An update that fixes 8 vulnerabilities is now available.
Description:
This update for samba and ldb fixes the following issues:
- CVE-2020-25718: Fixed that an RODC can issue (forge) administrator
tickets to other servers (bsc#1192246).
- CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215).
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we
require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a
user could become root on domain members (bsc#1192284).
- CVE-2020-25719: Fixed AD DC Username based races when no PAC is given
(bsc#1192247).
- CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level
bug for AD DC validation issues) (bsc#1192283).
- CVE-2021-23192: Fixed dcerpc requests to don’t check all fragments
against the first auth_state (bsc#1192214).
- CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values
(bsc#1192505).
Samba was updated to 4.13.13
- rodc_rwdc test flaps;(bso#14868).
- Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).
- Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] ‘Bronze bit’
S4U2Proxy Constrained Delegation bypass in Samba with embedded
Heimdal;(bso#14642).
- Python ldb.msg_diff() memory handling failure;(bso#14836).
- “in” operator on ldb.Message is case sensitive;(bso#14845).
- Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871).
- Allow special chars like “@” in samAccountName when generating the
salt;(bso#14874).
- Fix transit path validation;(bso#12998).
- Prepare to operate with MIT krb5 >= 1.20;(bso#14870).
- rpcclient NetFileEnum and net rpc file both cause lock order violation:
brlock.tdb, share_entries.tdb;(bso#14645).
- Python ldb.msg_diff() memory handling failure;(bso#14836).
- Release LDB 2.3.1 for Samba 4.14.9;(bso#14848).
Samba was updated to 4.13.12:
- Address a signifcant performance regression in database access in the AD
DC since Samba 4.12;(bso#14806).
- Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba
4.9 by using an explicit database handle cache; (bso#14807).
- An unuthenticated user can crash the AD DC KDC by omitting the server
name in a TGS-REQ;(bso#14817).
- Address flapping samba_tool_drs_showrepl test;(bso#14818).
- Address flapping dsdb_schema_attributes test;(bso#14819).
- An unuthenticated user can crash the AD DC KDC by omitting the server
name in a TGS-REQ;(bso#14817).
- Fix CTDB flag/status update race conditions(bso#14784).
Samba was updated to 4.13.11:
- smbd: panic on force-close share during offload write; (bso#14769).
- Fix returned attributes on fake quota file handle and avoid hitting the
VFS;(bso#14731).
- smbd: “deadtime” parameter doesn’t work anymore;(bso#14783).
- net conf list crashes when run as normal user;(bso#14787).
- Work around special SMB2 READ response behavior of NetApp Ontap
7.3.7;(bso#14607).
- Start the SMB encryption as soon as possible;(bso#14793).
- Winbind should not start if the socket path for the privileged pipe is
too long;(bso#14792).
ldb was updated to 2.2.2:
- CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets
to other servers; (bsc#1192246); (bso#14558)
- CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848)
Release ldb 2.2.2
- Corrected python behaviour for ‘in’ for LDAP attributes contained as
part of ldb.Message;(bso#14845).
- Fix memory handling in ldb.msg_diff Corrected python
docstrings;(bso#14836)
- Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: