SUSE 5148 Published by

A ldb, samba security update has been released for openSUSE Leap 15.2. to address 6 vulnerabilities.



security-announce: openSUSE-SU-2020:1023-1: important: Security update for ldb, samba


openSUSE Security Update: Security update for ldb, samba
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1023-1
Rating: important
References: #1141320 #1162680 #1169095 #1169521 #1169850
#1169851 #1171437 #1172307 #1173159 #1173160
#1173161 #1173359 #1174120
Cross-References: CVE-2020-10700 CVE-2020-10704 CVE-2020-10730
CVE-2020-10745 CVE-2020-10760 CVE-2020-14303

Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________

An update that solves 6 vulnerabilities and has 7 fixes is
now available.

Description:

This update for ldb, samba fixes the following issues:

Changes in samba:
- Update to samba 4.11.11
+ CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and
VLV combined; (bso#14364); (bsc#1173159]
+ CVE-2020-10745: invalid DNS or NBT queries containing dots use several
seconds of CPU each; (bso#14378); (bsc#1173160).
+ CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server
with paged_result or VLV; (bso#14402); (bsc#1173161)
+ CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC
nbt_server; (bso#14417); (bsc#1173359).
- Update to samba 4.11.10
+ Fix segfault when using SMBC_opendir_ctx() routine for share folder
that contains incorrect symbols in any file name; (bso#14374).
+ vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode;
(bso#14350)
+ ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413).
+ Malicous SMB1 server can crash libsmbclient; (bso#14366)
+ winbindd: Fix a use-after-free when winbind clients exit; (bso#14382)
+ ldb: Bump version to 2.0.11, LMDB databases can grow without bounds.
(bso#14330)
- Update to samba 4.11.9
+ nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242).
+ 'samba-tool group' commands do not handle group names with special
chars correctly; (bso#14296).
+ smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid;
(bso#14237).
+ Missing check for DMAPI offline status in async DOS attributes;
(bso#14293).
+ smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs;
(bso#14307).
+ vfs_recycle: Prevent flooding the log if we're called on non-existant
paths; (bso#14316)
+ smbd mistakenly updates a file's write-time on close; (bso#14320).
+ RPC handles cannot be differentiated in source3 RPC server;
(bso#14359).
+ librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313).
+ nsswitch: Fix use-after-free causing segfault in _pam_delete_cred;
(bso#14327).
+ Fix fruit:time machine max size on arm; (bso#13622)
+ CTDB recovery corner cases can cause record resurrection and node
banning; (bso#14294).
+ ctdb: Fix a memleak; (bso#14348).
+ libsmb: Don't try to find posix stat info in SMBC_getatr().
+ ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295);
(bsc#1162680).
+ s3/librpc/crypto: Fix double free with unresolved credential cache;
(bso#14344); (bsc#1169095)
+ s3:libads: Fix ads_get_upn(); (bso#14336).
+ CTDB recovery corner cases can cause record resurrection and node
banning; (bso#14294)
+ Starting ctdb node that was powered off hard before results in
recovery loop; (bso#14295); (bsc#1162680).
+ ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324)
- Update to samba 4.11.8
+ CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ;
(bso#14331); (bsc#1169850);
+ CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD
DC; (bso#14334); (bsc#1169851);
- Update to samba 4.11.7
+ s3: lib: nmblib. Clean up and harden nmb packet processing;
(bso#14239).
+ s3: VFS: full_audit. Use system session_info if called from a
temporary share definition; (bso#14283)
+ dsdb: Correctly handle memory in objectclass_attrs; (bso#14258).
+ ldb: version 2.0.9, Samba 4.11 and later give incorrect results for
SCOPE_ONE searches; (bso#14270)
+ auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences;
(bso#14247).
+ smbd: Handle EINTR from open(2) properly; (bso#14285)
+ winbind member (source3) fails local SAM auth with empty domain name;
(bso#14247)
+ winbindd: Handling missing idmap in getgrgid(); (bso#14265).
+ lib:util: Log mkdir error on correct debug levels; (bso#14253).
+ wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9;
(bso#14266).
+ ctdb-tcp: Make error handling for outbound connection consistent;
(bso#14274).
- Update to samba 4.11.6
+ pygpo: Use correct method flags; (bso#14209).
+ vfs_ceph_snapshots: Fix root relative path handling; (bso#14216);
(bsc#1141320).
+ Avoiding bad call flags with python 3.8, using METH_NOARGS instead of
zero; (bso#14209).
+ source4/utils/oLschema2ldif: Include stdint.h before cmocka.h;
(bso#14218).
+ docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc;
(bso#14122).
+ smbd: Fix the build with clang; (bso#14251).
+ upgradedns: Ensure lmdb lock files linked; (bso#14199).
+ s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir;
(bso#14182).
+ smbc_stat() doesn't return the correct st_mode and also the uid/gid is
not filled (SMBv1) file; (bso#14101).
+ librpc: Fix string length checking in ndr_pull_charset_to_null();
(bso#14219).
+ ctdb-scripts: Strip square brackets when gathering connection info;
(bso#14227).

- Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307);

- Installing: samba - samba-ad-dc.service does not exist and unit not
found; (bsc#1171437);

- Fix samba_winbind package is installing python3-base without python3
package; (bsc#1169521);

Changes in ldb:
- Update to version 2.0.12
+ CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and
VLV combined; (bso#14364); (bsc#1173159).
+ ldb_ldap: fix off-by-one increment in lldb_add_msg_attr; (bso#14413).
+ lib/ldb: add unit test for ldb_ldap internal code.
- Update to version 2.0.11
+ lib ldb: lmdb init var before calling mdb_reader_check.
+ lib ldb: lmdb clear stale readers on write txn start; (bso#14330).
+ ldb tests: Confirm lmdb free list handling

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1023=1


Package List:

- openSUSE Leap 15.2 (i586 x86_64):

ctdb-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
ctdb-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
ctdb-pcp-pmda-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
ctdb-pcp-pmda-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
ctdb-tests-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
ctdb-tests-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
ldb-debugsource-2.0.12-lp152.2.3.1
ldb-tools-2.0.12-lp152.2.3.1
ldb-tools-debuginfo-2.0.12-lp152.2.3.1
libdcerpc-binding0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc-binding0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc-samr-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc-samr0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc-samr0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libldb-devel-2.0.12-lp152.2.3.1
libldb2-2.0.12-lp152.2.3.1
libldb2-debuginfo-2.0.12-lp152.2.3.1
libndr-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr-krb5pac-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr-krb5pac0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr-krb5pac0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr-nbt-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr-nbt0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr-nbt0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr-standard-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr-standard0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr-standard0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libnetapi-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libnetapi0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libnetapi0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-credentials-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-credentials0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-credentials0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-errors-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-errors0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-errors0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-hostconfig-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-hostconfig0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-hostconfig0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-passdb-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-passdb0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-passdb0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-policy-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-policy-python3-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-policy0-python3-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-policy0-python3-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-util-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-util0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-util0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamdb-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamdb0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamdb0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbclient-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbclient0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbclient0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbconf-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbconf0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbconf0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbldap-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbldap2-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbldap2-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libtevent-util-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libtevent-util0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libtevent-util0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libwbclient-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libwbclient0-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libwbclient0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
python3-ldb-2.0.12-lp152.2.3.1
python3-ldb-debuginfo-2.0.12-lp152.2.3.1
python3-ldb-devel-2.0.12-lp152.2.3.1
samba-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-ad-dc-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-ad-dc-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-client-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-client-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-core-devel-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-debugsource-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-dsdb-modules-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-dsdb-modules-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-libs-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-libs-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-libs-python3-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-libs-python3-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-python3-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-python3-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-test-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-test-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-winbind-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-winbind-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1

- openSUSE Leap 15.2 (x86_64):

libdcerpc-binding0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc-binding0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc-samr0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc-samr0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libdcerpc0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libldb2-32bit-2.0.12-lp152.2.3.1
libldb2-32bit-debuginfo-2.0.12-lp152.2.3.1
libndr-krb5pac0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr-krb5pac0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr-nbt0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr-nbt0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr-standard0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr-standard0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libndr0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libnetapi-devel-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libnetapi0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libnetapi0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-credentials0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-credentials0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-errors0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-errors0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-hostconfig0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-hostconfig0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-passdb0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-passdb0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-policy0-python3-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-policy0-python3-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-util0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamba-util0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamdb0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsamdb0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbclient0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbclient0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbconf0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbconf0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbldap2-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libsmbldap2-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libtevent-util0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libtevent-util0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libwbclient0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
libwbclient0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
python3-ldb-32bit-2.0.12-lp152.2.3.1
python3-ldb-32bit-debuginfo-2.0.12-lp152.2.3.1
samba-ad-dc-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-ad-dc-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-ceph-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-ceph-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-client-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-client-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-libs-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-libs-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-libs-python3-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-libs-python3-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-winbind-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.3.1
samba-winbind-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.3.1

- openSUSE Leap 15.2 (noarch):

samba-doc-4.11.11+git.180.2cf3b203f07-lp152.3.3.1

References:

  https://www.suse.com/security/cve/CVE-2020-10700.html
  https://www.suse.com/security/cve/CVE-2020-10704.html
  https://www.suse.com/security/cve/CVE-2020-10730.html
  https://www.suse.com/security/cve/CVE-2020-10745.html
  https://www.suse.com/security/cve/CVE-2020-10760.html
  https://www.suse.com/security/cve/CVE-2020-14303.html
  https://bugzilla.suse.com/1141320
  https://bugzilla.suse.com/1162680
  https://bugzilla.suse.com/1169095
  https://bugzilla.suse.com/1169521
  https://bugzilla.suse.com/1169850
  https://bugzilla.suse.com/1169851
  https://bugzilla.suse.com/1171437
  https://bugzilla.suse.com/1172307
  https://bugzilla.suse.com/1173159
  https://bugzilla.suse.com/1173160
  https://bugzilla.suse.com/1173161
  https://bugzilla.suse.com/1173359
  https://bugzilla.suse.com/1174120