Security update for ldb, samba (important)

An update that solves 6 vulnerabilities and has 7 fixes is
now available.

Description:

This update for ldb, samba fixes the following issues:

Changes in samba:

• Update to samba 4.11.11

  • CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and
    VLV combined; (bso#14364); (bsc#1173159]
  • CVE-2020-10745: invalid DNS or NBT queries containing dots use several
    seconds of CPU each; (bso#14378); (bsc#1173160).
  • CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server
    with paged_result or VLV; (bso#14402); (bsc#1173161)
  • CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC
    nbt_server; (bso#14417); (bsc#1173359).

• Update to samba 4.11.10

  • Fix segfault when using SMBC_opendir_ctx() routine for share folder
    that contains incorrect symbols in any file name; (bso#14374).
  • vfs_shadow_copy2 doesn’t fail case looking in snapdirseverywhere mode;
    (bso#14350)
  • ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413).
  • Malicous SMB1 server can crash libsmbclient; (bso#14366)
  • winbindd: Fix a use-after-free when winbind clients exit; (bso#14382)
  • ldb: Bump version to 2.0.11, LMDB databases can grow without bounds.
    (bso#14330)

• Update to samba 4.11.9

  • nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242).
  • ‘samba-tool group’ commands do not handle group names with special
    chars correctly; (bso#14296).
  • smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid;
    (bso#14237).
  • Missing check for DMAPI offline status in async DOS attributes;
    (bso#14293).
  • smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs;
    (bso#14307).
  • vfs_recycle: Prevent flooding the log if we’re called on non-existant
    paths; (bso#14316)
  • smbd mistakenly updates a file’s write-time on close; (bso#14320).
  • RPC handles cannot be differentiated in source3 RPC server;
    (bso#14359).
  • librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313).
  • nsswitch: Fix use-after-free causing segfault in _pam_delete_cred;
    (bso#14327).
  • Fix fruit:time machine max size on arm; (bso#13622)
  • CTDB recovery corner cases can cause record resurrection and node
    banning; (bso#14294).
  • ctdb: Fix a memleak; (bso#14348).
  • libsmb: Don’t try to find posix stat info in SMBC_getatr().
  • ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295);
    (bsc#1162680).
  • s3/librpc/crypto: Fix double free with unresolved credential cache;
    (bso#14344); (bsc#1169095)
  • s3:libads: Fix ads_get_upn(); (bso#14336).
  • CTDB recovery corner cases can cause record resurrection and node
    banning; (bso#14294)
  • Starting ctdb node that was powered off hard before results in
    recovery loop; (bso#14295); (bsc#1162680).
  • ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324)

• Update to samba 4.11.8

  • CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ;
    (bso#14331); (bsc#1169850);
  • CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD
    DC; (bso#14334); (bsc#1169851);

• Update to samba 4.11.7

  • s3: lib: nmblib. Clean up and harden nmb packet processing;
    (bso#14239).
  • s3: VFS: full_audit. Use system session_info if called from a
    temporary share definition; (bso#14283)
  • dsdb: Correctly handle memory in objectclass_attrs; (bso#14258).
  • ldb: version 2.0.9, Samba 4.11 and later give incorrect results for
    SCOPE_ONE searches; (bso#14270)
  • auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences;
    (bso#14247).
  • smbd: Handle EINTR from open(2) properly; (bso#14285)
  • winbind member (source3) fails local SAM auth with empty domain name;
    (bso#14247)
  • winbindd: Handling missing idmap in getgrgid(); (bso#14265).
  • lib:util: Log mkdir error on correct debug levels; (bso#14253).
  • wafsamba: Do not use ‘rU’ as the ‘U’ is deprecated in Python 3.9;
    (bso#14266).
  • ctdb-tcp: Make error handling for outbound connection consistent;
    (bso#14274).

• Update to samba 4.11.6

  • pygpo: Use correct method flags; (bso#14209).
  • vfs_ceph_snapshots: Fix root relative path handling; (bso#14216);
    (bsc#1141320).
  • Avoiding bad call flags with python 3.8, using METH_NOARGS instead of
    zero; (bso#14209).
  • source4/utils/oLschema2ldif: Include stdint.h before cmocka.h;
    (bso#14218).
  • docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc;
    (bso#14122).
  • smbd: Fix the build with clang; (bso#14251).
  • upgradedns: Ensure lmdb lock files linked; (bso#14199).
  • s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir;
    (bso#14182).
  • smbc_stat() doesn’t return the correct st_mode and also the uid/gid is
    not filled (SMBv1) file; (bso#14101).
  • librpc: Fix string length checking in ndr_pull_charset_to_null();
    (bso#14219).
  • ctdb-scripts: Strip square brackets when gathering connection info;
    (bso#14227).

• Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307);

• Installing: samba - samba-ad-dc.service does not exist and unit not
  found; (bsc#1171437);

• Fix samba_winbind package is installing python3-base without python3
  package; (bsc#1169521);

Changes in ldb:

• Update to version 2.0.12
  • CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and
    VLV combined; (bso#14364); (bsc#1173159).
  • ldb_ldap: fix off-by-one increment in lldb_add_msg_attr; (bso#14413).
  • lib/ldb: add unit test for ldb_ldap internal code.
• Update to version 2.0.11
  • lib ldb: lmdb init var before calling mdb_reader_check.
  • lib ldb: lmdb clear stale readers on write txn start; (bso#14330).
  • ldb tests: Confirm lmdb free list handling

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.2:

  zypper in -t patch openSUSE-2020-1023=1