Oval Definition:oval:org.opensuse.security:def:103018
Revision Date:2021-01-21Version:1
Title:Security update for samba (Moderate)
Description:

This update for samba fixes the following issues:

- Update to 4.13.3 + libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob; (bso#14210); + s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function; (bso#14486); + s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE(); (bso#14515); + s3: spoolss: Make parameters in call to user_ok_token() match all other uses; (bso#14568); + s3: smbd: Quiet log messages from usershares for an unknown share; (bso#14590); + samba process does not honor max log size; (bso#14248); + vfs_zfsacl: Add missing inherited flag on hidden 'magic' everyone@ ACE; (bso#14587); + s3-libads: Pass timeout to open_socket_out in ms; (bso#13124); + s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486); + smbclient: Fix recursive mget; (bso#14517); + clitar: Use do_list()'s recursion in clitar.c; (bso#14581); + manpages/vfs_glusterfs: Mention silent skipping of write-behind translator; (bso#14486); + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573); + interface: Fix if_index is not parsed correctly; (bso#14514);

- Update to 4.13.2 + s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return; (bso#14486); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); + smb.conf.5: Add clarification how configuration changes reflected by Samba; (bso#14538); + daemons: Report status to systemd even when running in foreground; (bso#14552); + DNS Resolver: Support both dnspython before and after 2.0.0; (bso#14553); + s3-vfs_glusterfs: Refuse connection when write-behind xlator is present; (bso#14486); + provision: Add support for BIND 9.16.x; (bso#14487); + ctdb-common: Avoid aliasing errors during code optimization; (bso#14537); + libndr: Avoid assigning duplicate versions to symbols; (bso#14541); + docs: Fix default value of spoolss:architecture; (bso#14522); + winbind: Fix a memleak; (bso#14388); + s4:dsdb:acl_read: Implement 'List Object' mode feature; (bso#14531); + docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs; (bso#14486); + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h. + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530); + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547); + examples:auth: Do not install example plugin; (bso#14550); + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471);

- Adjust smbcacls '--propagate-inheritance' feature to align with upstream; (bsc#1178469).

- Update to samba 4.13.1 + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records; (bsc#1177613); (bso#14472); + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994); (bso#14436); + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify; (bsc#1173902); (bso#14434); - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba; (bsc#1177355);
Family:unixClass:patch
Status:Reference(s):1173902
1173994
1177355
1177613
1178469
CVE-2020-14318
CVE-2020-14323
CVE-2020-14383
SUSE-SU-2021:0185-1
Platform(s):SUSE Enterprise Storage 7
Product(s):
Definition Synopsis
  • SUSE Enterprise Storage 7 is installed
  • AND Package Information
  • ctdb-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libdcerpc-binding0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libdcerpc0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libndr-krb5pac0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libndr-nbt0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libndr-standard0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libndr1-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libnetapi0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libsamba-credentials0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libsamba-errors0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libsamba-hostconfig0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libsamba-passdb0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libsamba-util0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libsamdb0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libsmbclient0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libsmbconf0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libsmbldap2-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libtevent-util0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR libwbclient0-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR samba-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR samba-ceph-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR samba-client-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR samba-libs-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR samba-libs-python3-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
  • OR samba-winbind-4.13.3+git.181.fc4672a5b81-3.3.1 is installed
    • BACK