openSUSE Security Update : ldb / samba (openSUSE-2020-1023)

high Nessus Plugin ID 138790

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for ldb, samba fixes the following issues :

Changes in samba :

- Update to samba 4.11.11

+ CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159]

+ CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378);
(bsc#1173160).

+ CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402);
(bsc#1173161)

+ CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359).

- Update to samba 4.11.10

+ Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374).

+ vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350)

+ ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr;
(bso#14413).

+ Malicous SMB1 server can crash libsmbclient; (bso#14366)

+ winbindd: Fix a use-after-free when winbind clients exit; (bso#14382)

+ ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330)

- Update to samba 4.11.9

+ nmblib: Avoid undefined behaviour in handle_name_ptrs();
(bso#14242).

+ 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296).

+ smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237).

+ Missing check for DMAPI offline status in async DOS attributes; (bso#14293).

+ smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307).

+ vfs_recycle: Prevent flooding the log if we're called on non-existent paths; (bso#14316)

+ smbd mistakenly updates a file's write-time on close;
(bso#14320).

+ RPC handles cannot be differentiated in source3 RPC server; (bso#14359).

+ librpc: Fix IDL for svcctl_ChangeServiceConfigW;
(bso#14313).

+ nsswitch: Fix use-after-free causing segfault in
_pam_delete_cred; (bso#14327).

+ Fix fruit:time machine max size on arm; (bso#13622)

+ CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294).

+ ctdb: Fix a memleak; (bso#14348).

+ libsmb: Don't try to find posix stat info in SMBC_getatr().

+ ctdb-tcp: Move free of inbound queue to TCP restart;
(bso#14295); (bsc#1162680).

+ s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095)

+ s3:libads: Fix ads_get_upn(); (bso#14336).

+ CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294)

+ Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680).

+ ctdb-recoverd: Avoid dereferencing NULL rec->nodemap;
(bso#14324)

- Update to samba 4.11.8

+ CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850);

+ CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851);

- Update to samba 4.11.7

+ s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239).

+ s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283)

+ dsdb: Correctly handle memory in objectclass_attrs;
(bso#14258).

+ ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270)

+ auth: Fix CIDs 1458418 and 1458420 NULL pointer dereferences; (bso#14247).

+ smbd: Handle EINTR from open(2) properly; (bso#14285)

+ winbind member (source3) fails local SAM auth with empty domain name; (bso#14247)

+ winbindd: Handling missing idmap in getgrgid();
(bso#14265).

+ lib:util: Log mkdir error on correct debug levels;
(bso#14253).

+ wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266).

+ ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274).

- Update to samba 4.11.6

+ pygpo: Use correct method flags; (bso#14209).

+ vfs_ceph_snapshots: Fix root relative path handling;
(bso#14216); (bsc#1141320).

+ Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209).

+ source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218).

+ docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122).

+ smbd: Fix the build with clang; (bso#14251).

+ upgradedns: Ensure lmdb lock files linked; (bso#14199).

+ s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182).

+ smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101).

+ librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219).

+ ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227).

- Add libnetapi-devel to baselibs conf, for wine usage;
(bsc#1172307);

- Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437);

- Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521);

Changes in ldb :

- Update to version 2.0.12

+ CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159).

+ ldb_ldap: fix off-by-one increment in lldb_add_msg_attr;
(bso#14413).

+ lib/ldb: add unit test for ldb_ldap internal code.

- Update to version 2.0.11

+ lib ldb: lmdb init var before calling mdb_reader_check.

+ lib ldb: lmdb clear stale readers on write txn start;
(bso#14330).

+ ldb tests: Confirm lmdb free list handling

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Solution

Update the affected ldb / samba packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1141320

https://bugzilla.opensuse.org/show_bug.cgi?id=1162680

https://bugzilla.opensuse.org/show_bug.cgi?id=1169095

https://bugzilla.opensuse.org/show_bug.cgi?id=1169521

https://bugzilla.opensuse.org/show_bug.cgi?id=1169850

https://bugzilla.opensuse.org/show_bug.cgi?id=1169851

https://bugzilla.opensuse.org/show_bug.cgi?id=1171437

https://bugzilla.opensuse.org/show_bug.cgi?id=1172307

https://bugzilla.opensuse.org/show_bug.cgi?id=1173159

https://bugzilla.opensuse.org/show_bug.cgi?id=1173160

https://bugzilla.opensuse.org/show_bug.cgi?id=1173161

https://bugzilla.opensuse.org/show_bug.cgi?id=1173359

https://bugzilla.opensuse.org/show_bug.cgi?id=1174120

Plugin Details

Severity: High

ID: 138790

File Name: openSUSE-2020-1023.nasl

Version: 1.3

Type: local

Agent: unix

Published: 7/21/2020

Updated: 2/29/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2020-10745

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2020-14303

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:ctdb, p-cpe:/a:novell:opensuse:ctdb-debuginfo, p-cpe:/a:novell:opensuse:ctdb-pcp-pmda, p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo, p-cpe:/a:novell:opensuse:samba-ad-dc-32bit-debuginfo, p-cpe:/a:novell:opensuse:samba-ad-dc-debuginfo, p-cpe:/a:novell:opensuse:samba-ceph, p-cpe:/a:novell:opensuse:samba-ceph-debuginfo, p-cpe:/a:novell:opensuse:ctdb-tests, p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo, p-cpe:/a:novell:opensuse:ldb-debugsource, p-cpe:/a:novell:opensuse:ldb-tools, p-cpe:/a:novell:opensuse:ldb-tools-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc-binding0, p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit, p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc-devel, p-cpe:/a:novell:opensuse:libdcerpc-samr-devel, p-cpe:/a:novell:opensuse:libdcerpc-samr0, p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit, p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc0, p-cpe:/a:novell:opensuse:libdcerpc0-32bit, p-cpe:/a:novell:opensuse:libdcerpc0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo, p-cpe:/a:novell:opensuse:libldb-devel, p-cpe:/a:novell:opensuse:libldb2, p-cpe:/a:novell:opensuse:libldb2-32bit, p-cpe:/a:novell:opensuse:libldb2-32bit-debuginfo, p-cpe:/a:novell:opensuse:libldb2-debuginfo, p-cpe:/a:novell:opensuse:libndr-devel, p-cpe:/a:novell:opensuse:libndr-krb5pac-devel, p-cpe:/a:novell:opensuse:libndr-krb5pac0, p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit, p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo, p-cpe:/a:novell:opensuse:libndr-nbt-devel, p-cpe:/a:novell:opensuse:libndr-nbt0, p-cpe:/a:novell:opensuse:libndr-nbt0-32bit, p-cpe:/a:novell:opensuse:libndr-nbt0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo, p-cpe:/a:novell:opensuse:libndr-standard-devel, p-cpe:/a:novell:opensuse:libndr-standard0, p-cpe:/a:novell:opensuse:libndr-standard0-32bit, p-cpe:/a:novell:opensuse:libndr-standard0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo, p-cpe:/a:novell:opensuse:libndr0, p-cpe:/a:novell:opensuse:libndr0-32bit, p-cpe:/a:novell:opensuse:libndr0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libndr0-debuginfo, p-cpe:/a:novell:opensuse:libnetapi-devel, p-cpe:/a:novell:opensuse:libnetapi-devel-32bit, p-cpe:/a:novell:opensuse:libnetapi0, p-cpe:/a:novell:opensuse:libnetapi0-32bit, p-cpe:/a:novell:opensuse:libnetapi0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libnetapi0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-credentials-devel, p-cpe:/a:novell:opensuse:libsamba-credentials0, p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit, p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-errors-devel, p-cpe:/a:novell:opensuse:libsamba-errors0, p-cpe:/a:novell:opensuse:libsamba-errors0-32bit, p-cpe:/a:novell:opensuse:libsamba-errors0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel, p-cpe:/a:novell:opensuse:libsamba-hostconfig0, p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit, p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-passdb-devel, p-cpe:/a:novell:opensuse:libsamba-passdb0, p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit, p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-policy-devel, p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel, p-cpe:/a:novell:opensuse:libsamba-policy0-python3, p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit, p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit-debuginfo, p-cpe:/a:novell:opensuse:libsamba-policy0-python3-debuginfo, p-cpe:/a:novell:opensuse:libsamba-util-devel, p-cpe:/a:novell:opensuse:libsamba-util0, p-cpe:/a:novell:opensuse:libsamba-util0-32bit, p-cpe:/a:novell:opensuse:libsamba-util0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo, p-cpe:/a:novell:opensuse:libsamdb-devel, p-cpe:/a:novell:opensuse:libsamdb0, p-cpe:/a:novell:opensuse:libsamdb0-32bit, p-cpe:/a:novell:opensuse:libsamdb0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libsamdb0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient-devel, p-cpe:/a:novell:opensuse:libsmbclient0, p-cpe:/a:novell:opensuse:libsmbclient0-32bit, p-cpe:/a:novell:opensuse:libsmbclient0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo, p-cpe:/a:novell:opensuse:samba-client, p-cpe:/a:novell:opensuse:samba-client-32bit, p-cpe:/a:novell:opensuse:samba-client-32bit-debuginfo, p-cpe:/a:novell:opensuse:samba-client-debuginfo, p-cpe:/a:novell:opensuse:samba-core-devel, p-cpe:/a:novell:opensuse:samba-debuginfo, p-cpe:/a:novell:opensuse:samba-debugsource, p-cpe:/a:novell:opensuse:samba-dsdb-modules, p-cpe:/a:novell:opensuse:samba-dsdb-modules-debuginfo, p-cpe:/a:novell:opensuse:samba-libs, p-cpe:/a:novell:opensuse:samba-libs-32bit, p-cpe:/a:novell:opensuse:samba-libs-32bit-debuginfo, p-cpe:/a:novell:opensuse:samba-libs-debuginfo, p-cpe:/a:novell:opensuse:samba-libs-python3, p-cpe:/a:novell:opensuse:samba-libs-python3-32bit, p-cpe:/a:novell:opensuse:samba-libs-python3-32bit-debuginfo, p-cpe:/a:novell:opensuse:samba-libs-python3-debuginfo, p-cpe:/a:novell:opensuse:samba-python3, p-cpe:/a:novell:opensuse:samba-python3-debuginfo, p-cpe:/a:novell:opensuse:samba-test, p-cpe:/a:novell:opensuse:samba-test-debuginfo, p-cpe:/a:novell:opensuse:samba-winbind, p-cpe:/a:novell:opensuse:samba-winbind-32bit, p-cpe:/a:novell:opensuse:samba-winbind-32bit-debuginfo, p-cpe:/a:novell:opensuse:libsmbconf-devel, p-cpe:/a:novell:opensuse:libsmbconf0, p-cpe:/a:novell:opensuse:libsmbconf0-32bit, p-cpe:/a:novell:opensuse:libsmbconf0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo, p-cpe:/a:novell:opensuse:libsmbldap-devel, p-cpe:/a:novell:opensuse:libsmbldap2, p-cpe:/a:novell:opensuse:libsmbldap2-32bit, p-cpe:/a:novell:opensuse:libsmbldap2-32bit-debuginfo, p-cpe:/a:novell:opensuse:libsmbldap2-debuginfo, p-cpe:/a:novell:opensuse:libtevent-util-devel, p-cpe:/a:novell:opensuse:libtevent-util0, p-cpe:/a:novell:opensuse:libtevent-util0-32bit, p-cpe:/a:novell:opensuse:libtevent-util0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo, p-cpe:/a:novell:opensuse:libwbclient-devel, p-cpe:/a:novell:opensuse:libwbclient0, p-cpe:/a:novell:opensuse:libwbclient0-32bit, p-cpe:/a:novell:opensuse:libwbclient0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo, p-cpe:/a:novell:opensuse:python3-ldb, p-cpe:/a:novell:opensuse:python3-ldb-32bit, p-cpe:/a:novell:opensuse:python3-ldb-32bit-debuginfo, p-cpe:/a:novell:opensuse:python3-ldb-debuginfo, p-cpe:/a:novell:opensuse:python3-ldb-devel, p-cpe:/a:novell:opensuse:samba, p-cpe:/a:novell:opensuse:samba-ad-dc, p-cpe:/a:novell:opensuse:samba-ad-dc-32bit, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/20/2020

Vulnerability Publication Date: 5/4/2020

Reference Information

CVE: CVE-2020-10700, CVE-2020-10704, CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303