SUSE-SU-2021:3647-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:3647-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2021:3647-1
- Related
- Published
- 2021-11-10T16:34:26Z
- Modified
- 2021-11-10T16:34:26Z
- Summary
- Security update for samba and ldb
- Details
-
This update for samba and ldb fixes the following issues:
- CVE-2020-25718: Fixed that an RODC can issue (forge) administrator tickets to other servers (bsc#1192246).
- CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215).
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284).
- CVE-2020-25719: Fixed AD DC Username based races when no PAC is given (bsc#1192247).
- CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues) (bsc#1192283).
- CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214).
- CVE-2020-25721: Fixed fill in the new HASSAMNAMEANDSID values (bsc#1192505).
Samba was updated to 4.13.13
- rodc_rwdc test flaps;(bso#14868).
- Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).
- Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642).
- Python ldb.msg_diff() memory handling failure;(bso#14836).
- 'in' operator on ldb.Message is case sensitive;(bso#14845).
- Fix Samba support for UFNOAUTHDATAREQUIRED;(bso#14871).
- Allow special chars like '@' in samAccountName when generating the salt;(bso#14874).
- Fix transit path validation;(bso#12998).
- Prepare to operate with MIT krb5 >= 1.20;(bso#14870).
- rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645).
- Python ldb.msg_diff() memory handling failure;(bso#14836).
- Release LDB 2.3.1 for Samba 4.14.9;(bso#14848).
Samba was updated to 4.13.12:
- Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806).
- Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807).
- An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817).
- Address flapping sambatooldrs_showrepl test;(bso#14818).
- Address flapping dsdbschemaattributes test;(bso#14819).
- An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817).
- Fix CTDB flag/status update race conditions(bso#14784).
Samba was updated to 4.13.11:
- smbd: panic on force-close share during offload write; (bso#14769).
- Fix returned attributes on fake quota file handle and avoid hitting the VFS;(bso#14731).
- smbd: 'deadtime' parameter doesn't work anymore;(bso#14783).
- net conf list crashes when run as normal user;(bso#14787).
- Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607).
- Start the SMB encryption as soon as possible;(bso#14793).
- Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792).
ldb was updated to 2.2.2:
- CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246); (bso#14558)
- CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848)
Release ldb 2.2.2
- Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message;(bso#14845).
- Fix memory handling in ldb.msg_diff Corrected python docstrings;(bso#14836)
- Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).
- References
-
- https://www.suse.com/support/update/announcement/2021/suse-su-20213647-1/
- https://bugzilla.suse.com/1014440
- https://bugzilla.suse.com/1192214
- https://bugzilla.suse.com/1192215
- https://bugzilla.suse.com/1192246
- https://bugzilla.suse.com/1192247
- https://bugzilla.suse.com/1192283
- https://bugzilla.suse.com/1192284
- https://bugzilla.suse.com/1192505
- https://www.suse.com/security/cve/CVE-2016-2124
- https://www.suse.com/security/cve/CVE-2020-25717
- https://www.suse.com/security/cve/CVE-2020-25718
- https://www.suse.com/security/cve/CVE-2020-25719
- https://www.suse.com/security/cve/CVE-2020-25721
- https://www.suse.com/security/cve/CVE-2020-25722
- https://www.suse.com/security/cve/CVE-2021-23192
- https://www.suse.com/security/cve/CVE-2021-3738
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP3 / ldb
Package
- Name
- ldb
- Purl
- purl:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.2-3.3.1
Ecosystem specific
{
"binaries": [
{
"samba-libs": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-ldb-ldap": "4.13.13+git.528.140935f8d6a-3.12.1",
"libdcerpc-binding0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-credentials0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr1": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-util0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libwbclient-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libtevent-util0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libdcerpc0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-gpupdate": "4.13.13+git.528.140935f8d6a-3.12.1",
"libnetapi-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-errors0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbconf-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-nbt0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libtevent-util0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-hostconfig-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamdb0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-passdb0": "4.13.13+git.528.140935f8d6a-3.12.1",
"python3-ldb-devel": "2.2.2-3.3.1",
"libndr-nbt-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-libs-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libwbclient0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libdcerpc-samr0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamdb-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-winbind-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-errors0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-dsdb-modules": "4.13.13+git.528.140935f8d6a-3.12.1",
"libdcerpc0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libnetapi0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libwbclient0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-hostconfig0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-policy0-python3": "4.13.13+git.528.140935f8d6a-3.12.1",
"libdcerpc-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-errors-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-krb5pac0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-standard0": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-libs-python3": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-krb5pac-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-python3": "4.13.13+git.528.140935f8d6a-3.12.1",
"libdcerpc-samr-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-nbt0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbclient0": "4.13.13+git.528.140935f8d6a-3.12.1",
"ldb-tools": "2.2.2-3.3.1",
"libsamba-credentials0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbconf0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-krb5pac0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-util0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libldb2": "2.2.2-3.3.1",
"libsamba-policy-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-hostconfig0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-credentials-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-passdb0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr1-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbldap2": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-client": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-core-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamdb0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-passdb-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-winbind": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba": "4.13.13+git.528.140935f8d6a-3.12.1",
"libldb2-32bit": "2.2.2-3.3.1",
"libtevent-util-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"python3-ldb": "2.2.2-3.3.1",
"libsamba-util-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-policy-python3-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libldb-devel": "2.2.2-3.3.1",
"libdcerpc-binding0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-standard-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbclient-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libnetapi0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbconf0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbldap2-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-standard0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbldap-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-ceph": "4.13.13+git.528.140935f8d6a-3.12.1"
}
]
}
SUSE:Linux Enterprise Module for Basesystem 15 SP3 / samba
Package
- Name
- samba
- Purl
- purl:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.13.13+git.528.140935f8d6a-3.12.1
Ecosystem specific
{
"binaries": [
{
"samba-libs": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-ldb-ldap": "4.13.13+git.528.140935f8d6a-3.12.1",
"libdcerpc-binding0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-credentials0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr1": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-util0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libwbclient-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libtevent-util0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libdcerpc0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-gpupdate": "4.13.13+git.528.140935f8d6a-3.12.1",
"libnetapi-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-errors0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbconf-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-nbt0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libtevent-util0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-hostconfig-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamdb0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-passdb0": "4.13.13+git.528.140935f8d6a-3.12.1",
"python3-ldb-devel": "2.2.2-3.3.1",
"libndr-nbt-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-libs-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libwbclient0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libdcerpc-samr0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamdb-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-winbind-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-errors0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-dsdb-modules": "4.13.13+git.528.140935f8d6a-3.12.1",
"libdcerpc0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libnetapi0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libwbclient0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-hostconfig0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-policy0-python3": "4.13.13+git.528.140935f8d6a-3.12.1",
"libdcerpc-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-errors-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-krb5pac0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-standard0": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-libs-python3": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-krb5pac-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-python3": "4.13.13+git.528.140935f8d6a-3.12.1",
"libdcerpc-samr-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-nbt0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbclient0": "4.13.13+git.528.140935f8d6a-3.12.1",
"ldb-tools": "2.2.2-3.3.1",
"libsamba-credentials0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbconf0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-krb5pac0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-util0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libldb2": "2.2.2-3.3.1",
"libsamba-policy-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-hostconfig0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-credentials-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-passdb0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr1-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbldap2": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-client": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-core-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamdb0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-passdb-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-winbind": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba": "4.13.13+git.528.140935f8d6a-3.12.1",
"libldb2-32bit": "2.2.2-3.3.1",
"libtevent-util-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"python3-ldb": "2.2.2-3.3.1",
"libsamba-util-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsamba-policy-python3-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libldb-devel": "2.2.2-3.3.1",
"libdcerpc-binding0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-standard-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbclient-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"libnetapi0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbconf0": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbldap2-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libndr-standard0-32bit": "4.13.13+git.528.140935f8d6a-3.12.1",
"libsmbldap-devel": "4.13.13+git.528.140935f8d6a-3.12.1",
"samba-ceph": "4.13.13+git.528.140935f8d6a-3.12.1"
}
]
}
SUSE:Linux Enterprise Module for Python 2 15 SP3 / samba
Package
- Name
- samba
- Purl
- purl:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3
SUSE:Linux Enterprise High Availability Extension 15 SP3 / samba
Package
- Name
- samba
- Purl
- purl:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3