SUSE-SU-2022:0361-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20220361-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:0361-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:0361-1
Related
Published
2022-02-10T14:12:34Z
Modified
2022-02-10T14:12:34Z
Summary
Security update for ldb, samba
Details

This update for ldb, samba fixes the following issues:

Changes in ldb:

  • CVE-2020-25718: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246)
  • CVE-2021-3738: Fixed a crash in dsdb stack (bsc#1192215)

Release ldb 2.2.2

  • Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message
  • Fix memory handling in ldb.msg_diff
  • Backport bronze bit fixes, tests, and selftest improvements.

Changes in samba:

  • CVE-2021-44142: Fixed an Out-of-Bound Read/Write on Samba vfs_fruit module; (bsc#1194859)

  • The username map [script] advice from CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails; (bsc#1192849); (bso#14901).

  • Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when 'allow trusted domains' is off; (bso#14899);

  • CVE-2020-25717: Fixed that a user on the domain can become root on domain members; (bsc#1192284); (bso#14556).

  • CVE-2020-25721: auth: Fill in the new HASSAMNAMEANDSID values; (bsc#1192505); (bso#14564).
  • CVE-2020-25718: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246);(bso#14558).
  • CVE-2020-25719: Fixed AD DC Username based races when no PAC is given;(bsc#1192247);(bso#14561).
  • CVE-2020-25722: Fixed that AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues);(bsc#1192283); (bso#14564).
  • CVE-2021-3738: Fixed a crash in dsdb stack;(bsc#1192215); (bso#14468).
  • CVE-2021-23192: Fixed that dcerpc requests don't check all fragments against the first auth_state;(bsc#1192214);(bso#14875).

  • CVE-2016-2124: don't fallback to non spnego authentication if we require kerberos; (bsc#1014440); (bso#12444).

Update to 4.13.13

  • rodc_rwdc test flaps;(bso#14868).
  • Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).
  • Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642).
  • Python ldb.msg_diff() memory handling failure;(bso#14836).
  • 'in' operator on ldb.Message is case sensitive;(bso#14845).
  • Fix Samba support for UFNOAUTHDATAREQUIRED;(bso#14871).
  • Allow special chars like '@' in samAccountName when generating the salt;(bso#14874).
  • Fix transit path validation;(bso#12998).
  • Prepare to operate with MIT krb5 >= 1.20;(bso#14870).
  • rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645).
  • Python ldb.msg_diff() memory handling failure;(bso#14836).
  • Release LDB 2.3.1 for Samba 4.14.9;(bso#14848).

    • Update to 4.13.12
  • Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806).

  • Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807).
  • An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817).
  • Address flapping sambatooldrs_showrepl test;(bso#14818).
  • Address flapping dsdbschemaattributes test;(bso#14819).
  • An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817).
  • Fix CTDB flag/status update race conditions(bso#14784).

    • Update to 4.13.11
  • smbd: panic on force-close share during offload write; (bso#14769).

  • Fix returned attributes on fake quota file handle and avoid hitting the VFS;(bso#14731).
  • smbd: 'deadtime' parameter doesn't work anymore;(bso#14783).
  • net conf list crashes when run as normal user;(bso#14787).
  • Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607).
  • Start the SMB encryption as soon as possible;(bso#14793).
  • Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792).

    • Fix 'net rpc' authentication when using the machine account; (bsc#1189017); (bso#14796);

    • Fix dependency problem upgrading from libndr0 to libndr1; (bsc#1189875);

    • Fix dependency problem upgrading from libsmbldap0 to libsmbldap2; (bsc#1189875);
    • Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay; (bsc#1188727);
    • Add Certificate Auto Enrollment Policy; (jsc#SLE-18456).

    • Update to 4.13.10

    • s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles; (bso#14708);

    • Take a copy to make sure we don't reference free'd memory; (bso#14721);
    • s3: lib: Fix talloc heirarcy error in parentsmbfname(); (bso#14722);
    • s3: smbd: Remove erroneous TALLOCFREE(smbfnameparent) in changefileownerto_parent() error path; (bso#14736);
    • samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID; (bso#14575);
    • smbd: Correctly initialize close timestamp fields; (bso#14714);
    • Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740);
    • ctdb: Fix a crash in runprocsignal_handler(); (bso#14475);
    • gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750);
    • smbXsrv{open,session,tcon}: Protect smbXsrv{open,session,tcon}globaltraverse_fn against invalid records; (bso#14752);
    • samba-tool domain backup offline doesn't work against bind DLZ backend; (bso#14027);
    • netcmd: Use nextfreerid() function to calculate a SID for restoring a backup; (bso#14669);

    • Update to 4.13.9

    • s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696);

    • Add documentation for dsdbgroupaudit and dsdbgroupjson_audit to 'log level', synchronise 'log level' in smb.conf with the code; (bso#14689);
    • Fix smbd panic when two clients open same file; (bso#14672);
    • Fix memory leak in the RPC server; (bso#14675);
    • s3: smbd: Fix deferred renames; (bso#14679);
    • s3-iremotewinspool: Set the per-request memory context; (bso#14675);
    • rpc_server3: Fix a memleak for internal pipes; (bso#14675);
    • thirdparty: Update socketwrapper to version 1.3.2; (bso#11899);
    • thirdparty: Update socketwrapper to version 1.3.3; (bso#14639);
    • idmaprfc2307 and idmapnss return wrong mapping for uid/gid conflict; (bso#14663);
    • Fix the build on OmniOS; (bso#14288);

    • Update to 4.13.8

    • CVE-2021-20254: Fix buffer overrun in sidstounixids(); (bso#14571

    • Update to 4.13.7

    • Release with dependency on ldb version 2.2.1.

References

Affected packages

SUSE:Enterprise Storage 7 / ldb

Package

Name
ldb
Purl
purl:rpm/suse/ldb&distro=SUSE%20Enterprise%20Storage%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.2-4.6.1

Ecosystem specific

{
    "binaries": [
        {
            "libsamba-credentials0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libwbclient0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "samba-libs": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libdcerpc0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libsamdb0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libndr-nbt0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libdcerpc-binding0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "ctdb": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libndr1": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libldb2": "2.2.2-4.6.1",
            "libsamba-util0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "python3-ldb": "2.2.2-4.6.1",
            "libsamba-hostconfig0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "samba-winbind": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libsmbldap2": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libsamba-errors0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "samba-client": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libsmbconf0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libnetapi0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libndr-krb5pac0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libndr-standard0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libtevent-util0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "samba-libs-python3": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "samba-ceph": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "samba": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libsamba-passdb0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libsmbclient0": "4.13.13+git.545.5897c2d94f3-3.12.1"
        }
    ]
}

SUSE:Enterprise Storage 7 / samba

Package

Name
samba
Purl
purl:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.13.13+git.545.5897c2d94f3-3.12.1

Ecosystem specific

{
    "binaries": [
        {
            "libsamba-credentials0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libwbclient0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "samba-libs": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libdcerpc0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libsamdb0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libndr-nbt0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libdcerpc-binding0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "ctdb": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libndr1": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libldb2": "2.2.2-4.6.1",
            "libsamba-util0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "python3-ldb": "2.2.2-4.6.1",
            "libsamba-hostconfig0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "samba-winbind": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libsmbldap2": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libsamba-errors0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "samba-client": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libsmbconf0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libnetapi0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libndr-krb5pac0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libndr-standard0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libtevent-util0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "samba-libs-python3": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "samba-ceph": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "samba": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libsamba-passdb0": "4.13.13+git.545.5897c2d94f3-3.12.1",
            "libsmbclient0": "4.13.13+git.545.5897c2d94f3-3.12.1"
        }
    ]
}