SUSE-SU-2016:3299-1

Опубликовано: 29 дек. 2016

Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes the following issues:

Security issues fixed:

CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441).
CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442).
CVE-2016-2123: Heap-based Buffer Overflow Remote Code Execution Vulnerability. (bsc#1014437). This issue does not affect our packages, as the component is not built.

Non security issues fixed:

s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port (bsc#1009085)
Add doc changes for net ads --no-dns-updates switch (bsc#991564)
Include vfstest in samba-test (bsc#1001203).
s3/winbindd: using default domain with user@domain.com format fails (bsc#997833).
Fix illegal memory access after memory has been deleted (bsc#975299).
Fix bug in tevent poll backend causing winbind to loop tightly (bsc#994500).
Various fixes for spnego/ntlm (bsc#986675).

Список пакетов

SUSE Linux Enterprise High Availability Extension 12

ctdb-4.2.4-18.30.1

SUSE Linux Enterprise Server 12-LTSS

ctdb-4.2.4-18.30.1

libdcerpc-binding0-4.2.4-18.30.1

libdcerpc-binding0-32bit-4.2.4-18.30.1

libdcerpc0-4.2.4-18.30.1

libdcerpc0-32bit-4.2.4-18.30.1

libgensec0-4.2.4-18.30.1

libgensec0-32bit-4.2.4-18.30.1

libndr-krb5pac0-4.2.4-18.30.1

libndr-krb5pac0-32bit-4.2.4-18.30.1

libndr-nbt0-4.2.4-18.30.1

libndr-nbt0-32bit-4.2.4-18.30.1

libndr-standard0-4.2.4-18.30.1

libndr-standard0-32bit-4.2.4-18.30.1

libndr0-4.2.4-18.30.1

libndr0-32bit-4.2.4-18.30.1

libnetapi0-4.2.4-18.30.1

libnetapi0-32bit-4.2.4-18.30.1

libregistry0-4.2.4-18.30.1

libsamba-credentials0-4.2.4-18.30.1

libsamba-credentials0-32bit-4.2.4-18.30.1

libsamba-hostconfig0-4.2.4-18.30.1

libsamba-hostconfig0-32bit-4.2.4-18.30.1

libsamba-passdb0-4.2.4-18.30.1

libsamba-passdb0-32bit-4.2.4-18.30.1

libsamba-util0-4.2.4-18.30.1

libsamba-util0-32bit-4.2.4-18.30.1

libsamdb0-4.2.4-18.30.1

libsamdb0-32bit-4.2.4-18.30.1

libsmbclient-raw0-4.2.4-18.30.1

libsmbclient-raw0-32bit-4.2.4-18.30.1

libsmbclient0-4.2.4-18.30.1

libsmbclient0-32bit-4.2.4-18.30.1

libsmbconf0-4.2.4-18.30.1

libsmbconf0-32bit-4.2.4-18.30.1

libsmbldap0-4.2.4-18.30.1

libsmbldap0-32bit-4.2.4-18.30.1

libtevent-util0-4.2.4-18.30.1

libtevent-util0-32bit-4.2.4-18.30.1

libwbclient0-4.2.4-18.30.1

libwbclient0-32bit-4.2.4-18.30.1

samba-4.2.4-18.30.1

samba-32bit-4.2.4-18.30.1

samba-client-4.2.4-18.30.1

samba-client-32bit-4.2.4-18.30.1

samba-doc-4.2.4-18.30.1

samba-libs-4.2.4-18.30.1

samba-libs-32bit-4.2.4-18.30.1

samba-winbind-4.2.4-18.30.1

samba-winbind-32bit-4.2.4-18.30.1

SUSE Linux Enterprise Server for SAP Applications 12

ctdb-4.2.4-18.30.1

libdcerpc-binding0-4.2.4-18.30.1

libdcerpc-binding0-32bit-4.2.4-18.30.1

libdcerpc0-4.2.4-18.30.1

libdcerpc0-32bit-4.2.4-18.30.1

libgensec0-4.2.4-18.30.1

libgensec0-32bit-4.2.4-18.30.1

libndr-krb5pac0-4.2.4-18.30.1

libndr-krb5pac0-32bit-4.2.4-18.30.1

libndr-nbt0-4.2.4-18.30.1

libndr-nbt0-32bit-4.2.4-18.30.1

libndr-standard0-4.2.4-18.30.1

libndr-standard0-32bit-4.2.4-18.30.1

libndr0-4.2.4-18.30.1

libndr0-32bit-4.2.4-18.30.1

libnetapi0-4.2.4-18.30.1

libnetapi0-32bit-4.2.4-18.30.1

libregistry0-4.2.4-18.30.1

libsamba-credentials0-4.2.4-18.30.1

libsamba-credentials0-32bit-4.2.4-18.30.1

libsamba-hostconfig0-4.2.4-18.30.1

libsamba-hostconfig0-32bit-4.2.4-18.30.1

libsamba-passdb0-4.2.4-18.30.1

libsamba-passdb0-32bit-4.2.4-18.30.1

libsamba-util0-4.2.4-18.30.1

libsamba-util0-32bit-4.2.4-18.30.1

libsamdb0-4.2.4-18.30.1

libsamdb0-32bit-4.2.4-18.30.1

libsmbclient-raw0-4.2.4-18.30.1

libsmbclient-raw0-32bit-4.2.4-18.30.1

libsmbclient0-4.2.4-18.30.1

libsmbclient0-32bit-4.2.4-18.30.1

libsmbconf0-4.2.4-18.30.1

libsmbconf0-32bit-4.2.4-18.30.1

libsmbldap0-4.2.4-18.30.1

libsmbldap0-32bit-4.2.4-18.30.1

libtevent-util0-4.2.4-18.30.1

libtevent-util0-32bit-4.2.4-18.30.1

libwbclient0-4.2.4-18.30.1

libwbclient0-32bit-4.2.4-18.30.1

samba-4.2.4-18.30.1

samba-32bit-4.2.4-18.30.1

samba-client-4.2.4-18.30.1

samba-client-32bit-4.2.4-18.30.1

samba-doc-4.2.4-18.30.1

samba-libs-4.2.4-18.30.1

samba-libs-32bit-4.2.4-18.30.1

samba-winbind-4.2.4-18.30.1

samba-winbind-32bit-4.2.4-18.30.1

Ссылки

https://www.suse.com/support/update/announcement/2016/suse-su-20163299-1/
Link for SUSE-SU-2016:3299-1
https://lists.suse.com/pipermail/sle-security-updates/2016-December/002535.html
E-Mail link for SUSE-SU-2016:3299-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1001203
SUSE Bug 1001203
https://bugzilla.suse.com/1009085
SUSE Bug 1009085
https://bugzilla.suse.com/1014437
SUSE Bug 1014437
https://bugzilla.suse.com/1014441
SUSE Bug 1014441
https://bugzilla.suse.com/1014442
SUSE Bug 1014442
https://bugzilla.suse.com/975299
SUSE Bug 975299
https://bugzilla.suse.com/986675
SUSE Bug 986675
https://bugzilla.suse.com/991564
SUSE Bug 991564
https://bugzilla.suse.com/994500
SUSE Bug 994500
https://bugzilla.suse.com/997833
SUSE Bug 997833
https://www.suse.com/security/cve/CVE-2016-2123/
SUSE CVE CVE-2016-2123 page
https://www.suse.com/security/cve/CVE-2016-2125/
SUSE CVE CVE-2016-2125 page
https://www.suse.com/security/cve/CVE-2016-2126/
SUSE CVE CVE-2016-2126 page

Описание

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.

Затронутые продукты

SUSE Linux Enterprise High Availability Extension 12:ctdb-4.2.4-18.30.1

SUSE Linux Enterprise Server 12-LTSS:ctdb-4.2.4-18.30.1

SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-32bit-4.2.4-18.30.1

SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-4.2.4-18.30.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-2123.html
CVE-2016-2123
https://bugzilla.suse.com/1014437
SUSE Bug 1014437

Описание

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

Затронутые продукты

SUSE Linux Enterprise High Availability Extension 12:ctdb-4.2.4-18.30.1

SUSE Linux Enterprise Server 12-LTSS:ctdb-4.2.4-18.30.1

SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-32bit-4.2.4-18.30.1

SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-4.2.4-18.30.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-2125.html
CVE-2016-2125
https://bugzilla.suse.com/1014441
SUSE Bug 1014441

Описание

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.

Затронутые продукты

SUSE Linux Enterprise High Availability Extension 12:ctdb-4.2.4-18.30.1

SUSE Linux Enterprise Server 12-LTSS:ctdb-4.2.4-18.30.1

SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-32bit-4.2.4-18.30.1

SUSE Linux Enterprise Server 12-LTSS:libdcerpc-binding0-4.2.4-18.30.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-2126.html
CVE-2016-2126
https://bugzilla.suse.com/1014442
SUSE Bug 1014442

SUSE-SU-2016:3299-1

Описание

Список пакетов

SUSE Linux Enterprise High Availability Extension 12

SUSE Linux Enterprise Server 12-LTSS

SUSE Linux Enterprise Server for SAP Applications 12

Ссылки

Уязвимость: CVE-2016-2123

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-2125

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2016-2126

Описание

Затронутые продукты

Ссылки