Hello community, here is the log from the commit of package patchinfo.4421 for openSUSE:13.1:Update checked in at 2015-12-24 12:14:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/patchinfo.4421 (Old) and /work/SRC/openSUSE:13.1:Update/.patchinfo.4421.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.4421" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="4421"> <issue id="939050" tracker="bnc">openSUSE comes with ldb 1.1.20 while 1.1.21 is available</issue> <issue id="939051" tracker="bnc">openSUSE comes with talloc 2.1.2 while 2.1.3 is available</issue> <issue id="949022" tracker="bnc">samba: winbind crash -> netlogon_creds_client_authenticator</issue> <issue id="951660" tracker="bnc">openSUSE comes with talloc 2.1.3 while 2.1.4 is available</issue> <issue id="958585" tracker="bnc">VUL-0: CVE-2015-8467: samba: Microsoft MS15-096 / CVE-2015-2535 needs matching fix in Samba</issue> <issue id="958584" tracker="bnc">VUL-0: CVE-2015-5296: samba: No man in the middle protection when forcing smb encryption on the client side</issue> <issue id="958586" tracker="bnc">VUL-0: CVE-2015-5330: samba: Remote read memory exploit in LDB</issue> <issue id="953382" tracker="bnc">samba+ssh: no failure message on login try if account is disabled in AD</issue> <issue id="958580" tracker="bnc">VUL-0: CVE-2015-7540: samba: Bogus LDAP request cause samba to use all the memory and be ookilled</issue> <issue id="958583" tracker="bnc">VUL-0: CVE-2015-5299: samba: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2)</issue> <issue id="958582" tracker="bnc">VUL-0: CVE-2015-5252: samba: Insufficient symlink verification (file access outside the share)</issue> <issue id="958581" tracker="bnc">VUL-0: CVE-2015-3223: samba: LDAP \00 search expression attack DoS in Samba 4.x</issue> <issue id="954658" tracker="bnc">ldb, talloc, tdb, and/ or tevent need to be updated</issue> <issue id="CVE-2015-8467" tracker="cve" /> <issue id="CVE-2015-5299" tracker="cve" /> <issue id="CVE-2015-7540" tracker="cve" /> <issue id="CVE-2015-5252" tracker="cve" /> <issue id="CVE-2015-3223" tracker="cve" /> <issue id="CVE-2015-5330" tracker="cve" /> <issue id="CVE-2015-5296" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>lmuelle</packager> <description> This update for ldb, samba, talloc, tdb, tevent fixes the following issues: ldb was updated to 1.1.24. + Fix ldap \00 search expression attack dos; cve-2015-3223; (bso#11325) + Fix remote read memory exploit in ldb; cve-2015-5330; (bso#11599) + Move ldb_(un)pack_data into ldb_module.h for testing + Fix installation of _ldb_text.py + Fix propagation of ldb errors through tdb + Fix bug triggered by having an empty message in database during search + Test improvements + Improved python bindings + Validate_ldb of string(generalized-time) does not accept millisecond format ".000Z"; (bso#9810) + Fix logic in ldb_val_to_time() + Allow to register extended match rules + Fixes for segfaults in pyldb + Documentation fixes + Build system improvements + Fix a typo in the comment, ldb_flags_mod_xxx -> ldb_flag_mod_xxx + Fix check for third_party + Make the successful ldb_transaction_start() message clearer + Ldb-samba: fix a memory leak in ldif_canonicalise_objectcategory() + Ldb-samba: move pyldb-utils dependency to python_samba__ldb + Build: improve detection of srcdir Samba was updated to 4.1.22. + Malicious request can cause samba ldap server to hang, spinning using cpu; CVE-2015-3223; (bso#11325); (boo#958581). + Remote read memory exploit in ldb; cve-2015-5330; (bso#11599); (boo#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (boo#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (boo#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (boo#958583). + Fix microsoft ms15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (boo#958585). + Fix remote dos in samba (ad) ldap server; cve-2015-7540; (bso#9187); (boo#958580). + Ensure attempt to ssh into locked account triggers "Your account is disabled....." to the console; (boo#953382). + Prevent null pointer access in samlogon fallback when security credentials are null; (boo#949022). talloc was updated to 2.1.5; (boo#954658). + Minor build fixes + Point ld_library_path to the just-built libraries while calling make test. + Disable rpath-install and silent-rules while configure. + Update to 2.1.4; (boo#951660). + Test that talloc magic differs between processes. + Increment minor version due to added talloc_test_get_magic. + Provide tests access to talloc_magic. + Test magic protection measures. + Update the samba library distribution key file 'talloc.keyring'; (bso#945116). + Update to 2.1.3; (boo#939051). + Improved python3 bindings + Documentation fixes regarding talloc_reference() and talloc_unlink() tdb was updated to version 1.3.8; (boo#954658). + Fix broken build with --disable-python + Minor build fixes + Disable rpath-install and silent-rules while configure. + Update the samba library distribution key file 'tdb.keyring'; (bso#945116). + Update to version 1.3.7. + First fix deadlock in the interaction between fcntl and mutex locking; (bso#11381) + Improved python3 bindings + Update to version 1.3.6. + Fix runtime detection for robust mutexes in the standalone build; (bso#11326). + Possible fix for the build with robust mutexes on solaris 11; (bso#11319). + Update to version 1.3.5. + Abi change: tdb_chainlock_read_nonblock() has been added, a nonblock variant of tdb_chainlock_read() + Do not build test binaries if it's not a standalone build + Fix cid 1034842 resource leak + Fix cid 1034841 resource leak + Don't let tdb_wrap_open() segfault with name==null + Update to version 1.3.4. + Toos: allow transactions with tdb_mutex_locking + Test: add tdb1-run-mutex-transaction1 test + Allow transactions on on tdb's with tdb_mutex_locking + Update to version 1.3.3. + Test: tdb_clear_if_first | tdb_mutex_locking, o_rdonly is a valid combination + Update to version 1.3.2. + Allow tdb_open_ex() with o_rdonly of tdb_feature_flag_mutex tdbs. + Fix a comment + Fix tdb_runtime_check_for_robust_mutexes() + Improve wording in a comment + Tdb.h needs bool type; obsoletes include_stdbool_bso10625.patch + Tdb_wrap: make mutexes easier to use + Tdb_wrap: only pull in samba-debug + Tdb_wrap: standalone compile without includes.h + Tdb_wrap: tdb_wrap.h doesn't need struct loadparm_context - Update to version 1.3.1. + Tools: fix a compiler warning + Defragment the freelist in tdb_allocate_from_freelist() + Add "freelist_size" sub-command to tdbtool + Use tdb_freelist_merge_adjacent in tdb_freelist_size() + Add tdb_freelist_merge_adjacent() + Add utility function check_merge_ptr_with_left_record() + Simplify tdb_free() using check_merge_with_left_record() + Add utility function check_merge_with_left_record() + Improve comments for tdb_free(). + Factor merge_with_left_record() out of tdb_free() + Fix debug message in tdb_free() + Reduce indentation in tdb_free() for merging left + Increase readability of read_record_on_left() + Factor read_record_on_left() out of tdb_free() + Build: improve detection of srcdir. tevent was update to version 0.9.26; (boo#954658). + New tevent_thread_proxy api + Minor build fixes + Update the samba library distribution key file 'tevent.keyring'; (bso#945116). + Update to 0.9.25. + Fix compile error in solaris ports backend. + Fix access after free in tevent_common_check_signal(); (bso#11308). + Improve pytevent bindings. + Testsuite fixes. + Improve the documentation of the tevent_add_fd() assumtions. it must be talloc_free'ed before closing the fd! (bso##11141); (bso#11316). + Update to 0.9.24. + Ignore unexpected signal events in the same way the epoll backend does. + Update to 0.9.23. + Update the tevent_data.dox tutrial stuff to fix some errors, including white space problems. + Use tevent_req_simple_recv_unix in a few places. + Update to 0.9.22. + Remove unused exit_code in tevent_select.c + Remove unused exit_code in tevent_poll.c + Build: improve detection of srcdir + Lib: tevent: make tevent_sig_increment atomic. + Update flags in tevent pkgconfig file + Utilize doxygen to generate the api documentation and package it. </description> <summary>Security update for samba, ldb, talloc, tdb, tevent</summary> </patchinfo>