openSUSE Security Update: Security update for ldb, samba, talloc, tdb, tevent ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:2354-1 Rating: important References: #949022 #951660 #954658 #958581 #958582 #958583 #958584 #958585 #958586 Cross-References: CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-8467 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has three fixes is now available. Description: This update for ldb, samba, talloc, tdb, tevent fixes the following security issues and bugs: The Samba LDB was updated to version 1.1.24: - Fix ldap \00 search expression attack dos; CVE-2015-3223; (bso#11325) - Fix remote read memory exploit in ldb; CVE-2015-5330; (bso#11599) - Move ldb_(un)pack_data into ldb_module.h for testing - Fix installation of _ldb_text.py - Fix propagation of ldb errors through tdb - Fix bug triggered by having an empty message in database during search Samba was updated to fix these issues: - Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). - Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). - Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). - No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). - Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). - Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585). - Changing log level of two entries to from 1 to 3; (bso#9912). - vfs_gpfs: Re-enable share modes; (bso#11243). - wafsamba: Also build libraries with RELRO protection; (bso#11346). - ctdb: Strip trailing spaces from nodes file; (bso#11365). - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero; (bso#11452). - nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563). - async_req: Fix non-blocking connect(); (bso#11564). - auth: gensec: Fix a memory leak; (bso#11565). - lib: util: Make non-critical message a warning; (bso#11566). - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). - ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). - manpage: Correct small typo error; (bso#11584). - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them; (bso#11589). - Backport some valgrind fixes from upstream master; (bso#11597). - s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). - docs: Fix some typos in the idmap config section of man 5 smb.conf; (bso#11619). - Cleanup and enhance the pidl sub package. - s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). - smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). - kerberos: Make sure we only use prompter type when available; (bso#11038). - s3:ctdbd_conn: Make sure we destroy tevent_fd before closing the socket; (bso#11316). - dcerpc.idl: accept invalid dcerpc_bind_nak pdus; (bso#11327). - Fix a deadlock in tdb; (bso#11381). - s3: smbd: Fix mkdir race condition; (bso#11486). - pam_winbind: Fix a segfault if initialization fails; (bso#11502). - s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). - s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). - net: Fix a crash with 'net ads keytab create'; (bso#11528). - s3: smbd: Fix a crash in unix_convert() and a NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). - vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). - vfs_commit: Set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). - Fix bug in smbstatus where the lease info is not printed; (bso#11549). - s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). - Prevent null pointer access in samlogon fallback when security credentials are null; (bnc#949022). - Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038). talloc was updated to version 2.1.5; (bsc#954658) (bsc#951660). - Test that talloc magic differs between processes. - Increment minor version due to added talloc_test_get_magic. - Provide tests access to talloc_magic. - Test magic protection measures. tdb was updated to version 1.3.8; (bsc#954658). - Improved python3 bindings tevent was updated to 0.9.26; (bsc#954658). - New tevent_thread_proxy api - Minor build fixes This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2015-943=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): ldb-debugsource-1.1.24-7.1 ldb-tools-1.1.24-7.1 ldb-tools-debuginfo-1.1.24-7.1 libdcerpc-atsvc-devel-4.2.4-9.2 libdcerpc-atsvc0-4.2.4-9.2 libdcerpc-atsvc0-debuginfo-4.2.4-9.2 libdcerpc-binding0-4.2.4-9.2 libdcerpc-binding0-debuginfo-4.2.4-9.2 libdcerpc-devel-4.2.4-9.2 libdcerpc-samr-devel-4.2.4-9.2 libdcerpc-samr0-4.2.4-9.2 libdcerpc-samr0-debuginfo-4.2.4-9.2 libdcerpc0-4.2.4-9.2 libdcerpc0-debuginfo-4.2.4-9.2 libgensec-devel-4.2.4-9.2 libgensec0-4.2.4-9.2 libgensec0-debuginfo-4.2.4-9.2 libldb-devel-1.1.24-7.1 libldb1-1.1.24-7.1 libldb1-debuginfo-1.1.24-7.1 libndr-devel-4.2.4-9.2 libndr-krb5pac-devel-4.2.4-9.2 libndr-krb5pac0-4.2.4-9.2 libndr-krb5pac0-debuginfo-4.2.4-9.2 libndr-nbt-devel-4.2.4-9.2 libndr-nbt0-4.2.4-9.2 libndr-nbt0-debuginfo-4.2.4-9.2 libndr-standard-devel-4.2.4-9.2 libndr-standard0-4.2.4-9.2 libndr-standard0-debuginfo-4.2.4-9.2 libndr0-4.2.4-9.2 libndr0-debuginfo-4.2.4-9.2 libnetapi-devel-4.2.4-9.2 libnetapi0-4.2.4-9.2 libnetapi0-debuginfo-4.2.4-9.2 libregistry-devel-4.2.4-9.2 libregistry0-4.2.4-9.2 libregistry0-debuginfo-4.2.4-9.2 libsamba-credentials-devel-4.2.4-9.2 libsamba-credentials0-4.2.4-9.2 libsamba-credentials0-debuginfo-4.2.4-9.2 libsamba-hostconfig-devel-4.2.4-9.2 libsamba-hostconfig0-4.2.4-9.2 libsamba-hostconfig0-debuginfo-4.2.4-9.2 libsamba-passdb-devel-4.2.4-9.2 libsamba-passdb0-4.2.4-9.2 libsamba-passdb0-debuginfo-4.2.4-9.2 libsamba-policy-devel-4.2.4-9.2 libsamba-policy0-4.2.4-9.2 libsamba-policy0-debuginfo-4.2.4-9.2 libsamba-util-devel-4.2.4-9.2 libsamba-util0-4.2.4-9.2 libsamba-util0-debuginfo-4.2.4-9.2 libsamdb-devel-4.2.4-9.2 libsamdb0-4.2.4-9.2 libsamdb0-debuginfo-4.2.4-9.2 libsmbclient-devel-4.2.4-9.2 libsmbclient-raw-devel-4.2.4-9.2 libsmbclient-raw0-4.2.4-9.2 libsmbclient-raw0-debuginfo-4.2.4-9.2 libsmbclient0-4.2.4-9.2 libsmbclient0-debuginfo-4.2.4-9.2 libsmbconf-devel-4.2.4-9.2 libsmbconf0-4.2.4-9.2 libsmbconf0-debuginfo-4.2.4-9.2 libsmbldap-devel-4.2.4-9.2 libsmbldap0-4.2.4-9.2 libsmbldap0-debuginfo-4.2.4-9.2 libtalloc-devel-2.1.5-7.1 libtalloc2-2.1.5-7.1 libtalloc2-debuginfo-2.1.5-7.1 libtdb-devel-1.3.8-7.1 libtdb1-1.3.8-7.1 libtdb1-debuginfo-1.3.8-7.1 libtevent-devel-0.9.26-7.1 libtevent-util-devel-4.2.4-9.2 libtevent-util0-4.2.4-9.2 libtevent-util0-debuginfo-4.2.4-9.2 libtevent0-0.9.26-7.1 libtevent0-debuginfo-0.9.26-7.1 libwbclient-devel-4.2.4-9.2 libwbclient0-4.2.4-9.2 libwbclient0-debuginfo-4.2.4-9.2 pyldb-1.1.24-7.1 pyldb-debuginfo-1.1.24-7.1 pyldb-devel-1.1.24-7.1 pytalloc-2.1.5-7.1 pytalloc-debuginfo-2.1.5-7.1 pytalloc-devel-2.1.5-7.1 python-tdb-1.3.8-7.1 python-tdb-debuginfo-1.3.8-7.1 python-tevent-0.9.26-7.1 python-tevent-debuginfo-0.9.26-7.1 samba-4.2.4-9.2 samba-client-4.2.4-9.2 samba-client-debuginfo-4.2.4-9.2 samba-core-devel-4.2.4-9.2 samba-debuginfo-4.2.4-9.2 samba-debugsource-4.2.4-9.2 samba-libs-4.2.4-9.2 samba-libs-debuginfo-4.2.4-9.2 samba-pidl-4.2.4-9.2 samba-python-4.2.4-9.2 samba-python-debuginfo-4.2.4-9.2 samba-test-4.2.4-9.2 samba-test-debuginfo-4.2.4-9.2 samba-test-devel-4.2.4-9.2 samba-winbind-4.2.4-9.2 samba-winbind-debuginfo-4.2.4-9.2 talloc-debugsource-2.1.5-7.1 tdb-debugsource-1.3.8-7.1 tdb-tools-1.3.8-7.1 tdb-tools-debuginfo-1.3.8-7.1 tevent-debugsource-0.9.26-7.1 - openSUSE Leap 42.1 (x86_64): libdcerpc-atsvc0-32bit-4.2.4-9.2 libdcerpc-atsvc0-debuginfo-32bit-4.2.4-9.2 libdcerpc-binding0-32bit-4.2.4-9.2 libdcerpc-binding0-debuginfo-32bit-4.2.4-9.2 libdcerpc-samr0-32bit-4.2.4-9.2 libdcerpc-samr0-debuginfo-32bit-4.2.4-9.2 libdcerpc0-32bit-4.2.4-9.2 libdcerpc0-debuginfo-32bit-4.2.4-9.2 libgensec0-32bit-4.2.4-9.2 libgensec0-debuginfo-32bit-4.2.4-9.2 libldb1-32bit-1.1.24-7.1 libldb1-debuginfo-32bit-1.1.24-7.1 libndr-krb5pac0-32bit-4.2.4-9.2 libndr-krb5pac0-debuginfo-32bit-4.2.4-9.2 libndr-nbt0-32bit-4.2.4-9.2 libndr-nbt0-debuginfo-32bit-4.2.4-9.2 libndr-standard0-32bit-4.2.4-9.2 libndr-standard0-debuginfo-32bit-4.2.4-9.2 libndr0-32bit-4.2.4-9.2 libndr0-debuginfo-32bit-4.2.4-9.2 libnetapi0-32bit-4.2.4-9.2 libnetapi0-debuginfo-32bit-4.2.4-9.2 libregistry0-32bit-4.2.4-9.2 libregistry0-debuginfo-32bit-4.2.4-9.2 libsamba-credentials0-32bit-4.2.4-9.2 libsamba-credentials0-debuginfo-32bit-4.2.4-9.2 libsamba-hostconfig0-32bit-4.2.4-9.2 libsamba-hostconfig0-debuginfo-32bit-4.2.4-9.2 libsamba-passdb0-32bit-4.2.4-9.2 libsamba-passdb0-debuginfo-32bit-4.2.4-9.2 libsamba-policy0-32bit-4.2.4-9.2 libsamba-policy0-debuginfo-32bit-4.2.4-9.2 libsamba-util0-32bit-4.2.4-9.2 libsamba-util0-debuginfo-32bit-4.2.4-9.2 libsamdb0-32bit-4.2.4-9.2 libsamdb0-debuginfo-32bit-4.2.4-9.2 libsmbclient-raw0-32bit-4.2.4-9.2 libsmbclient-raw0-debuginfo-32bit-4.2.4-9.2 libsmbclient0-32bit-4.2.4-9.2 libsmbclient0-debuginfo-32bit-4.2.4-9.2 libsmbconf0-32bit-4.2.4-9.2 libsmbconf0-debuginfo-32bit-4.2.4-9.2 libsmbldap0-32bit-4.2.4-9.2 libsmbldap0-debuginfo-32bit-4.2.4-9.2 libtalloc2-32bit-2.1.5-7.1 libtalloc2-debuginfo-32bit-2.1.5-7.1 libtdb1-32bit-1.3.8-7.1 libtdb1-debuginfo-32bit-1.3.8-7.1 libtevent-util0-32bit-4.2.4-9.2 libtevent-util0-debuginfo-32bit-4.2.4-9.2 libtevent0-32bit-0.9.26-7.1 libtevent0-debuginfo-32bit-0.9.26-7.1 libwbclient0-32bit-4.2.4-9.2 libwbclient0-debuginfo-32bit-4.2.4-9.2 pyldb-32bit-1.1.24-7.1 pyldb-debuginfo-32bit-1.1.24-7.1 pytalloc-32bit-2.1.5-7.1 pytalloc-debuginfo-32bit-2.1.5-7.1 python-tdb-32bit-1.3.8-7.1 python-tdb-debuginfo-32bit-1.3.8-7.1 python-tevent-32bit-0.9.26-7.1 python-tevent-debuginfo-32bit-0.9.26-7.1 samba-32bit-4.2.4-9.2 samba-client-32bit-4.2.4-9.2 samba-client-debuginfo-32bit-4.2.4-9.2 samba-debuginfo-32bit-4.2.4-9.2 samba-libs-32bit-4.2.4-9.2 samba-libs-debuginfo-32bit-4.2.4-9.2 samba-winbind-32bit-4.2.4-9.2 samba-winbind-debuginfo-32bit-4.2.4-9.2 - openSUSE Leap 42.1 (noarch): samba-doc-4.2.4-9.2 References: https://www.suse.com/security/cve/CVE-2015-3223.html https://www.suse.com/security/cve/CVE-2015-5252.html https://www.suse.com/security/cve/CVE-2015-5296.html https://www.suse.com/security/cve/CVE-2015-5299.html https://www.suse.com/security/cve/CVE-2015-5330.html https://www.suse.com/security/cve/CVE-2015-8467.html https://bugzilla.suse.com/949022 https://bugzilla.suse.com/951660 https://bugzilla.suse.com/954658 https://bugzilla.suse.com/958581 https://bugzilla.suse.com/958582 https://bugzilla.suse.com/958583 https://bugzilla.suse.com/958584 https://bugzilla.suse.com/958585 https://bugzilla.suse.com/958586 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org