Описание
Security update for samba
This update for samba fixes the following issues:
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284).
- CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214).
Список пакетов
Image SLES12-SP5-Azure-BYOS
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-Basic-On-Demand
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-HPC-BYOS
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-HPC-On-Demand
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-SAP-BYOS
ctdb-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-SAP-On-Demand
ctdb-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-Standard-On-Demand
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-EC2-BYOS
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-EC2-ECS-On-Demand
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-EC2-On-Demand
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-EC2-SAP-BYOS
ctdb-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-EC2-SAP-On-Demand
ctdb-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-GCE-BYOS
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-GCE-On-Demand
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-GCE-SAP-BYOS
ctdb-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-GCE-SAP-On-Demand
ctdb-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-OCI-BYOS-BYOS
libdcerpc-binding0-4.10.18+git.339.c912385a5e1-3.41.1
libdcerpc0-4.10.18+git.339.c912385a5e1-3.41.1
libndr-krb5pac0-4.10.18+git.339.c912385a5e1-3.41.1
libndr-nbt0-4.10.18+git.339.c912385a5e1-3.41.1
libndr-standard0-4.10.18+git.339.c912385a5e1-3.41.1
libndr0-4.10.18+git.339.c912385a5e1-3.41.1
libnetapi0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-credentials0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-errors0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-hostconfig0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-passdb0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-util0-4.10.18+git.339.c912385a5e1-3.41.1
libsamdb0-4.10.18+git.339.c912385a5e1-3.41.1
libsmbconf0-4.10.18+git.339.c912385a5e1-3.41.1
libsmbldap2-4.10.18+git.339.c912385a5e1-3.41.1
libtevent-util0-4.10.18+git.339.c912385a5e1-3.41.1
libwbclient0-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
ctdb-4.10.18+git.339.c912385a5e1-3.41.1
libdcerpc-binding0-4.10.18+git.339.c912385a5e1-3.41.1
libdcerpc0-4.10.18+git.339.c912385a5e1-3.41.1
libndr-krb5pac0-4.10.18+git.339.c912385a5e1-3.41.1
libndr-nbt0-4.10.18+git.339.c912385a5e1-3.41.1
libndr-standard0-4.10.18+git.339.c912385a5e1-3.41.1
libndr0-4.10.18+git.339.c912385a5e1-3.41.1
libnetapi0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-credentials0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-errors0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-hostconfig0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-passdb0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-util0-4.10.18+git.339.c912385a5e1-3.41.1
libsamdb0-4.10.18+git.339.c912385a5e1-3.41.1
libsmbconf0-4.10.18+git.339.c912385a5e1-3.41.1
libsmbldap2-4.10.18+git.339.c912385a5e1-3.41.1
libtevent-util0-4.10.18+git.339.c912385a5e1-3.41.1
libwbclient0-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
ctdb-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
ctdb-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
SUSE Linux Enterprise High Availability Extension 12 SP5
ctdb-4.10.18+git.339.c912385a5e1-3.41.1
SUSE Linux Enterprise Server 12 SP5
libdcerpc-binding0-4.10.18+git.339.c912385a5e1-3.41.1
libdcerpc-binding0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libdcerpc0-4.10.18+git.339.c912385a5e1-3.41.1
libdcerpc0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libndr-krb5pac0-4.10.18+git.339.c912385a5e1-3.41.1
libndr-krb5pac0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libndr-nbt0-4.10.18+git.339.c912385a5e1-3.41.1
libndr-nbt0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libndr-standard0-4.10.18+git.339.c912385a5e1-3.41.1
libndr-standard0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libndr0-4.10.18+git.339.c912385a5e1-3.41.1
libndr0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libnetapi0-4.10.18+git.339.c912385a5e1-3.41.1
libnetapi0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-credentials0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-credentials0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-errors0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-errors0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-hostconfig0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-hostconfig0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-passdb0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-passdb0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-util0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-util0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsamdb0-4.10.18+git.339.c912385a5e1-3.41.1
libsamdb0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsmbclient0-4.10.18+git.339.c912385a5e1-3.41.1
libsmbclient0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsmbconf0-4.10.18+git.339.c912385a5e1-3.41.1
libsmbconf0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsmbldap2-4.10.18+git.339.c912385a5e1-3.41.1
libsmbldap2-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libtevent-util0-4.10.18+git.339.c912385a5e1-3.41.1
libtevent-util0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libwbclient0-4.10.18+git.339.c912385a5e1-3.41.1
libwbclient0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
samba-4.10.18+git.339.c912385a5e1-3.41.1
samba-client-4.10.18+git.339.c912385a5e1-3.41.1
samba-client-32bit-4.10.18+git.339.c912385a5e1-3.41.1
samba-doc-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-32bit-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-python3-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-python3-32bit-4.10.18+git.339.c912385a5e1-3.41.1
samba-winbind-4.10.18+git.339.c912385a5e1-3.41.1
samba-winbind-32bit-4.10.18+git.339.c912385a5e1-3.41.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libdcerpc-binding0-4.10.18+git.339.c912385a5e1-3.41.1
libdcerpc-binding0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libdcerpc0-4.10.18+git.339.c912385a5e1-3.41.1
libdcerpc0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libndr-krb5pac0-4.10.18+git.339.c912385a5e1-3.41.1
libndr-krb5pac0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libndr-nbt0-4.10.18+git.339.c912385a5e1-3.41.1
libndr-nbt0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libndr-standard0-4.10.18+git.339.c912385a5e1-3.41.1
libndr-standard0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libndr0-4.10.18+git.339.c912385a5e1-3.41.1
libndr0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libnetapi0-4.10.18+git.339.c912385a5e1-3.41.1
libnetapi0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-credentials0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-credentials0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-errors0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-errors0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-hostconfig0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-hostconfig0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-passdb0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-passdb0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-util0-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-util0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsamdb0-4.10.18+git.339.c912385a5e1-3.41.1
libsamdb0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsmbclient0-4.10.18+git.339.c912385a5e1-3.41.1
libsmbclient0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsmbconf0-4.10.18+git.339.c912385a5e1-3.41.1
libsmbconf0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libsmbldap2-4.10.18+git.339.c912385a5e1-3.41.1
libsmbldap2-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libtevent-util0-4.10.18+git.339.c912385a5e1-3.41.1
libtevent-util0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
libwbclient0-4.10.18+git.339.c912385a5e1-3.41.1
libwbclient0-32bit-4.10.18+git.339.c912385a5e1-3.41.1
samba-4.10.18+git.339.c912385a5e1-3.41.1
samba-client-4.10.18+git.339.c912385a5e1-3.41.1
samba-client-32bit-4.10.18+git.339.c912385a5e1-3.41.1
samba-doc-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-32bit-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-python3-4.10.18+git.339.c912385a5e1-3.41.1
samba-libs-python3-32bit-4.10.18+git.339.c912385a5e1-3.41.1
samba-winbind-4.10.18+git.339.c912385a5e1-3.41.1
samba-winbind-32bit-4.10.18+git.339.c912385a5e1-3.41.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libndr-devel-4.10.18+git.339.c912385a5e1-3.41.1
libndr-krb5pac-devel-4.10.18+git.339.c912385a5e1-3.41.1
libndr-nbt-devel-4.10.18+git.339.c912385a5e1-3.41.1
libndr-standard-devel-4.10.18+git.339.c912385a5e1-3.41.1
libsamba-util-devel-4.10.18+git.339.c912385a5e1-3.41.1
libsmbclient-devel-4.10.18+git.339.c912385a5e1-3.41.1
libwbclient-devel-4.10.18+git.339.c912385a5e1-3.41.1
samba-core-devel-4.10.18+git.339.c912385a5e1-3.41.1
Ссылки
- Link for SUSE-SU-2021:3649-1
- E-Mail link for SUSE-SU-2021:3649-1
- SUSE Security Ratings
- SUSE Bug 1014440
- SUSE Bug 1192214
- SUSE Bug 1192284
- SUSE CVE CVE-2016-2124 page
- SUSE CVE CVE-2020-25717 page
- SUSE CVE CVE-2021-23192 page
Описание
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-Basic-On-Demand:samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-HPC-BYOS:samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-HPC-On-Demand:samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Ссылки
- CVE-2016-2124
- SUSE Bug 1014440
Описание
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-Basic-On-Demand:samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-HPC-BYOS:samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-HPC-On-Demand:samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Ссылки
- CVE-2020-25717
- SUSE Bug 1192284
- SUSE Bug 1192505
- SUSE Bug 1192601
- SUSE Bug 1192849
- SUSE Bug 1193011
- SUSE Bug 1194049
- SUSE Bug 1194307
- SUSE Bug 1195815
- SUSE Bug 1196344
- SUSE Bug 1196717
- SUSE Bug 1196920
- SUSE Bug 1205061
Описание
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-Basic-On-Demand:samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-HPC-BYOS:samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Image SLES12-SP5-Azure-HPC-On-Demand:samba-libs-4.10.18+git.339.c912385a5e1-3.41.1
Ссылки
- CVE-2021-23192
- SUSE Bug 1192214