Oval Definition:oval:org.opensuse.security:def:94042
Revision Date:2022-07-06Version:1
Title: (Moderate)
Description:

This update for ldb, samba fixes the following issues:

ldb was updated to version 2.4.2 to fix:

+ Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured.

samba was updated to fix:

- Revert NIS support removal; (bsc#1199247);

- Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362);

- Add missing samba-client requirement to samba-winbind package; (bsc#1198255);

Update to 4.15.7

Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * vfs_shadow_copy2 breaks 'smbd async dosmode' sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; (bso#14983); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Crash of winbind on RODC; (bso#14641); * uncached logon on RODC always fails once; (bso#14865); * KVNO off by 100000; (bso#14951); * LDAP simple binds should honour 'old password allowed period'; (bso#15001); * wbinfo -a doesn't work reliable with upn names; (bso#15003); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016);

- Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995);

- Add missing samba-libs requirement to samba-winbind package; (bsc#1198255);

Update to 4.15.6

Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967);

Other SUSE fixes:

- Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files. - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338). - Fix ntlm authentications with 'winbind use default domain = yes'; (bso#13126); (bsc#1173429); (bsc#1196308). - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947). - libldb version mismatch in Samba dsdb component; (bsc#1118508);
Family:unixClass:patch
Status:Reference(s):1080338
1118508
1173429
1195896
1196224
1196308
1196788
1197995
1198255
1199247
1199362
CVE-2016-7969
CVE-2016-7970
CVE-2016-7972
CVE-2021-3670
Platform(s):Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed
  • AND Package Information
  • libass-devel-0.14.0-1.25 is installed
  • OR libass9-0.14.0-1.25 is installed
  • Definition Synopsis
  • Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure is installed
  • AND Package Information
  • libldb2-2.4.2-150400.4.3.11 is installed
  • OR samba-client-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3 is installed
  • BACK