Oval Definition:oval:org.opensuse.security:def:111781
Revision Date:2021-11-10Version:1
Title:Security update for samba and ldb (Important)
Description:

This update for samba and ldb fixes the following issues:

- CVE-2020-25718: Fixed that an RODC can issue (forge) administrator tickets to other servers (bsc#1192246). - CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215). - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given (bsc#1192247). - CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues) (bsc#1192283). - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214). - CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values (bsc#1192505).

Samba was updated to 4.13.13

rodc_rwdc test flaps;(bso#14868). * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642). * Python ldb.msg_diff() memory handling failure;(bso#14836). * 'in' operator on ldb.Message is case sensitive;(bso#14845). * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871). * Allow special chars like '@' in samAccountName when generating the salt;(bso#14874). * Fix transit path validation;(bso#12998). * Prepare to operate with MIT krb5 >= 1.20;(bso#14870). * rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645). * Python ldb.msg_diff() memory handling failure;(bso#14836). * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848).

Samba was updated to 4.13.12:

Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806). * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Address flapping samba_tool_drs_showrepl test;(bso#14818). * Address flapping dsdb_schema_attributes test;(bso#14819). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Fix CTDB flag/status update race conditions(bso#14784).

Samba was updated to 4.13.11:

smbd: panic on force-close share during offload write; (bso#14769). * Fix returned attributes on fake quota file handle and avoid hitting the VFS;(bso#14731). * smbd: 'deadtime' parameter doesn't work anymore;(bso#14783). * net conf list crashes when run as normal user;(bso#14787). * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607). * Start the SMB encryption as soon as possible;(bso#14793). * Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792).

ldb was updated to 2.2.2:

+ CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246); (bso#14558) + CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848)

Release ldb 2.2.2

+ Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message;(bso#14845). + Fix memory handling in ldb.msg_diff Corrected python docstrings;(bso#14836) + Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).
Family:unixClass:patch
Status:Reference(s):1014440
1192214
1192215
1192246
1192247
1192283
1192284
1192505
CVE-2016-2124
CVE-2020-25717
CVE-2020-25718
CVE-2020-25719
CVE-2020-25721
CVE-2020-25722
CVE-2021-23192
CVE-2021-3738
openSUSE-SU-2021:3647-1
Platform(s):openSUSE Leap 15.3
Product(s):
Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • ctdb-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR ctdb-pcp-pmda-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR ctdb-tests-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR ldb-tools-2.2.2-3.3.1 is installed
  • OR libdcerpc-binding0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libdcerpc-binding0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libdcerpc-binding0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libdcerpc-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libdcerpc-samr-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libdcerpc-samr0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libdcerpc-samr0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libdcerpc-samr0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libdcerpc0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libdcerpc0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libdcerpc0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libldb-devel-2.2.2-3.3.1 is installed
  • OR libldb2-2.2.2-3.3.1 is installed
  • OR libldb2-32bit-2.2.2-3.3.1 is installed
  • OR libndr-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr-krb5pac-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr-krb5pac0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr-krb5pac0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr-krb5pac0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr-nbt-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr-nbt0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr-nbt0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr-nbt0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr-standard-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr-standard0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr-standard0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr-standard0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr1-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr1-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libndr1-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libnetapi-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libnetapi-devel-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libnetapi-devel-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libnetapi0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libnetapi0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libnetapi0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-credentials-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-credentials0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-credentials0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-credentials0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-errors-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-errors0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-errors0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-errors0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-hostconfig-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-hostconfig0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-hostconfig0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-hostconfig0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-passdb-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-passdb0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-passdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-passdb0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-policy-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-policy-python3-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-policy0-python3-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-policy0-python3-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-policy0-python3-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-util-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-util0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamba-util0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamdb-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamdb0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsamdb0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsmbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsmbclient0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsmbclient0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsmbclient0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsmbconf-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsmbconf0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsmbconf0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsmbconf0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsmbldap-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsmbldap2-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsmbldap2-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libsmbldap2-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libtevent-util-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libtevent-util0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libtevent-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libtevent-util0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libwbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libwbclient0-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libwbclient0-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR libwbclient0-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR python3-ldb-2.2.2-3.3.1 is installed
  • OR python3-ldb-32bit-2.2.2-3.3.1 is installed
  • OR python3-ldb-devel-2.2.2-3.3.1 is installed
  • OR samba-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-ad-dc-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-ad-dc-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-ad-dc-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-ceph-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-client-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-client-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-client-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-core-devel-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-doc-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-dsdb-modules-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-gpupdate-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-ldb-ldap-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-libs-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-libs-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-libs-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-libs-python3-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-libs-python3-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-libs-python3-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-python3-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-test-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-winbind-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-winbind-32bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
  • OR samba-winbind-64bit-4.13.13+git.528.140935f8d6a-3.12.1 is installed
    • BACK