This update for samba to version 4.10.17 fixes the following issues:
- Fixed net command unable to negotiate SMB2; (bsc#1174120); - Update to 4.10.17 - CVE-2020-10745: Invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). - CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159). - CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (1173161). - CVE-2020-14303: Fix endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined, ldb: Bump version to 1.5.8; (bso#14364); (bsc#1173159). - Update to 4.10.16 s3: lib: Paranoia around use of snprintf copying into a fixed-size buffer from a getenv() pointer. lib:util: Fix smbclient -l basename dir; (bso#14345). Malicous SMB1 server can crash libsmbclient; (bso#14366). s3:libads: Fix ads_get_upn(); (bso#14336). docs-xml: Fix usernames in pam_winbind manpages; (bso#14358). Client tools are not able to read gencache anymore since 4.10; (bso#14370). - Update to 4.10.15 - CVE-2020-10700: Fix use-after-free in AD DC LDAP server when ASQ and paged_results combined; (bso#14331); (bsc#1169850). - CVE-2020-10704: Fix LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#20454); (bsc#1169851). - Update to 4.10.14 s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283). nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#20193). dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL), auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL); (bso#14247). winbind member (source3) fails local SAM auth with empty domain name; (bso#14247). winbindd: Handling missing idmap in getgrgid(); (bso#14265). lib:util: Log mkdir error on correct debug levels; (bso#14253). wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295). - Update to 4.10.13 s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an inode number; (bso#14161). s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum() on an SMB1 connection; (bso#14174). s3: libsmb: Ensure return from net_share_enum_rpc() sets cli->raw_status on error; (bso#14176). s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response; (bso#14189). s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds; (bso#14205). pygpo: Use correct method flags; (bso#14209). s3: Remove now unneeded call to cmdline_messaging_context(); (bso#13925). Incomplete conversion of former parametric options; (bso#14069). Fix sync dosmode fallback in async dosmode codepath; (bso#14070). vfs_fruit returns capped resource fork length; (bso#14171). s3:printing: Fix %J substition; (bso#13745). libnet_join: Add SPNs for additional-dns-hostnames entries; (bso#14116). Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). ctdb-tcp: Close inflight connecting TCP sockets after fork; (bso#14175). s4:dirsync: Fix interaction of dirsync and extended_dn controls; (bso#14153). upgradedns: Ensure lmdb lock files linked; (bso#14199). s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). wscript: Remove checks for shm_open and shmget; (bso#14140). libsmbclient: smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1); (bso#14101). replace: Only link libnsl and libsocket if required; (bso#14168). librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). heimdal-build: Avoid hard-coded /usr/include/heimdal in asn1_compile-generated code; (bso#13856). ctdb-tcp: Drop tracking of file descriptor for incoming connections; (bso#14175). ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227). - Update to 4.10.12 - CVE-2019-14902: Replication of ACLs down subtree on AD Directory not automatic; (bso#12497); (bsc#1160850); - CVE-2019-14907: lib/util: Do not print the failed to convert string into the logs; (bso#14208); (bsc#1160888). - CVE-2019-19344: kcc dns scavenging: Fix use after free in dns_tombstone_records_zone; (bso#14050); (bsc#1160852). - Update to 4.10.11 - CVE-2019-14861: Fix DNSServer RPC server crash; (bso#14138); (bsc#1158108). - CVE-2019-14870: DelegationNotAllowed not being enforced; (bso#14187); (bsc#1158109). - Update to 4.10.10 - CVE-2019-10218 - s3: libsmb: Protect SMB1 and SMB2 client code from evil server returned names; (bso#14071); (bsc#1144902). - CVE-2019-14833: Use utf8 characters in the unacceptable password; (bso#12438); (bsc#1154289). - CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with dirsync; (bso#14040); (bsc#1154598). - CVE-2019-14833 dsdb: Send full password to check password script; (bso#12438); (bsc#1154289). - Update to 4.10.9 Different Device Id for GlusterFS FUSE mount is causing data loss in CTDB cluster; (bso#13972). winbind: Provide passwd struct for group sid with ID_TYPE_BOTH mapping (again); (bso#14141). smbc_readdirplus() is incompatible with smbc_telldir() and smbc_lseekdir(); (bso#14094). s3: smbclient: Stop an SMB2-connection from blundering into SMB1-specific calls; (bso#14152). s4/scripting: MORE py3 compatible print functions. ldb: Release ldb 1.5.6; (bso#13978). undoduididx: Add 'or later' to warning about using tools from Samba 4.8; (bso#13978). ldb_tdb fails to check error return when parsing pack formats; (bso#13959). ctdb: Fix compilation on systems with glibc robust mutexes; (bso#14038). GPO security filtering based on the groups in Kerberos PAC (but primary group is missing); (bso#11362). Fix spnego fallback from kerberos to ntlmssp in smbd server; (bso#14106). s3-winbindd: fix forest trusts with additional trust attributes; (bso#14130). vfs_glusterfs: Use pthreadpool for scheduling aio operations; (bso#14098). ldb: baseinfo pack format check on init; (bso#13977). ldb: ldbdump key and pack format version comments; (bso#13978). Overlinking libreplace against librt and pthread against every binary or library causes issues; (bso#14140). ctdb-vacuum: Process all records not deleted on a remote node; (bso#14147). classicupgrade: Fix uncaught exception; (bso#14136). fault.c: Improve fault_report message text pointing to our wiki; (bso#14139). s3:client:Use DEVICE_URI, instead of argv[0],for Device URI; (bso#14128). We should send SMB2_NETNAME_NEGOTIATE_CONTEXT_ID negotiation context; (bso#14055). 'pam_winbind' with 'krb5_auth' or 'wbinfo -K' doesn't work for users of trusted domains/forests principals' logic; (bso#14124). vfs_glusterfs: Enable profiling for file system operations; (bso#14093). vfs_gpfs: Implement special case for denying owner access to ACL; (bso#14032). Joining Active Directory should not use SAMR to set the password; (bso#13884). s3:libsmb: Do not check the SPNEGO neg token for KRB5; (bso#14106). Overlinking libreplace against librt and pthread against every binary or library causes issues; (bso#14140). 'kpasswd' fails when built with MIT Kerberos; (bso#14155). CTDB replies can be lost before nodes are bidirectionally connected; (bso#14084). 'ctdb stop' command completes before databases are frozen; (bso#14087). ctdb-tools: Stop deleted nodes from influencing ctdb nodestatus exit code; (bso#14129). s3:ldap: Fix join with don't exists machine account; (bso#14007). - Update to 4.10.8 - CVE-2019-10197: Permissions check deny can allow user to escape from the share; (bso#14035); (bsc#1141267). - CVE-2019-10197: Permissions check deny can allow user to escape from the share; (bso#14035); (bsc#1141267). - Update to 4.10.7 Unable to create or rename file/directory inside shares configured with vfs_glusterfs_fuse module; (bso#14010). build: Allow build when '--disable-gnutls' is set; (bso#13844). samba-tool: Add 'import samba.drs_utils' to fsmo.py; (bso#13973). Fix 'Error 32 determining PSOs in system' message on old DB with FL upgrade; (bso#14008). s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021). join: Use a specific attribute order for the DsAddEntry nTDSDSA object; (bso#14046). vfs_catia: Pass stat info to synthetic_smb_fname(); (bso#14015). lookup_name: Allow own domain lookup when flags == 0; (bso#14091). s4 librpc rpc pyrpc: Ensure tevent_context deleted last; (bso#13932). DEBUGC and DEBUGADDC doesn't print into a class specific log file; (bso#13915). Request to keep deprecated option 'server schannel', VMWare Quickprep requires 'auto'; (bso#13949). dbcheck: Fallback to the default tombstoneLifetime of 180 days; (bso#13967). dnsProperty fails to decode values from older Windows versions; (bso#13969). samba-tool: Use only one LDAP modify for dns partition fsmo role transfer; (bso#13973). third_party: Update waf to version 2.0.17; (bso#13960). netcmd: Allow 'drs replicate --local' to create partitions; (bso#14051). ctdb-config: Depend on /etc/ctdb/nodes file; (bso#14017). - Update to 4.10.6 s3: winbind: Fix crash when invoking winbind idmap scripts; (bso#13956). smbd does not correctly parse arguments passed to dfree and quota scripts; (bso#13964). samba-tool dns: use bytes for inet_ntop; (bso#13965). samba-tool domain provision: Fix --interactive module in python3; (bso#13828). ldb_kv: Skip @ records early in a search full scan; (bso#13893). docs: Improve documentation of 'lanman auth' and 'ntlm auth' connection; (bso#13981). python/ntacls: Use correct 'state directory' smb.conf option instead of 'state dir'; (bso#14002). registry: Add a missing include; (bso#13840). Fix SMB guest authentication; (bso#13944). AppleDouble conversion breaks Resourceforks; (bso#13958). vfs_fruit makes direct use of syscalls like mmap() and pread(); (bso#13968). s3:mdssvc: Fix flex compilation error; (bso#13987). s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly:; (bso#13872). dsdb:samdb: schemainfo update with relax control; (bso#13799). s3:util: Move static file_pload() function to lib/util; (bso#13964). smbd: Fix a panic; (bso#13957). ldap server: Generate correct referral schemes; (bso#12478). s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value; (bso#13941). s4 dsdb: Fix use after free in samldb_rename_search_base_callback; (bso#13942). dsdb/repl: we need to replicate the whole schema before we can apply it; (bso#12204). ldb: Release ldb 1.5.5; (bso#12478). Schema replication fails if link crosses chunk boundary backwards; (bso#13713). 'samba-tool domain schemaupgrade' uses relax control and skips the schemaInfo update provision; (bso#13799). dsdb_audit: avoid printing '... remote host [Unknown] SID [(NULL SID)] ...'; (bso#13916). python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to get the ACL; (bso#13917). s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary; (bso#13947). Using Kerberos credentials to print using spoolss doesn't work; (bso#13939). wafsamba: Use native waf timer; (bso#13998). ctdb-scripts: Fix tcp_tw_recycle existence check; (bso#13984).
This update for ldb to version 1.5.8 fixes the following issues:
- Update to 1.5.8 - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159). - Update to 1.5.7 - CVE-2020-10700: Fixed a use-after-free in AD DC LDAP server when ASQ and paged_results combined (bsc#1169850). - Update to 1.5.6 - Fix segfault parsing new pack formats or invalid packed data - Check for new pack formats during startup - Making ldbdump print out pack format info and keys so we have low level visibility for testing in python - Update to 1.5.5 LDAP_REFERRAL_SCHEME_OPAQUE was added Skip @ records early in a search full scan
openSUSE Leap 42.1 openSUSE Leap 42.2 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Real Time Extension 11 SP1 SUSE Linux Enterprise Real Time Extension 11 SP4 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SUSE Linux Enterprise Server for SAP Applications 11 SP1 SUSE Linux Enterprise Server for SAP Applications 11 SP1-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP1-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP3-CLIENT-TOOLS SUSE Linux Enterprise Server for SAP Applications 11 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11-SECURITY SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2-BCL SUSE Linux Enterprise Server for SAP Applications 12 SP2-ESPOS SUSE Linux Enterprise Server for SAP Applications 12 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3-BCL SUSE Linux Enterprise Server for SAP Applications 12 SP3-ESPOS SUSE Linux Enterprise Server for SAP Applications 12 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 12-LTSS SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE OpenStack Cloud 5