OVAL Reference oval:org.opensuse.security:def:5339

Oval Definition:

oval:org.opensuse.security:def:5339

Revision Date:	2022-02-14	Version:	1
Title:	Security update for samba (Critical)
Description:	This update contains a major security update for Samba. samba has received security fixes: - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services (bsc#1195048); samba was updated to version 4.15.4; (jsc#SLE-23330); + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bso#13979); (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bso#14842); (bsc#1191227); - Build samba with embedded talloc, pytalloc, pytalloc-util, tdb, pytdb, tevent, pytevent, ldb, pyldb and pyldb-util libraries. The tdb and ldb tools are installed in /usr/lib[64]/samba/bin and their manpages in /usr/lib[64]/samba/man This avoids removing old functionality. samba was updated to 4.15.4: Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba sssd was updated: - Build with the newer samba versions; (jsc#SLE-23330); - Fix a dependency loop by moving internal libraries to sssd-common package; (bsc#1182058); p11-kit was updated: Update to 0.23.2; (jsc#SLE-23330); Fix forking issues with libffi * Fix various crashes in corner cases * Updated translations * Build fixes - Fix multiple integer overflows in rpc code (bsc#1180064 CVE-2020-29361): - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993) ca-certificates was updated: - p11-kit 0.23.1 supports pem-directory-hash. (jsc#SLE-23330) This update also ships: - libnettle 3.1 and gnutls 3.4.17 as parallel libraries to meet the requires of the newer samba. apparmor was updated: - Update samba apparmor profiles for samba 4.15 (jsc#SLE-23330); yast2-samba-client was updated: - With latest versions of samba (>=4.15.0) calling 'net ads lookup' with '-U%' fails; (boo#1193533). - yast-samba-client fails to join if /etc/samba/smb.conf or /etc/krb5.conf don't exist; (bsc#1089938) - Do not stop nmbd while nmbstatus is running, it is not necessary anymore; (bsc#1158916);
Family:	unix	Class:	patch
Status:		Reference(s):	1051510 1065729 1071995 1089938 1104967 1139519 1152107 1153259 1155784 1158755 1158916 1162002 1170011 1171078 1171673 1171732 1171868 1172257 1172775 1172781 1172782 1172783 1172999 1173265 1173280 1173514 1173567 1173573 1173659 1173999 1174000 1174115 1174462 1174543 1175568 1178890 1178891 1180064 1182058 1191227 1192505 1192684 1193533 1193690 1194859 1195048 CVE-2006-0855 CVE-2007-1669 CVE-2008-5984 CVE-2009-2625 CVE-2009-3560 CVE-2009-3720 CVE-2010-2947 CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 CVE-2011-3635 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 CVE-2012-2451 CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 CVE-2013-1992 CVE-2013-4314 CVE-2013-7447 CVE-2014-2497 CVE-2014-7300 CVE-2014-9709 CVE-2015-4041 CVE-2015-4042 CVE-2019-16746 CVE-2019-20908 CVE-2020-0305 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10769 CVE-2020-10773 CVE-2020-12771 CVE-2020-12888 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 CVE-2020-25721 CVE-2020-27745 CVE-2020-27746 CVE-2020-29361 CVE-2020-8027 CVE-2021-20316 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 SUSE-SU-2020:2712-2 SUSE-SU-2022:0323-1
Platform(s):	openSUSE 13.1 openSUSE 13.1 NonFree SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise for SAP 11 SP1 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise for SAP 12 SP1 SUSE Linux Enterprise High Availability 12 SP2 SUSE Linux Enterprise High Availability 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Live Patching 12 SP3 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Real Time Extension 12 SP1 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE OpenStack Cloud 5	Product(s):
Definition Synopsis
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND Package Information python-keystoneclient-1.0.0-16.1 is installed OR python-keystoneclient-doc-1.0.0-16.1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information icu-4.0-7.28.1 is installed OR libicu-4.0-7.28.1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information coreutils-8.22-9 is installed OR coreutils-lang-8.22-9 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information empathy-3.12.12-5 is installed OR empathy-lang-3.12.12-5 is installed OR telepathy-mission-control-plugin-goa-3.12.12-5 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND autofs-5.0.9-27 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information ImageMagick-6.8.8.1-71.85 is installed OR libMagick++-6_Q16-3-6.8.8.1-71.85 is installed OR libMagickCore-6_Q16-1-6.8.8.1-71.85 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-71.85 is installed OR libMagickWand-6_Q16-1-6.8.8.1-71.85 is installed
Definition Synopsis
SUSE Linux Enterprise for SAP 11 SP1 is installed AND Package Information compat-openssl097g-0.9.7g-146.22.1 is installed OR compat-openssl097g-32bit-0.9.7g-146.22.1 is installed
Definition Synopsis
SUSE Linux Enterprise for SAP 12 is installed AND Package Information kgraft-patch-3_12_60-52_49-default-2-2.2 is installed OR kgraft-patch-3_12_60-52_49-xen-2-2.2 is installed OR kgraft-patch-SLE12_Update_14-2-2.2 is installed
Definition Synopsis
SUSE Linux Enterprise for SAP 12 SP1 is installed AND Package Information MozillaFirefox-52.2.0esr-108.3 is installed OR MozillaFirefox-branding-SLE-52-31.1 is installed OR MozillaFirefox-devel-52.2.0esr-108.3 is installed OR MozillaFirefox-translations-52.2.0esr-108.3 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP2 is installed AND ctdb-4.4.2-29 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP3 is installed AND conntrack-tools-1.4.2-5 is installed
Definition Synopsis
SUSE Linux Enterprise High Performance Computing 12 SP5 is installed AND Package Information bind-9.11.2-3.10 is installed OR bind-chrootenv-9.11.2-3.10 is installed OR bind-doc-9.11.2-3.10 is installed OR bind-utils-9.11.2-3.10 is installed OR libbind9-160-9.11.2-3.10 is installed OR libdns169-9.11.2-3.10 is installed OR libirs160-9.11.2-3.10 is installed OR libisc166-9.11.2-3.10 is installed OR libisc166-32bit-9.11.2-3.10 is installed OR libisccc160-9.11.2-3.10 is installed OR libisccfg160-9.11.2-3.10 is installed OR liblwres160-9.11.2-3.10 is installed OR python-bind-9.11.2-3.10 is installed
Definition Synopsis
SUSE Linux Enterprise Live Patching 12 is installed AND Package Information kgraft-patch-4_4_74-92_35-default-4-2 is installed OR kgraft-patch-SLE12-SP2_Update_12-4-2 is installed
Definition Synopsis
SUSE Linux Enterprise Live Patching 12 SP3 is installed AND Package Information kgraft-patch-4_4_82-6_3-default-1-2.1 is installed OR kgraft-patch-SLE12-SP3_Update_1-1-2.1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Containers 12 is installed AND Package Information ruby2.1-rubygem-rack-1_4-1.4.5-8.10 is installed OR rubygem-rack-1_4-1.4.5-8.10 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 12 is installed AND Package Information cups154-1.5.4-2 is installed OR cups154-client-1.5.4-2 is installed OR cups154-filters-1.5.4-2 is installed OR cups154-libs-1.5.4-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Public Cloud 12 is installed AND python-requests-2.3.0-1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 12 is installed AND Package Information apache2-mod_php7-7.0.7-15 is installed OR php7-7.0.7-15 is installed OR php7-bcmath-7.0.7-15 is installed OR php7-bz2-7.0.7-15 is installed OR php7-calendar-7.0.7-15 is installed OR php7-ctype-7.0.7-15 is installed OR php7-curl-7.0.7-15 is installed OR php7-dba-7.0.7-15 is installed OR php7-dom-7.0.7-15 is installed OR php7-enchant-7.0.7-15 is installed OR php7-exif-7.0.7-15 is installed OR php7-fastcgi-7.0.7-15 is installed OR php7-fileinfo-7.0.7-15 is installed OR php7-fpm-7.0.7-15 is installed OR php7-ftp-7.0.7-15 is installed OR php7-gd-7.0.7-15 is installed OR php7-gettext-7.0.7-15 is installed OR php7-gmp-7.0.7-15 is installed OR php7-iconv-7.0.7-15 is installed OR php7-imap-7.0.7-15 is installed OR php7-intl-7.0.7-15 is installed OR php7-json-7.0.7-15 is installed OR php7-ldap-7.0.7-15 is installed OR php7-mbstring-7.0.7-15 is installed OR php7-mcrypt-7.0.7-15 is installed OR php7-mysql-7.0.7-15 is installed OR php7-odbc-7.0.7-15 is installed OR php7-opcache-7.0.7-15 is installed OR php7-openssl-7.0.7-15 is installed OR php7-pcntl-7.0.7-15 is installed OR php7-pdo-7.0.7-15 is installed OR php7-pear-7.0.7-15 is installed OR php7-pear-Archive_Tar-7.0.7-15 is installed OR php7-pgsql-7.0.7-15 is installed OR php7-phar-7.0.7-15 is installed OR php7-posix-7.0.7-15 is installed OR php7-pspell-7.0.7-15 is installed OR php7-shmop-7.0.7-15 is installed OR php7-snmp-7.0.7-15 is installed OR php7-soap-7.0.7-15 is installed OR php7-sockets-7.0.7-15 is installed OR php7-sqlite-7.0.7-15 is installed OR php7-sysvmsg-7.0.7-15 is installed OR php7-sysvsem-7.0.7-15 is installed OR php7-sysvshm-7.0.7-15 is installed OR php7-tokenizer-7.0.7-15 is installed OR php7-wddx-7.0.7-15 is installed OR php7-xmlreader-7.0.7-15 is installed OR php7-xmlrpc-7.0.7-15 is installed OR php7-xmlwriter-7.0.7-15 is installed OR php7-xsl-7.0.7-15 is installed OR php7-zip-7.0.7-15 is installed OR php7-zlib-7.0.7-15 is installed
Definition Synopsis
SUSE Linux Enterprise Real Time Extension 12 SP1 is installed AND Package Information kernel-compute-3.12.61-60.18.1 is installed OR kernel-compute-base-3.12.61-60.18.1 is installed OR kernel-compute-devel-3.12.61-60.18.1 is installed OR kernel-compute_debug-3.12.61-60.18.1 is installed OR kernel-compute_debug-devel-3.12.61-60.18.1 is installed OR kernel-devel-rt-3.12.61-60.18.1 is installed OR kernel-rt-3.12.61-60.18.1 is installed OR kernel-rt-base-3.12.61-60.18.1 is installed OR kernel-rt-devel-3.12.61-60.18.1 is installed OR kernel-rt_debug-3.12.61-60.18.1 is installed OR kernel-rt_debug-devel-3.12.61-60.18.1 is installed OR kernel-source-rt-3.12.61-60.18.1 is installed OR kernel-syms-rt-3.12.61-60.18.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 is installed AND Package Information gstreamer-0_10-plugins-good-0.10.10-4.9.1 is installed OR gstreamer-0_10-plugins-good-doc-0.10.10-4.9.1 is installed OR gstreamer-0_10-plugins-good-lang-0.10.10-4.9.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP2 is installed AND Package Information bzip2-1.0.5-34.253.1 is installed OR bzip2-doc-1.0.5-34.253.1 is installed OR libbz2-1-1.0.5-34.253.1 is installed OR libbz2-1-32bit-1.0.5-34.253.1 is installed OR libbz2-1-x86-1.0.5-34.253.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP3 is installed AND Package Information Mesa-9.0.3-0.17.1 is installed OR Mesa-32bit-9.0.3-0.17.1 is installed OR Mesa-x86-9.0.3-0.17.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP4 is installed AND lxc-0.8.0-0.23.2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 is installed AND Package Information bash-4.2-75 is installed OR bash-doc-4.2-75 is installed OR libreadline6-6.2-75 is installed OR libreadline6-32bit-6.2-75 is installed OR readline-doc-6.2-75 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information augeas-1.2.0-3 is installed OR augeas-lenses-1.2.0-3 is installed OR libaugeas0-1.2.0-3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information jasper-1.900.14-181.1 is installed OR libjasper1-1.900.14-181.1 is installed OR libjasper1-32bit-1.900.14-181.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information krb5-appl-clients-1.0.3-1 is installed OR krb5-appl-servers-1.0.3-1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information alsa-1.0.27.2-15 is installed OR alsa-docs-1.0.27.2-15 is installed OR libasound2-1.0.27.2-15 is installed OR libasound2-32bit-1.0.27.2-15 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Server 12 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed OR SUSE Linux Enterprise Software Development Kit 12 SP5 is installed AND Package Information libapparmor-devel-2.8.2-56.6.3 is installed OR libipa_hbac-devel-1.16.1-7.28.9 is installed OR libsamba-policy-devel-4.15.4+git.324.8332acf1a63-3.54.1 is installed OR libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1 is installed OR libsss_idmap-devel-1.16.1-7.28.9 is installed OR libsss_nss_idmap-devel-1.16.1-7.28.9 is installed OR p11-kit-devel-0.23.2-8.3.2 is installed OR samba-devel-4.15.4+git.324.8332acf1a63-3.54.1 is installed OR samba-devel-32bit-4.15.4+git.324.8332acf1a63-3.54.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12-LTSS is installed AND Package Information kgraft-patch-3_12_60-52_63-default-2-2.1 is installed OR kgraft-patch-3_12_60-52_63-xen-2-2.1 is installed OR kgraft-patch-SLE12_Update_18-2-2.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information kernel-default-4.12.14-150.55 is installed OR kernel-default-base-4.12.14-150.55 is installed OR kernel-default-devel-4.12.14-150.55 is installed OR kernel-default-man-4.12.14-150.55 is installed OR kernel-devel-4.12.14-150.55 is installed OR kernel-docs-4.12.14-150.55 is installed OR kernel-macros-4.12.14-150.55 is installed OR kernel-obs-build-4.12.14-150.55 is installed OR kernel-source-4.12.14-150.55 is installed OR kernel-syms-4.12.14-150.55 is installed OR kernel-vanilla-4.12.14-150.55 is installed OR kernel-vanilla-base-4.12.14-150.55 is installed OR kernel-zfcpdump-4.12.14-150.55 is installed OR reiserfs-kmp-default-4.12.14-150.55 is installed
Definition Synopsis
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-28 is installed OR aaa_base-extras-13.2+git20140911.61c1681-28 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 12 is installed AND Package Information kgraft-patch-3_12_60-52_49-default-3-2 is installed OR kgraft-patch-3_12_60-52_49-xen-3-2 is installed OR kgraft-patch-SLE12_Update_14-3-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 12 SP1 is installed AND Package Information compat-openssl098-0.9.8j-102 is installed OR libopenssl0_9_8-0.9.8j-102 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 11 SP4 is installed AND Package Information OpenEXR-32bit-1.6.1-83.17.1 is installed OR OpenEXR-devel-1.6.1-83.17.1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 is installed AND Package Information flac-1.3.0-6.1 is installed OR flac-devel-1.3.0-6.1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP2 is installed AND Package Information libmysqlclient-devel-10.0.30-25.1 is installed OR libmysqlclient_r18-10.0.30-25.1 is installed OR libmysqld-devel-10.0.30-25.1 is installed OR libmysqld18-10.0.30-25.1 is installed OR mariadb-10.0.30-25.1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP3 is installed AND augeas-devel-1.2.0-15 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP4 is installed AND Package Information ImageMagick-6.8.8.1-71.85 is installed OR ImageMagick-devel-6.8.8.1-71.85 is installed OR libMagick++-6_Q16-3-6.8.8.1-71.85 is installed OR libMagick++-devel-6.8.8.1-71.85 is installed OR perl-PerlMagick-6.8.8.1-71.85 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 is installed AND Package Information flash-player-11.2.202.411-4.1 is installed OR flash-player-gnome-11.2.202.411-4.1 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP1 is installed AND Package Information flash-player-11.2.202.616-126.1 is installed OR flash-player-gnome-11.2.202.616-126.1 is installed

BACK