Описание
Security update for samba
This update for samba fixes the following issues:
Security issues fixed:
- CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing (bsc#1160888).
- CVE-2019-14902: Fixed an issue where automatic replication of ACLs down subtree on AD Directory is not working (bsc#1160850).
- CVE-2019-19344: Fixed a server crash when using dns zone scavenging = yes (bsc#1160852).
Non-security issue fixed:
- Fixed Ceph snapshot path handling relative to root (bsc#1141320).
Список пакетов
SUSE Enterprise Storage 6
samba-ceph-4.9.5+git.243.e76c5cb3d97-3.21.1
SUSE Linux Enterprise High Availability Extension 15 SP1
ctdb-4.9.5+git.243.e76c5cb3d97-3.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
libdcerpc-binding0-4.9.5+git.243.e76c5cb3d97-3.21.1
libdcerpc-binding0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libdcerpc-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libdcerpc-samr-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libdcerpc-samr0-4.9.5+git.243.e76c5cb3d97-3.21.1
libdcerpc0-4.9.5+git.243.e76c5cb3d97-3.21.1
libdcerpc0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libndr-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libndr-krb5pac-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libndr-krb5pac0-4.9.5+git.243.e76c5cb3d97-3.21.1
libndr-krb5pac0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libndr-nbt-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libndr-nbt0-4.9.5+git.243.e76c5cb3d97-3.21.1
libndr-nbt0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libndr-standard-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libndr-standard0-4.9.5+git.243.e76c5cb3d97-3.21.1
libndr-standard0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libndr0-4.9.5+git.243.e76c5cb3d97-3.21.1
libndr0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libnetapi-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libnetapi0-4.9.5+git.243.e76c5cb3d97-3.21.1
libnetapi0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-credentials-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-credentials0-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-credentials0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-errors-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-errors0-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-errors0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-hostconfig-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-hostconfig0-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-hostconfig0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-passdb-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-passdb0-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-passdb0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-policy-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-policy-python3-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-policy0-python3-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-util-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-util0-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamba-util0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamdb-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamdb0-4.9.5+git.243.e76c5cb3d97-3.21.1
libsamdb0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libsmbclient-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libsmbclient0-4.9.5+git.243.e76c5cb3d97-3.21.1
libsmbconf-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libsmbconf0-4.9.5+git.243.e76c5cb3d97-3.21.1
libsmbconf0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libsmbldap-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libsmbldap2-4.9.5+git.243.e76c5cb3d97-3.21.1
libsmbldap2-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libtevent-util-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libtevent-util0-4.9.5+git.243.e76c5cb3d97-3.21.1
libtevent-util0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
libwbclient-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
libwbclient0-4.9.5+git.243.e76c5cb3d97-3.21.1
libwbclient0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
samba-4.9.5+git.243.e76c5cb3d97-3.21.1
samba-client-4.9.5+git.243.e76c5cb3d97-3.21.1
samba-core-devel-4.9.5+git.243.e76c5cb3d97-3.21.1
samba-libs-4.9.5+git.243.e76c5cb3d97-3.21.1
samba-libs-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
samba-libs-python3-4.9.5+git.243.e76c5cb3d97-3.21.1
samba-python3-4.9.5+git.243.e76c5cb3d97-3.21.1
samba-winbind-4.9.5+git.243.e76c5cb3d97-3.21.1
samba-winbind-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
SUSE Linux Enterprise Module for Python 2 15 SP1
libsamba-policy0-4.9.5+git.243.e76c5cb3d97-3.21.1
samba-ad-dc-4.9.5+git.243.e76c5cb3d97-3.21.1
samba-dsdb-modules-4.9.5+git.243.e76c5cb3d97-3.21.1
samba-libs-python-4.9.5+git.243.e76c5cb3d97-3.21.1
samba-python-4.9.5+git.243.e76c5cb3d97-3.21.1
Ссылки
- Link for SUSE-SU-2020:0223-1
- E-Mail link for SUSE-SU-2020:0223-1
- SUSE Security Ratings
- SUSE Bug 1141320
- SUSE Bug 1160850
- SUSE Bug 1160852
- SUSE Bug 1160888
- SUSE CVE CVE-2019-14902 page
- SUSE CVE CVE-2019-14907 page
- SUSE CVE CVE-2019-19344 page
Описание
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.
Затронутые продукты
SUSE Enterprise Storage 6:samba-ceph-4.9.5+git.243.e76c5cb3d97-3.21.1
SUSE Linux Enterprise High Availability Extension 15 SP1:ctdb-4.9.5+git.243.e76c5cb3d97-3.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:libdcerpc-binding0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:libdcerpc-binding0-4.9.5+git.243.e76c5cb3d97-3.21.1
Ссылки
- CVE-2019-14902
- SUSE Bug 1160850
Описание
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
Затронутые продукты
SUSE Enterprise Storage 6:samba-ceph-4.9.5+git.243.e76c5cb3d97-3.21.1
SUSE Linux Enterprise High Availability Extension 15 SP1:ctdb-4.9.5+git.243.e76c5cb3d97-3.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:libdcerpc-binding0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:libdcerpc-binding0-4.9.5+git.243.e76c5cb3d97-3.21.1
Ссылки
- CVE-2019-14907
- SUSE Bug 1160888
Описание
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
Затронутые продукты
SUSE Enterprise Storage 6:samba-ceph-4.9.5+git.243.e76c5cb3d97-3.21.1
SUSE Linux Enterprise High Availability Extension 15 SP1:ctdb-4.9.5+git.243.e76c5cb3d97-3.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:libdcerpc-binding0-32bit-4.9.5+git.243.e76c5cb3d97-3.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:libdcerpc-binding0-4.9.5+git.243.e76c5cb3d97-3.21.1
Ссылки
- CVE-2019-19344
- SUSE Bug 1160852