Описание
Security update for samba
This update for samba fixes the following issues:
Security issues fixed:
- CVE-2019-14907: Fixed a Server-side crash after charset conversion failure during NTLMSSP processing (bsc#1160888).
- CVE-2019-14902: Fixed an issue where automatic replication of ACLs down subtree on AD Directory is not working (bsc#1160850).
- CVE-2019-19344: Fixed a server crash when using dns zone scavenging = yes (bsc#1160852).
Non-security issue fixed:
- Fixed Ceph snapshot path handling relative to root (bsc#1141320).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Список пакетов
openSUSE Leap 15.1
ctdb-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
ctdb-pcp-pmda-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
ctdb-tests-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libdcerpc-binding0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libdcerpc-binding0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libdcerpc-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libdcerpc-samr-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libdcerpc-samr0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libdcerpc-samr0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libdcerpc0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libdcerpc0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libndr-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libndr-krb5pac-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libndr-krb5pac0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libndr-krb5pac0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libndr-nbt-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libndr-nbt0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libndr-nbt0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libndr-standard-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libndr-standard0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libndr-standard0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libndr0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libndr0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libnetapi-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libnetapi0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libnetapi0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-credentials-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-credentials0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-credentials0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-errors-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-errors0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-errors0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-hostconfig-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-hostconfig0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-hostconfig0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-passdb-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-passdb0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-passdb0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-policy-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-policy-python-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-policy-python3-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-policy0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-policy0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-policy0-python3-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-policy0-python3-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-util-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-util0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamba-util0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamdb-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamdb0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsamdb0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsmbclient-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsmbclient0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsmbclient0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsmbconf-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsmbconf0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsmbconf0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsmbldap-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsmbldap2-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libsmbldap2-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libtevent-util-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libtevent-util0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libtevent-util0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libwbclient-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libwbclient0-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
libwbclient0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-ad-dc-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-ad-dc-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-ceph-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-client-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-client-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-core-devel-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-doc-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-dsdb-modules-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-libs-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-libs-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-libs-python-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-libs-python-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-libs-python3-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-libs-python3-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-pidl-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-python-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-python3-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-test-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-winbind-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
samba-winbind-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0122-1
- SUSE Security Ratings
- SUSE Bug 1141320
- SUSE Bug 1160850
- SUSE Bug 1160852
- SUSE Bug 1160888
- SUSE CVE CVE-2019-14902 page
- SUSE CVE CVE-2019-14907 page
- SUSE CVE CVE-2019-19344 page
Описание
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.
Затронутые продукты
openSUSE Leap 15.1:ctdb-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
openSUSE Leap 15.1:ctdb-pcp-pmda-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
openSUSE Leap 15.1:ctdb-tests-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
openSUSE Leap 15.1:libdcerpc-binding0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
Ссылки
- CVE-2019-14902
- SUSE Bug 1160850
Описание
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
Затронутые продукты
openSUSE Leap 15.1:ctdb-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
openSUSE Leap 15.1:ctdb-pcp-pmda-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
openSUSE Leap 15.1:ctdb-tests-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
openSUSE Leap 15.1:libdcerpc-binding0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
Ссылки
- CVE-2019-14907
- SUSE Bug 1160888
Описание
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
Затронутые продукты
openSUSE Leap 15.1:ctdb-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
openSUSE Leap 15.1:ctdb-pcp-pmda-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
openSUSE Leap 15.1:ctdb-tests-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
openSUSE Leap 15.1:libdcerpc-binding0-32bit-4.9.5+git.243.e76c5cb3d97-lp151.2.15.1
Ссылки
- CVE-2019-19344
- SUSE Bug 1160852