Lucene search

K
suseSuseOPENSUSE-SU-2021:3647-1
HistoryNov 10, 2021 - 12:00 a.m.

Security update for samba and ldb (important)

2021-11-1000:00:00
lists.opensuse.org
33

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

An update that fixes 8 vulnerabilities is now available.

Description:

This update for samba and ldb fixes the following issues:

  • CVE-2020-25718: Fixed that an RODC can issue (forge) administrator
    tickets to other servers (bsc#1192246).
  • CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215).
  • CVE-2016-2124: Fixed not to fallback to non spnego authentication if we
    require kerberos (bsc#1014440).
  • CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a
    user could become root on domain members (bsc#1192284).
  • CVE-2020-25719: Fixed AD DC Username based races when no PAC is given
    (bsc#1192247).
  • CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level
    bug for AD DC validation issues) (bsc#1192283).
  • CVE-2021-23192: Fixed dcerpc requests to don’t check all fragments
    against the first auth_state (bsc#1192214).
  • CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values
    (bsc#1192505).

Samba was updated to 4.13.13

  • rodc_rwdc test flaps;(bso#14868).
  • Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).
  • Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] ‘Bronze bit’
    S4U2Proxy Constrained Delegation bypass in Samba with embedded
    Heimdal;(bso#14642).
  • Python ldb.msg_diff() memory handling failure;(bso#14836).
  • “in” operator on ldb.Message is case sensitive;(bso#14845).
  • Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871).
  • Allow special chars like “@” in samAccountName when generating the
    salt;(bso#14874).
  • Fix transit path validation;(bso#12998).
  • Prepare to operate with MIT krb5 >= 1.20;(bso#14870).
  • rpcclient NetFileEnum and net rpc file both cause lock order violation:
    brlock.tdb, share_entries.tdb;(bso#14645).
  • Python ldb.msg_diff() memory handling failure;(bso#14836).
  • Release LDB 2.3.1 for Samba 4.14.9;(bso#14848).

Samba was updated to 4.13.12:

  • Address a signifcant performance regression in database access in the AD
    DC since Samba 4.12;(bso#14806).
  • Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba
    4.9 by using an explicit database handle cache; (bso#14807).
  • An unuthenticated user can crash the AD DC KDC by omitting the server
    name in a TGS-REQ;(bso#14817).
  • Address flapping samba_tool_drs_showrepl test;(bso#14818).
  • Address flapping dsdb_schema_attributes test;(bso#14819).
  • An unuthenticated user can crash the AD DC KDC by omitting the server
    name in a TGS-REQ;(bso#14817).
  • Fix CTDB flag/status update race conditions(bso#14784).

Samba was updated to 4.13.11:

  • smbd: panic on force-close share during offload write; (bso#14769).
  • Fix returned attributes on fake quota file handle and avoid hitting the
    VFS;(bso#14731).
  • smbd: “deadtime” parameter doesn’t work anymore;(bso#14783).
  • net conf list crashes when run as normal user;(bso#14787).
  • Work around special SMB2 READ response behavior of NetApp Ontap
    7.3.7;(bso#14607).
  • Start the SMB encryption as soon as possible;(bso#14793).
  • Winbind should not start if the socket path for the privileged pipe is
    too long;(bso#14792).

ldb was updated to 2.2.2:

  • CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets
    to other servers; (bsc#1192246); (bso#14558)
  • CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848)

Release ldb 2.2.2

  • Corrected python behaviour for ‘in’ for LDAP attributes contained as
    part of ldb.Message;(bso#14845).
  • Fix memory handling in ldb.msg_diff Corrected python
    docstrings;(bso#14836)
  • Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2021-3647=1

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C