SUSE-SU-2021:0185-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-20210185-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:0185-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:0185-1
Related
Published
2021-01-21T10:36:13Z
Modified
2021-01-21T10:36:13Z
Summary
Security update for samba
Details

This update for samba fixes the following issues:

  • Update to 4.13.3

    • libcli: smb2: Never print length if smb2signingkey_valid() fails for crypto blob; (bso#14210);
    • s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function; (bso#14486);
    • s3: smbd: Don't overwrite contents of fsp->aiorequests[0] with NULL via TALLOCFREE(); (bso#14515);
    • s3: spoolss: Make parameters in call to useroktoken() match all other uses; (bso#14568);
    • s3: smbd: Quiet log messages from usershares for an unknown share; (bso#14590);
    • samba process does not honor max log size; (bso#14248);
    • vfs_zfsacl: Add missing inherited flag on hidden 'magic' everyone@ ACE; (bso#14587);
    • s3-libads: Pass timeout to opensocketout in ms; (bso#13124);
    • s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486);
    • smbclient: Fix recursive mget; (bso#14517);
    • clitar: Use do_list()'s recursion in clitar.c; (bso#14581);
    • manpages/vfs_glusterfs: Mention silent skipping of write-behind translator; (bso#14486);
    • vfsshadowcopy2: Preserve all open flags assuming ROFS; (bso#14573);
    • interface: Fix if_index is not parsed correctly; (bso#14514);
  • Update to 4.13.2

    • s3: modules: vfsglusterfs: Fix leak of char **lines onto memctx on return; (bso#14486);
    • RN: vfszfsacl: Only grant DELETECHILD if ACL tag is special; (bso#14471);
    • smb.conf.5: Add clarification how configuration changes reflected by Samba; (bso#14538);
    • daemons: Report status to systemd even when running in foreground; (bso#14552);
    • DNS Resolver: Support both dnspython before and after 2.0.0; (bso#14553);
    • s3-vfs_glusterfs: Refuse connection when write-behind xlator is present; (bso#14486);
    • provision: Add support for BIND 9.16.x; (bso#14487);
    • ctdb-common: Avoid aliasing errors during code optimization; (bso#14537);
    • libndr: Avoid assigning duplicate versions to symbols; (bso#14541);
    • docs: Fix default value of spoolss:architecture; (bso#14522);
    • winbind: Fix a memleak; (bso#14388);
    • s4:dsdb:acl_read: Implement 'List Object' mode feature; (bso#14531);
    • docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs; (bso#14486);
    • nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
    • vfsshadowcopy2: Avoid closing snapsdir twice; (bso#14530);
    • thirdparty: Update resolvwrapper to version 1.1.7; (bso#14547);
    • examples:auth: Do not install example plugin; (bso#14550);
    • ctdb-recoverd: Drop unnecessary and broken code; (bso#14513);
    • RN: vfszfsacl: Only grant DELETECHILD if ACL tag is special; (bso#14471);
  • Adjust smbcacls '--propagate-inheritance' feature to align with upstream; (bsc#1178469).

  • Update to samba 4.13.1

    • CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records; (bsc#1177613); (bso#14472);
    • CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994); (bso#14436);
    • CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify; (bsc#1173902); (bso#14434);
  • Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba; (bsc#1177355);
References

Affected packages

SUSE:Enterprise Storage 7 / samba

Package

Name
samba
Purl
purl:rpm/suse/samba&distro=SUSE%20Enterprise%20Storage%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.13.3+git.181.fc4672a5b81-3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "libsamba-credentials0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "samba-ceph": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "samba-libs": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libdcerpc0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libsamdb0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libndr-nbt0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libdcerpc-binding0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "ctdb": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libndr1": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libsamba-util0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libwbclient0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libsamba-hostconfig0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libsmbldap2": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libsamba-errors0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "samba-client": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libsmbconf0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libnetapi0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libndr-krb5pac0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libndr-standard0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libtevent-util0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "samba-libs-python3": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "samba-winbind": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "samba": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libsamba-passdb0": "4.13.3+git.181.fc4672a5b81-3.3.1",
            "libsmbclient0": "4.13.3+git.181.fc4672a5b81-3.3.1"
        }
    ]
}