Описание
Security update for samba
This update for samba fixes the following issues:
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284).
- CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214).
Список пакетов
SUSE Linux Enterprise High Availability Extension 15 SP2
ctdb-4.11.14+git.308.666c63d4eea-4.28.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
libdcerpc-binding0-4.11.14+git.308.666c63d4eea-4.28.1
libdcerpc-binding0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libdcerpc-devel-4.11.14+git.308.666c63d4eea-4.28.1
libdcerpc-samr-devel-4.11.14+git.308.666c63d4eea-4.28.1
libdcerpc-samr0-4.11.14+git.308.666c63d4eea-4.28.1
libdcerpc0-4.11.14+git.308.666c63d4eea-4.28.1
libdcerpc0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libndr-devel-4.11.14+git.308.666c63d4eea-4.28.1
libndr-krb5pac-devel-4.11.14+git.308.666c63d4eea-4.28.1
libndr-krb5pac0-4.11.14+git.308.666c63d4eea-4.28.1
libndr-krb5pac0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libndr-nbt-devel-4.11.14+git.308.666c63d4eea-4.28.1
libndr-nbt0-4.11.14+git.308.666c63d4eea-4.28.1
libndr-nbt0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libndr-standard-devel-4.11.14+git.308.666c63d4eea-4.28.1
libndr-standard0-4.11.14+git.308.666c63d4eea-4.28.1
libndr-standard0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libndr0-4.11.14+git.308.666c63d4eea-4.28.1
libndr0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libnetapi-devel-4.11.14+git.308.666c63d4eea-4.28.1
libnetapi0-4.11.14+git.308.666c63d4eea-4.28.1
libnetapi0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-credentials-devel-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-credentials0-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-credentials0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-errors-devel-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-errors0-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-errors0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-hostconfig-devel-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-hostconfig0-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-hostconfig0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-passdb-devel-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-passdb0-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-passdb0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-policy-devel-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-policy-python3-devel-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-policy0-python3-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-util-devel-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-util0-4.11.14+git.308.666c63d4eea-4.28.1
libsamba-util0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libsamdb-devel-4.11.14+git.308.666c63d4eea-4.28.1
libsamdb0-4.11.14+git.308.666c63d4eea-4.28.1
libsamdb0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libsmbclient-devel-4.11.14+git.308.666c63d4eea-4.28.1
libsmbclient0-4.11.14+git.308.666c63d4eea-4.28.1
libsmbconf-devel-4.11.14+git.308.666c63d4eea-4.28.1
libsmbconf0-4.11.14+git.308.666c63d4eea-4.28.1
libsmbconf0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libsmbldap-devel-4.11.14+git.308.666c63d4eea-4.28.1
libsmbldap2-4.11.14+git.308.666c63d4eea-4.28.1
libsmbldap2-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libtevent-util-devel-4.11.14+git.308.666c63d4eea-4.28.1
libtevent-util0-4.11.14+git.308.666c63d4eea-4.28.1
libtevent-util0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libwbclient-devel-4.11.14+git.308.666c63d4eea-4.28.1
libwbclient0-4.11.14+git.308.666c63d4eea-4.28.1
libwbclient0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
samba-4.11.14+git.308.666c63d4eea-4.28.1
samba-ceph-4.11.14+git.308.666c63d4eea-4.28.1
samba-client-4.11.14+git.308.666c63d4eea-4.28.1
samba-core-devel-4.11.14+git.308.666c63d4eea-4.28.1
samba-dsdb-modules-4.11.14+git.308.666c63d4eea-4.28.1
samba-libs-4.11.14+git.308.666c63d4eea-4.28.1
samba-libs-32bit-4.11.14+git.308.666c63d4eea-4.28.1
samba-libs-python3-4.11.14+git.308.666c63d4eea-4.28.1
samba-python3-4.11.14+git.308.666c63d4eea-4.28.1
samba-winbind-4.11.14+git.308.666c63d4eea-4.28.1
samba-winbind-32bit-4.11.14+git.308.666c63d4eea-4.28.1
SUSE Linux Enterprise Module for Python 2 15 SP2
samba-ad-dc-4.11.14+git.308.666c63d4eea-4.28.1
samba-dsdb-modules-4.11.14+git.308.666c63d4eea-4.28.1
Ссылки
- Link for SUSE-SU-2021:3650-1
- E-Mail link for SUSE-SU-2021:3650-1
- SUSE Security Ratings
- SUSE Bug 1014440
- SUSE Bug 1192214
- SUSE Bug 1192284
- SUSE CVE CVE-2016-2124 page
- SUSE CVE CVE-2020-25717 page
- SUSE CVE CVE-2021-23192 page
Описание
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15 SP2:ctdb-4.11.14+git.308.666c63d4eea-4.28.1
SUSE Linux Enterprise Module for Basesystem 15 SP2:libdcerpc-binding0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
SUSE Linux Enterprise Module for Basesystem 15 SP2:libdcerpc-binding0-4.11.14+git.308.666c63d4eea-4.28.1
SUSE Linux Enterprise Module for Basesystem 15 SP2:libdcerpc-devel-4.11.14+git.308.666c63d4eea-4.28.1
Ссылки
- CVE-2016-2124
- SUSE Bug 1014440
Описание
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15 SP2:ctdb-4.11.14+git.308.666c63d4eea-4.28.1
SUSE Linux Enterprise Module for Basesystem 15 SP2:libdcerpc-binding0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
SUSE Linux Enterprise Module for Basesystem 15 SP2:libdcerpc-binding0-4.11.14+git.308.666c63d4eea-4.28.1
SUSE Linux Enterprise Module for Basesystem 15 SP2:libdcerpc-devel-4.11.14+git.308.666c63d4eea-4.28.1
Ссылки
- CVE-2020-25717
- SUSE Bug 1192284
- SUSE Bug 1192505
- SUSE Bug 1192601
- SUSE Bug 1192849
- SUSE Bug 1193011
- SUSE Bug 1194049
- SUSE Bug 1194307
- SUSE Bug 1195815
- SUSE Bug 1196344
- SUSE Bug 1196717
- SUSE Bug 1196920
- SUSE Bug 1205061
Описание
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15 SP2:ctdb-4.11.14+git.308.666c63d4eea-4.28.1
SUSE Linux Enterprise Module for Basesystem 15 SP2:libdcerpc-binding0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
SUSE Linux Enterprise Module for Basesystem 15 SP2:libdcerpc-binding0-4.11.14+git.308.666c63d4eea-4.28.1
SUSE Linux Enterprise Module for Basesystem 15 SP2:libdcerpc-devel-4.11.14+git.308.666c63d4eea-4.28.1
Ссылки
- CVE-2021-23192
- SUSE Bug 1192214