https://bugzilla.suse.com/1014440 https://bugzilla.suse.com/1192214 https://bugzilla.suse.com/1192215 https://bugzilla.suse.com/1192246 https://bugzilla.suse.com/1192247 https://bugzilla.suse.com/1192283 https://bugzilla.suse.com/1192284 https://bugzilla.suse.com/1192505 . A critical SUSE patch for glibc and libxml2 resolves significant security flaws and exposes weaknesses.. Samba Security Patch, SUSE Important Update, Samba LDB Fixes. . Severity: Important. LinuxSecurity.com Team

Nov 10, 2021 •Important SuSE

security advisorybuffer overflowprivilege escalation

openSUSE 15.3: 2021:3647-1 Important: Samba And LDB Security Risks

An update that fixes 8 vulnerabilities is now available. . openSUSE Security Update: Security update for samba and ldb ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3647-1 Rating: important References: #1014440 #1192214 #1192215 #1192246 #1192247 #1192283 #1192284 #1192505 Cross-References: CVE-2016-2124 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722 CVE-2021-23192 CVE-2021-3738 CVSS scores: CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2020-25718 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25719 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-25722 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-23192 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-3738 (SUSE): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for samba and ldb fixes the following issues: - CVE-2020-25718: Fixed that an RODC can issue (forge) administrator tickets to other servers (bsc#1192246). - CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215). - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given (bsc#1192247). - CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level bug for AD DC validationissues) (bsc#1192283). - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214). - CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values (bsc#1192505). Samba was updated to 4.13.13 * rodc_rwdc test flaps;(bso#14868). * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642). * Python ldb.msg_diff() memory handling failure;(bso#14836). * "in" operator on ldb.Message is case sensitive;(bso#14845). * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871). * Allow special chars like "@" in samAccountName when generating the salt;(bso#14874). * Fix transit path validation;(bso#12998). * Prepare to operate with MIT krb5 > = 1.20;(bso#14870). * rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645). * Python ldb.msg_diff() memory handling failure;(bso#14836). * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848). Samba was updated to 4.13.12: * Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806). * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Address flapping samba_tool_drs_showrepl test;(bso#14818). * Address flapping dsdb_schema_attributes test;(bso#14819). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Fix CTDB flag/status update race conditions(bso#14784). Samba was updated to 4.13.11: * smbd: panic on force-close share during offload write; (bso#14769). * Fix returned attributes on fake quotafile handle and avoid hitting the VFS;(bso#14731). * smbd: "deadtime" parameter doesn't work anymore;(bso#14783). * net conf list crashes when run as normal user;(bso#14787). * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607). * Start the SMB encryption as soon as possible;(bso#14793). * Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792). ldb was updated to 2.2.2: + CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246); (bso#14558) + CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848) Release ldb 2.2.2 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message;(bso#14845). + Fix memory handling in ldb.msg_diff Corrected python docstrings;(bso#14836) + Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3647=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ctdb-4.13.13+git.528.140935f8d6a-3.12.1 ctdb-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 ctdb-pcp-pmda-4.13.13+git.528.140935f8d6a-3.12.1 ctdb-pcp-pmda-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 ctdb-tests-4.13.13+git.528.140935f8d6a-3.12.1 ctdb-tests-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 ldb-debugsource-2.2.2-3.3.1 ldb-tools-2.2.2-3.3.1 ldb-tools-debuginfo-2.2.2-3.3.1 libdcerpc-binding0-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-binding0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-devel-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-samr-devel-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-samr0-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-samr0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc0-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libldb-devel-2.2.2-3.3.1 libldb2-2.2.2-3.3.1 libldb2-debuginfo-2.2.2-3.3.1 libndr-devel-4.13.13+git.528.140935f8d6a-3.12.1 libndr-krb5pac-devel-4.13.13+git.528.140935f8d6a-3.12.1 libndr-krb5pac0-4.13.13+git.528.140935f8d6a-3.12.1 libndr-krb5pac0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr-nbt-devel-4.13.13+git.528.140935f8d6a-3.12.1 libndr-nbt0-4.13.13+git.528.140935f8d6a-3.12.1 libndr-nbt0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr-standard-devel-4.13.13+git.528.140935f8d6a-3.12.1 libndr-standard0-4.13.13+git.528.140935f8d6a-3.12.1 libndr-standard0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr1-4.13.13+git.528.140935f8d6a-3.12.1 libndr1-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libnetapi-devel-4.13.13+git.528.140935f8d6a-3.12.1 libnetapi0-4.13.13+git.528.140935f8d6a-3.12.1 libnetapi0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-credentials-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-credentials0-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-credentials0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-errors-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-errors0-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-errors0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-hostconfig-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-hostconfig0-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-hostconfig0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-passdb-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-passdb0-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-passdb0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-policy-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-policy-python3-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-policy0-python3-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-policy0-python3-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-util-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-util0-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-util0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamdb-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsamdb0-4.13.13+git.528.140935f8d6a-3.12.1 libsamdb0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsmbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsmbclient0-4.13.13+git.528.140935f8d6a-3.12.1 libsmbclient0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsmbconf-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsmbconf0-4.13.13+git.528.140935f8d6a-3.12.1 libsmbconf0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsmbldap-devel-4.13.13+git.528.140935f8d6a-3.12.1 libsmbldap2-4.13.13+git.528.140935f8d6a-3.12.1 libsmbldap2-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libtevent-util-devel-4.13.13+git.528.140935f8d6a-3.12.1 libtevent-util0-4.13.13+git.528.140935f8d6a-3.12.1 libtevent-util0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libwbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1 libwbclient0-4.13.13+git.528.140935f8d6a-3.12.1 libwbclient0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 python3-ldb-2.2.2-3.3.1 python3-ldb-debuginfo-2.2.2-3.3.1 python3-ldb-devel-2.2.2-3.3.1 samba-4.13.13+git.528.140935f8d6a-3.12.1 samba-ad-dc-4.13.13+git.528.140935f8d6a-3.12.1 samba-ad-dc-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-client-4.13.13+git.528.140935f8d6a-3.12.1 samba-client-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-core-devel-4.13.13+git.528.140935f8d6a-3.12.1 samba-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-debugsource-4.13.13+git.528.140935f8d6a-3.12.1 samba-dsdb-modules-4.13.13+git.528.140935f8d6a-3.12.1 samba-dsdb-modules-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-gpupdate-4.13.13+git.528.140935f8d6a-3.12.1 samba-ldb-ldap-4.13.13+git.528.140935f8d6a-3.12.1 samba-ldb-ldap-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-python3-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-python3-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-python3-4.13.13+git.528.140935f8d6a-3.12.1 samba-python3-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-test-4.13.13+git.528.140935f8d6a-3.12.1 samba-test-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-winbind-4.13.13+git.528.140935f8d6a-3.12.1 samba-winbind-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 - openSUSE Leap 15.3 (aarch64 x86_64): samba-ceph-4.13.13+git.528.140935f8d6a-3.12.1 samba-ceph-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 - openSUSE Leap 15.3 (aarch64_ilp32): libdcerpc-binding0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-binding0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-samr0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-samr0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr-krb5pac0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libndr-krb5pac0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr-nbt0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libndr-nbt0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr-standard0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libndr-standard0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr1-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libndr1-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libnetapi-devel-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libnetapi0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libnetapi0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-credentials0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-credentials0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-errors0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-errors0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-hostconfig0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-hostconfig0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-passdb0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-passdb0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-policy0-python3-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-policy0-python3-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-util0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-util0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamdb0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamdb0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsmbclient0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libsmbclient0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsmbconf0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libsmbconf0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsmbldap2-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libsmbldap2-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libtevent-util0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libtevent-util0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libwbclient0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 libwbclient0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-ad-dc-64bit-4.13.13+git.528.140935f8d6a-3.12.1 samba-ad-dc-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-client-64bit-4.13.13+git.528.140935f8d6a-3.12.1 samba-client-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-64bit-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-python3-64bit-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-python3-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-winbind-64bit-4.13.13+git.528.140935f8d6a-3.12.1 samba-winbind-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 - openSUSE Leap 15.3 (noarch): samba-doc-4.13.13+git.528.140935f8d6a-3.12.1 - openSUSE Leap 15.3 (x86_64): libdcerpc-binding0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-binding0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-samr0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc-samr0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libdcerpc0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libldb2-32bit-2.2.2-3.3.1 libldb2-32bit-debuginfo-2.2.2-3.3.1 libndr-krb5pac0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libndr-krb5pac0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr-nbt0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libndr-nbt0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr-standard0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libndr-standard0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libndr1-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libndr1-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libnetapi-devel-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libnetapi0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libnetapi0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-credentials0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-credentials0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-errors0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-errors0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-hostconfig0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-hostconfig0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-passdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-passdb0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-policy0-python3-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-policy0-python3-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamba-util0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsamdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsamdb0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsmbclient0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsmbclient0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsmbconf0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsmbconf0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libsmbldap2-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libsmbldap2-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libtevent-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libtevent-util0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 libwbclient0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 libwbclient0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 python3-ldb-32bit-2.2.2-3.3.1 python3-ldb-32bit-debuginfo-2.2.2-3.3.1 samba-ad-dc-32bit-4.13.13+git.528.140935f8d6a-3.12.1 samba-ad-dc-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-client-32bit-4.13.13+git.528.140935f8d6a-3.12.1 samba-client-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-32bit-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-python3-32bit-4.13.13+git.528.140935f8d6a-3.12.1 samba-libs-python3-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 samba-winbind-32bit-4.13.13+git.528.140935f8d6a-3.12.1 samba-winbind-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1 References: https://www.suse.com/security/cve/CVE-2016-2124.html https://www.suse.com/security/cve/CVE-2020-25717.html https://www.suse.com/security/cve/CVE-2020-25718.html https://www.suse.com/security/cve/CVE-2020-25719.html https://www.suse.com/security/cve/CVE-2020-25721.html https://www.suse.com/security/cve/CVE-2020-25722.html https://www.suse.com/security/cve/CVE-2021-23192.html https://www.suse.com/security/cve/CVE-2021-3738.html https://bugzilla.suse.com/1014440 https://bugzilla.suse.com/1192214 https://bugzilla.suse.com/1192215 https://bugzilla.suse.com/1192246 https://bugzilla.suse.com/1192247 https://bugzilla.suse.com/1192283 https://bugzilla.suse.com/1192284 https://bugzilla.suse.com/1192505 . openSUSE has released a security patch addressing severe vulnerabilities in samba and ldb, which could lead to privilege escalation and buffer overflow exploits.. openSUSE Security,Samba Update,LDB Issues,Security Fix,Privilege Escalation. . Severity: Important. LinuxSecurity.com Team

Nov 10, 2021 •Important OpenSUSE

security advisorycriticalsamba

Mageia: 2021-0287 Critical Samba and LDB Flaws Affecting Availability

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability (CVE-2020-27840). . MGASA-2021-0287 - Updated samba and ldb packages fix security vulnerabilities Publication date: 25 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0287.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2020-27840, CVE-2021-20254, CVE-2021-20277 A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability (CVE-2020-27840). A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity (CVE-2021-20254). A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability (CVE-2021-20277). Also, the samba package for Mageia 7 fixes a scriplet issue when updating. Additionally, the sssd package has been rebuilt for the updated ldb package. References: - https://bugs.mageia.org/show_bug.cgi?id=28686 - https://bugs.mageia.org/show_bug.cgi?id=28042 - - - -https://www.cve.org/CVERecord?id=CVE-2020-27840 - https://www.cve.org/CVERecord?id=CVE-2021-20254 - https://www.cve.org/CVERecord?id=CVE-2021-20277 SRPMS: - 8/core/ldb-2.1.5-1.mga8 - 8/core/samba-4.12.15-1.mga8 - 8/core/sssd-2.4.0-1.1.mga8 - 7/core/ldb-1.5.8-1.1.mga7 - 7/core/samba-4.10.18-1.3.mga7 - 7/core/sssd-1.16.3-3.3.mga7 . Mageia 2021-0287 resolves significant vulnerabilities in samba and ldb that could compromise system stability and data security.. Samba Security, LDB Security, Mageia Updates, System Availability, Data Integrity. . Severity: Critical. LinuxSecurity.com Team

Jun 25, 2021 •Critical Mageia

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Ubuntu 22.04 LTS USN-5992-1 Moderate: ldb Sensitive Data Exposure

SUSE Linux Enterprise 15-SP3 Security Notice: Critical Ldb And Samba Flaws

SUSE: 2022:2307-1 Moderate: LDB And Samba Security Update

SUSE: 2022:1576-1 Low: ldb Security Update for Multiple Products

SUSE: 2022:0361-1 Critical: LDB and Samba Security Update

SUSE: 2021:3647-1 Important Samba And LDB Security Update

openSUSE 15.3: 2021:3647-1 Important: Samba And LDB Security Risks

Mageia: 2021-0287 Critical Samba and LDB Flaws Affecting Availability

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!