SUSE-SU-2021:3647-1 -- SLES samba, and, ldb, libdcerpc-binding0, libdcerpc-devel, libdcerpc-samr-devel, libdcerpc-samr0, libdcerpc0, libldb-devel, libldb2, libndr-devel, libndr-krb5pac-devel, libndr-krb5pac0, libndr-nbt-devel, libndr-nbt0, libndr-standard-devel, libndr-standard0, libndr1, libnetapi-devel, libnetapi0, libsamba-credentials-devel, libsamba-credentials0, libsamba-errors-devel, libsamba-errors0, libsamba-hostconfig-devel, libsamba-hostconfig0, libsamba-passdb-devel, libsamba-passdb0, libsamba-policy-devel, libsamba-policy-python3-devel, libsamba-policy0-python3, libsamba-util-devel, libsamba-util0, libsamdb-devel, libsamdb0, libsmbclient-devel, libsmbclient0, libsmbconf-devel, libsmbconf0, libsmbldap-devel, libsmbldap2, libtevent-util-devel, libtevent-util0, libwbclient-devel, libwbclient0, python3-ldbID: oval:org.secpod.oval:def:89047256 | Date: (C)2022-10-21 (M)2024-01-02 | Class: PATCH | Family: unix |
This update for samba and ldb fixes the following issues: - CVE-2020-25718: Fixed that an RODC can issue administrator tickets to other servers . - CVE-2021-3738: Fixed crash in dsdb stack . - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos . - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members . - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given . - CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked . - CVE-2021-23192: Fixed dcerpc requests to don"t check all fragments against the first auth_state . - CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values . Samba was updated to 4.13.13 * rodc_rwdc test flaps;. * Backport bronze bit fixes, tests, and selftest improvements; . * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] "Bronze bit" S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;. * Python ldb.msg_diff memory handling failure;. * "in" operator on ldb.Message is case sensitive;. * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;. * Allow special chars like "@" in samAccountName when generating the salt;. * Fix transit path validation;. * Prepare to operate with MIT krb5 greater than or equal to = 1.20;. * rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;. * Python ldb.msg_diff memory handling failure;. * Release LDB 2.3.1 for Samba 4.14.9;. Samba was updated to 4.13.12: * Address a signifcant performance regression in database access in the AD DC since Samba 4.12;. * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; . * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;. * Address flapping samba_tool_drs_showrepl test;. * Address flapping dsdb_schema_attributes test;. * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;. * Fix CTDB flag/status update race conditions. Samba was updated to 4.13.11: * smbd: panic on force-close share during offload write; . * Fix returned attributes on fake quota file handle and avoid hitting the VFS;. * smbd: "deadtime" parameter doesn"t work anymore;. * net conf list crashes when run as normal user;. * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;. * Start the SMB encryption as soon as possible;. * Winbind should not start if the socket path for the privileged pipe is too long;. ldb was updated to 2.2.2: + CVE-2020-25718: samba: An RODC can issue administrator tickets to other servers; ; + CVE-2021-3738: samba: crash in dsdb stack; ; Release ldb 2.2.2 + Corrected python behaviour for "in" for LDAP attributes contained as part of ldb.Message;. + Fix memory handling in ldb.msg_diff Corrected python docstrings; + Backport bronze bit fixes, tests, and selftest improvements; . Platform: | SUSE Linux Enterprise Server 15 SP3 | SUSE Linux Enterprise Desktop 15 SP3 |
Product: | samba | ldb | libdcerpc-binding0 | libdcerpc-devel | libdcerpc-samr-devel | libdcerpc-samr0 | libdcerpc0 | libldb-devel | libldb2 | libndr-devel | libndr-krb5pac-devel | libndr-krb5pac0 | libndr-nbt-devel | libndr-nbt0 | libndr-standard-devel | libndr-standard0 | libndr1 | libnetapi-devel | libnetapi0 | libsamba-credentials-devel | libsamba-credentials0 | libsamba-errors-devel | libsamba-errors0 | libsamba-hostconfig-devel | libsamba-hostconfig0 | libsamba-passdb-devel | libsamba-passdb0 | libsamba-policy-devel | libsamba-policy-python3-devel | libsamba-policy0-python3 | libsamba-util-devel | libsamba-util0 | libsamdb-devel | libsamdb0 | libsmbclient-devel | libsmbclient0 | libsmbconf-devel | libsmbconf0 | libsmbldap-devel | libsmbldap2 | libtevent-util-devel | libtevent-util0 | libwbclient-devel | libwbclient0 | python3-ldb |
|