SUSE-SU-2022:2307-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20222307-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2307-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:2307-1
Related
Published
2022-07-06T12:04:27Z
Modified
2022-07-06T12:04:27Z
Summary
Security update for ldb, samba
Details

This update for ldb, samba fixes the following issues:

ldb was updated to version 2.4.2 to fix:

  • Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured.

samba was updated to fix:

  • Revert NIS support removal; (bsc#1199247);

  • Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362);

  • Add missing samba-client requirement to samba-winbind package; (bsc#1198255);

Update to 4.15.7

  • Share and server swapped in smbget password prompt; (bso#14831);
  • Durable handles won't reconnect if the leased file is written to; (bso#15022);
  • rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023);
  • SMB2CLOSEFLAGSFULLINFORMATION fails to return information on renamed file handle; (bso#15038);
  • vfsshadowcopy2 breaks 'smbd async dosmode' sync fallback; (bso#14957);
  • shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035);
  • PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046);
  • username map - samba erroneously applies unix group memberships to user account entries; (bso#15041);
  • NTSTATUSACCESSDENIED translates into EPERM instead of EACCES in SMBCserver_internal; (bso#14983);
  • Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879);
  • Crash of winbind on RODC; (bso#14641);
  • uncached logon on RODC always fails once; (bso#14865);
  • KVNO off by 100000; (bso#14951);
  • LDAP simple binds should honour 'old password allowed period'; (bso#15001);
  • wbinfo -a doesn't work reliable with upn names; (bso#15003);
  • Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879);
  • Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
  • Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016);

  • Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995);

  • Add missing samba-libs requirement to samba-winbind package; (bsc#1198255);

Update to 4.15.6

  • Renaming file on DFS root fails with NTSTATUSOBJECTPATHNOT_FOUND; (bso#14169);
  • Samba does not response STATUSINVALIDPARAMETER when opening 2 objects with same lease key; (bso#14737);
  • NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938);
  • Fix ldap simple bind with TLS auditing; (bso#14996);
  • net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674);
  • Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224);
  • pam_winbind will not allow gdm login if password about to expire; (bso#8691);
  • virusfiltervfsopenat: Not scanned: Directory or special file; (bso#14971);
  • DFS fix for AIX broken; (bso#13631);
  • Solaris and AIX acl modules: wrong function arguments; (bso#14974);
  • Function aixaclsysaclgetfile not declared / coredump; (bso#7239);
  • Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900);
  • Fix a use-after-free in SMB1 server; (bso#14989);
  • smb2signingdecryptpdu() may not decrypt with gnutlsaeadcipherdecrypt() from gnutls before 3.5.2; (bso#14968);
  • Changing the machine password against an RODC likely destroys the domain join; (bso#14984);
  • authsammakeuserinfodc() steals memory from its struct ldb_message *msg argument; (bso#14993);
  • Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995);
  • Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967);

Other SUSE fixes:

  • Fix mismatched version of libldb2; (bsc#1196788).
  • Drop obsolete SuSEfirewall2 service files.
  • Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338).
  • Fix ntlm authentications with 'winbind use default domain = yes'; (bso#13126); (bsc#1173429); (bsc#1196308).
  • Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947).
  • libldb version mismatch in Samba dsdb component; (bsc#1118508);
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP4 / ldb

Package

Name
ldb
Purl
purl:rpm/suse/ldb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2-150400.4.3.11

Ecosystem specific

{
    "binaries": [
        {
            "ldb-tools": "2.4.2-150400.4.3.11",
            "samba": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libldb2-32bit": "2.4.2-150400.4.3.11",
            "samba-dsdb-modules": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ldb-ldap": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "python3-ldb": "2.4.2-150400.4.3.11",
            "samba-client-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libldb2": "2.4.2-150400.4.3.11",
            "libsamba-policy-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-gpupdate": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libsamba-policy-python3-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libldb-devel": "2.4.2-150400.4.3.11",
            "samba-client": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-winbind-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libsamba-policy0-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-client-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ad-dc-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-libs-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ceph": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-winbind": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "python3-ldb-devel": "2.4.2-150400.4.3.11"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 SP4 / samba

Package

Name
samba
Purl
purl:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.7+git.376.dd43aca9ab2-150400.3.5.3

Ecosystem specific

{
    "binaries": [
        {
            "ldb-tools": "2.4.2-150400.4.3.11",
            "samba": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libldb2-32bit": "2.4.2-150400.4.3.11",
            "samba-dsdb-modules": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ldb-ldap": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "python3-ldb": "2.4.2-150400.4.3.11",
            "samba-client-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libldb2": "2.4.2-150400.4.3.11",
            "libsamba-policy-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-gpupdate": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libsamba-policy-python3-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libldb-devel": "2.4.2-150400.4.3.11",
            "samba-client": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-winbind-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libsamba-policy0-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-client-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ad-dc-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-libs-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ceph": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-winbind": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "python3-ldb-devel": "2.4.2-150400.4.3.11"
        }
    ]
}

SUSE:Linux Enterprise High Availability Extension 15 SP4 / samba

Package

Name
samba
Purl
purl:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.7+git.376.dd43aca9ab2-150400.3.5.3

Ecosystem specific

{
    "binaries": [
        {
            "ctdb": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3"
        }
    ]
}

openSUSE:Leap 15.4 / ldb

Package

Name
ldb
Purl
purl:rpm/suse/ldb&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.2-150400.4.3.11

Ecosystem specific

{
    "binaries": [
        {
            "ldb-tools": "2.4.2-150400.4.3.11",
            "samba-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ldb-ldap": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-tool": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-doc": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libldb2": "2.4.2-150400.4.3.11",
            "libsamba-policy-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-gpupdate": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-winbind-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-client": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libsamba-policy0-python3-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "ctdb-pcp-pmda": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-client-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-devel-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ad-dc-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ad-dc-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-winbind": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "python3-ldb-devel": "2.4.2-150400.4.3.11",
            "samba-client-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-test": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libldb2-32bit": "2.4.2-150400.4.3.11",
            "samba-dsdb-modules": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "python3-ldb": "2.4.2-150400.4.3.11",
            "ctdb": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-libs-python3-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ad-dc": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libsamba-policy-python3-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libldb-devel": "2.4.2-150400.4.3.11",
            "python3-ldb-32bit": "2.4.2-150400.4.3.11",
            "samba-winbind-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libsamba-policy0-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-client-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-libs-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ceph": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3"
        }
    ]
}

openSUSE:Leap 15.4 / samba

Package

Name
samba
Purl
purl:rpm/suse/samba&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.15.7+git.376.dd43aca9ab2-150400.3.5.3

Ecosystem specific

{
    "binaries": [
        {
            "ldb-tools": "2.4.2-150400.4.3.11",
            "samba-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ldb-ldap": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-tool": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-doc": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libldb2": "2.4.2-150400.4.3.11",
            "libsamba-policy-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-gpupdate": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-winbind-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-client": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libsamba-policy0-python3-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "ctdb-pcp-pmda": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-client-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-devel-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ad-dc-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ad-dc-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-winbind": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "python3-ldb-devel": "2.4.2-150400.4.3.11",
            "samba-client-libs-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-test": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libldb2-32bit": "2.4.2-150400.4.3.11",
            "samba-dsdb-modules": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "python3-ldb": "2.4.2-150400.4.3.11",
            "ctdb": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-libs-python3-32bit": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ad-dc": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libsamba-policy-python3-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libldb-devel": "2.4.2-150400.4.3.11",
            "python3-ldb-32bit": "2.4.2-150400.4.3.11",
            "samba-winbind-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "libsamba-policy0-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-client-libs": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-libs-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-devel": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-python3": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3",
            "samba-ceph": "4.15.7+git.376.dd43aca9ab2-150400.3.5.3"
        }
    ]
}