SUSE-SU-2022:2307-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2307-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:2307-1
- Related
- Published
- 2022-07-06T12:04:27Z
- Modified
- 2022-07-06T12:04:27Z
- Summary
- Security update for ldb, samba
- Details
-
This update for ldb, samba fixes the following issues:
ldb was updated to version 2.4.2 to fix:
- Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured.
samba was updated to fix:
Revert NIS support removal; (bsc#1199247);
Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362);
Add missing samba-client requirement to samba-winbind package; (bsc#1198255);
Update to 4.15.7
- Share and server swapped in smbget password prompt; (bso#14831);
- Durable handles won't reconnect if the leased file is written to; (bso#15022);
- rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023);
- SMB2CLOSEFLAGSFULLINFORMATION fails to return information on renamed file handle; (bso#15038);
- vfsshadowcopy2 breaks 'smbd async dosmode' sync fallback; (bso#14957);
- shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035);
- PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046);
- username map - samba erroneously applies unix group memberships to user account entries; (bso#15041);
- NTSTATUSACCESSDENIED translates into EPERM instead of EACCES in SMBCserver_internal; (bso#14983);
- Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879);
- Crash of winbind on RODC; (bso#14641);
- uncached logon on RODC always fails once; (bso#14865);
- KVNO off by 100000; (bso#14951);
- LDAP simple binds should honour 'old password allowed period'; (bso#15001);
- wbinfo -a doesn't work reliable with upn names; (bso#15003);
- Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879);
- Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016);
Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995);
Add missing samba-libs requirement to samba-winbind package; (bsc#1198255);
Update to 4.15.6
- Renaming file on DFS root fails with NTSTATUSOBJECTPATHNOT_FOUND; (bso#14169);
- Samba does not response STATUSINVALIDPARAMETER when opening 2 objects with same lease key; (bso#14737);
- NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938);
- Fix ldap simple bind with TLS auditing; (bso#14996);
- net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674);
- Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224);
- pam_winbind will not allow gdm login if password about to expire; (bso#8691);
- virusfiltervfsopenat: Not scanned: Directory or special file; (bso#14971);
- DFS fix for AIX broken; (bso#13631);
- Solaris and AIX acl modules: wrong function arguments; (bso#14974);
- Function aixaclsysaclgetfile not declared / coredump; (bso#7239);
- Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900);
- Fix a use-after-free in SMB1 server; (bso#14989);
- smb2signingdecryptpdu() may not decrypt with gnutlsaeadcipherdecrypt() from gnutls before 3.5.2; (bso#14968);
- Changing the machine password against an RODC likely destroys the domain join; (bso#14984);
- authsammakeuserinfodc() steals memory from its struct ldb_message *msg argument; (bso#14993);
- Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995);
- Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967);
Other SUSE fixes:
- Fix mismatched version of libldb2; (bsc#1196788).
- Drop obsolete SuSEfirewall2 service files.
- Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338).
- Fix ntlm authentications with 'winbind use default domain = yes'; (bso#13126); (bsc#1173429); (bsc#1196308).
- Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947).
- libldb version mismatch in Samba dsdb component; (bsc#1118508);
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20222307-1/
- https://bugzilla.suse.com/1080338
- https://bugzilla.suse.com/1118508
- https://bugzilla.suse.com/1173429
- https://bugzilla.suse.com/1195896
- https://bugzilla.suse.com/1196224
- https://bugzilla.suse.com/1196308
- https://bugzilla.suse.com/1196788
- https://bugzilla.suse.com/1197995
- https://bugzilla.suse.com/1198255
- https://bugzilla.suse.com/1199247
- https://bugzilla.suse.com/1199362
- https://www.suse.com/security/cve/CVE-2021-3670
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP4 / ldb
Package
- Name
- ldb
- Purl
- purl:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.2-150400.4.3.11
Ecosystem specific
{
"binaries": [
{
"ldb-tools": "2.4.2-150400.4.3.11",
"samba": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libldb2-32bit": "2.4.2-150400.4.3.11",
"samba-dsdb-modules": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ldb-ldap": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"python3-ldb": "2.4.2-150400.4.3.11",
"samba-client-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libldb2": "2.4.2-150400.4.3.11",
"libsamba-policy-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-gpupdate": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libsamba-policy-python3-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libldb-devel": "2.4.2-150400.4.3.11",
"samba-client": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-winbind-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libsamba-policy0-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-client-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ad-dc-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-libs-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ceph": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-winbind": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"python3-ldb-devel": "2.4.2-150400.4.3.11"
}
]
}
SUSE:Linux Enterprise Module for Basesystem 15 SP4 / samba
Package
- Name
- samba
- Purl
- purl:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.15.7+git.376.dd43aca9ab2-150400.3.5.3
Ecosystem specific
{
"binaries": [
{
"ldb-tools": "2.4.2-150400.4.3.11",
"samba": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libldb2-32bit": "2.4.2-150400.4.3.11",
"samba-dsdb-modules": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ldb-ldap": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"python3-ldb": "2.4.2-150400.4.3.11",
"samba-client-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libldb2": "2.4.2-150400.4.3.11",
"libsamba-policy-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-gpupdate": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libsamba-policy-python3-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libldb-devel": "2.4.2-150400.4.3.11",
"samba-client": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-winbind-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libsamba-policy0-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-client-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ad-dc-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-libs-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ceph": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-winbind": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"python3-ldb-devel": "2.4.2-150400.4.3.11"
}
]
}
SUSE:Linux Enterprise High Availability Extension 15 SP4 / samba
Package
- Name
- samba
- Purl
- purl:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4
openSUSE:Leap 15.4 / ldb
Package
- Name
- ldb
- Purl
- purl:rpm/suse/ldb&distro=openSUSE%20Leap%2015.4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.2-150400.4.3.11
Ecosystem specific
{
"binaries": [
{
"ldb-tools": "2.4.2-150400.4.3.11",
"samba-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ldb-ldap": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-tool": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-doc": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libldb2": "2.4.2-150400.4.3.11",
"libsamba-policy-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-gpupdate": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-winbind-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-client": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libsamba-policy0-python3-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"ctdb-pcp-pmda": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-client-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-devel-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ad-dc-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ad-dc-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-winbind": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"python3-ldb-devel": "2.4.2-150400.4.3.11",
"samba-client-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-test": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libldb2-32bit": "2.4.2-150400.4.3.11",
"samba-dsdb-modules": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"python3-ldb": "2.4.2-150400.4.3.11",
"ctdb": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-libs-python3-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ad-dc": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libsamba-policy-python3-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libldb-devel": "2.4.2-150400.4.3.11",
"python3-ldb-32bit": "2.4.2-150400.4.3.11",
"samba-winbind-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libsamba-policy0-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-client-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-libs-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ceph": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3"
}
]
}
openSUSE:Leap 15.4 / samba
Package
- Name
- samba
- Purl
- purl:rpm/suse/samba&distro=openSUSE%20Leap%2015.4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.15.7+git.376.dd43aca9ab2-150400.3.5.3
Ecosystem specific
{
"binaries": [
{
"ldb-tools": "2.4.2-150400.4.3.11",
"samba-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ldb-ldap": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-tool": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-doc": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libldb2": "2.4.2-150400.4.3.11",
"libsamba-policy-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-gpupdate": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-winbind-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-client": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libsamba-policy0-python3-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"ctdb-pcp-pmda": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-client-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-devel-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ad-dc-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ad-dc-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-winbind": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"python3-ldb-devel": "2.4.2-150400.4.3.11",
"samba-client-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-test": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libldb2-32bit": "2.4.2-150400.4.3.11",
"samba-dsdb-modules": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"python3-ldb": "2.4.2-150400.4.3.11",
"ctdb": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-libs-python3-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ad-dc": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libsamba-policy-python3-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libldb-devel": "2.4.2-150400.4.3.11",
"python3-ldb-32bit": "2.4.2-150400.4.3.11",
"samba-winbind-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"libsamba-policy0-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-client-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-libs-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
"samba-ceph": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3"
}
]
}