SUSE-SU-2019:3319-1

Опубликовано: 17 дек. 2019

Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes the following issues:

CVE-2019-14861: Fixed a DNSServer RPC server crash, that allowed an authenticated user to crash the DCE/RPC DNS management server by creating records with matching the zone name (bsc#1158108).
CVE-2019-14870: Fixed a DelegationNotAllowed not being enforced (bsc#1158109).

Список пакетов

SUSE Enterprise Storage 6

samba-ceph-4.9.5+git.224.86a8e66adea-3.18.1

SUSE Linux Enterprise High Availability Extension 15 SP1

ctdb-4.9.5+git.224.86a8e66adea-3.18.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

libdcerpc-binding0-4.9.5+git.224.86a8e66adea-3.18.1

libdcerpc-binding0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libdcerpc-devel-4.9.5+git.224.86a8e66adea-3.18.1

libdcerpc-samr-devel-4.9.5+git.224.86a8e66adea-3.18.1

libdcerpc-samr0-4.9.5+git.224.86a8e66adea-3.18.1

libdcerpc0-4.9.5+git.224.86a8e66adea-3.18.1

libdcerpc0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libndr-devel-4.9.5+git.224.86a8e66adea-3.18.1

libndr-krb5pac-devel-4.9.5+git.224.86a8e66adea-3.18.1

libndr-krb5pac0-4.9.5+git.224.86a8e66adea-3.18.1

libndr-krb5pac0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libndr-nbt-devel-4.9.5+git.224.86a8e66adea-3.18.1

libndr-nbt0-4.9.5+git.224.86a8e66adea-3.18.1

libndr-nbt0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libndr-standard-devel-4.9.5+git.224.86a8e66adea-3.18.1

libndr-standard0-4.9.5+git.224.86a8e66adea-3.18.1

libndr-standard0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libndr0-4.9.5+git.224.86a8e66adea-3.18.1

libndr0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libnetapi-devel-4.9.5+git.224.86a8e66adea-3.18.1

libnetapi0-4.9.5+git.224.86a8e66adea-3.18.1

libnetapi0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-credentials-devel-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-credentials0-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-credentials0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-errors-devel-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-errors0-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-errors0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-hostconfig-devel-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-hostconfig0-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-hostconfig0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-passdb-devel-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-passdb0-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-passdb0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-policy-devel-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-policy-python3-devel-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-policy0-python3-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-util-devel-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-util0-4.9.5+git.224.86a8e66adea-3.18.1

libsamba-util0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libsamdb-devel-4.9.5+git.224.86a8e66adea-3.18.1

libsamdb0-4.9.5+git.224.86a8e66adea-3.18.1

libsamdb0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libsmbclient-devel-4.9.5+git.224.86a8e66adea-3.18.1

libsmbclient0-4.9.5+git.224.86a8e66adea-3.18.1

libsmbconf-devel-4.9.5+git.224.86a8e66adea-3.18.1

libsmbconf0-4.9.5+git.224.86a8e66adea-3.18.1

libsmbconf0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libsmbldap-devel-4.9.5+git.224.86a8e66adea-3.18.1

libsmbldap2-4.9.5+git.224.86a8e66adea-3.18.1

libsmbldap2-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libtevent-util-devel-4.9.5+git.224.86a8e66adea-3.18.1

libtevent-util0-4.9.5+git.224.86a8e66adea-3.18.1

libtevent-util0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

libwbclient-devel-4.9.5+git.224.86a8e66adea-3.18.1

libwbclient0-4.9.5+git.224.86a8e66adea-3.18.1

libwbclient0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

samba-4.9.5+git.224.86a8e66adea-3.18.1

samba-client-4.9.5+git.224.86a8e66adea-3.18.1

samba-core-devel-4.9.5+git.224.86a8e66adea-3.18.1

samba-libs-4.9.5+git.224.86a8e66adea-3.18.1

samba-libs-32bit-4.9.5+git.224.86a8e66adea-3.18.1

samba-libs-python3-4.9.5+git.224.86a8e66adea-3.18.1

samba-python3-4.9.5+git.224.86a8e66adea-3.18.1

samba-winbind-4.9.5+git.224.86a8e66adea-3.18.1

samba-winbind-32bit-4.9.5+git.224.86a8e66adea-3.18.1

SUSE Linux Enterprise Module for Python 2 15 SP1

libsamba-policy0-4.9.5+git.224.86a8e66adea-3.18.1

samba-ad-dc-4.9.5+git.224.86a8e66adea-3.18.1

samba-dsdb-modules-4.9.5+git.224.86a8e66adea-3.18.1

samba-libs-python-4.9.5+git.224.86a8e66adea-3.18.1

samba-python-4.9.5+git.224.86a8e66adea-3.18.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20193319-1/
Link for SUSE-SU-2019:3319-1
https://lists.suse.com/pipermail/sle-security-updates/2019-December/006265.html
E-Mail link for SUSE-SU-2019:3319-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1158108
SUSE Bug 1158108
https://bugzilla.suse.com/1158109
SUSE Bug 1158109
https://www.suse.com/security/cve/CVE-2019-14861/
SUSE CVE CVE-2019-14861 page
https://www.suse.com/security/cve/CVE-2019-14870/
SUSE CVE CVE-2019-14870 page

Описание

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.

Затронутые продукты

SUSE Enterprise Storage 6:samba-ceph-4.9.5+git.224.86a8e66adea-3.18.1

SUSE Linux Enterprise High Availability Extension 15 SP1:ctdb-4.9.5+git.224.86a8e66adea-3.18.1

SUSE Linux Enterprise Module for Basesystem 15 SP1:libdcerpc-binding0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

SUSE Linux Enterprise Module for Basesystem 15 SP1:libdcerpc-binding0-4.9.5+git.224.86a8e66adea-3.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-14861.html
CVE-2019-14861
https://bugzilla.suse.com/1158108
SUSE Bug 1158108

Описание

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.

Затронутые продукты

SUSE Enterprise Storage 6:samba-ceph-4.9.5+git.224.86a8e66adea-3.18.1

SUSE Linux Enterprise High Availability Extension 15 SP1:ctdb-4.9.5+git.224.86a8e66adea-3.18.1

SUSE Linux Enterprise Module for Basesystem 15 SP1:libdcerpc-binding0-32bit-4.9.5+git.224.86a8e66adea-3.18.1

SUSE Linux Enterprise Module for Basesystem 15 SP1:libdcerpc-binding0-4.9.5+git.224.86a8e66adea-3.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-14870.html
CVE-2019-14870
https://bugzilla.suse.com/1158109
SUSE Bug 1158109

SUSE-SU-2019:3319-1

Описание

Список пакетов

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Availability Extension 15 SP1

SUSE Linux Enterprise Module for Basesystem 15 SP1

SUSE Linux Enterprise Module for Python 2 15 SP1

Ссылки

Уязвимость: CVE-2019-14861

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-14870

Описание

Затронутые продукты

Ссылки