Revision Date: | 2022-07-06 | Version: | 1 |
Title: | (Moderate) |
Description: |
This update for ldb, samba fixes the following issues:
ldb was updated to version 2.4.2 to fix:
+ Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured.
samba was updated to fix:
- Revert NIS support removal; (bsc#1199247);
- Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362);
- Add missing samba-client requirement to samba-winbind package; (bsc#1198255);
Update to 4.15.7
Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * vfs_shadow_copy2 breaks 'smbd async dosmode' sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; (bso#14983); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Crash of winbind on RODC; (bso#14641); * uncached logon on RODC always fails once; (bso#14865); * KVNO off by 100000; (bso#14951); * LDAP simple binds should honour 'old password allowed period'; (bso#15001); * wbinfo -a doesn't work reliable with upn names; (bso#15003); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016);
- Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995);
- Add missing samba-libs requirement to samba-winbind package; (bsc#1198255);
Update to 4.15.6
Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967);
Other SUSE fixes:
- Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files. - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338). - Fix ntlm authentications with 'winbind use default domain = yes'; (bso#13126); (bsc#1173429); (bsc#1196308). - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947). - libldb version mismatch in Samba dsdb component; (bsc#1118508);
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | 1080338 1118508 1173429 1195896 1196224 1196308 1196788 1197995 1198255 1199247 1199362 CVE-2016-7969 CVE-2016-7970 CVE-2016-7972 CVE-2021-3670
|
Platform(s): | Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1
| Product(s): | |
Definition Synopsis |
SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed AND Package Information
libass-devel-0.14.0-1.25 is installed
OR libass9-0.14.0-1.25 is installed
|
Definition Synopsis |
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure is installed
AND Package Information
libldb2-2.4.2-150400.4.3.11 is installed
OR samba-client-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 is installed
|