openSUSE Build Service

Security update for samba

This update for samba fixes the following issues:

- CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets
containing dots could potentially have consumed excessive CPU (bsc#1173160).
- CVE-2020-14303: Fixed an endless loop when receiving at AD DC empty UDP packets (bsc#1173359).
- CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159).
- CVE-2020-10760: Fixed a use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV (bsc#1173161).
- Added libnetapi-devel to baselibs conf, for wine usage (bsc#1172307).
- Fixed an installing issue where samba - samba-ad-dc.service did not exist and unit was not found (bsc#1171437).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Submitted by Noel Power (npower)

Fixed bugs

Installing: samba-4.12.2+git.152.c5bf9f6da52-1.1.x86_6 - service does not exist and unit not found

bnc#1172307

Missing 32-bit libnetapi development package

bnc#1173161

VUL-0: EMBARGOED: CVE-2020-10760: samba: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV

bnc#1173159

VUL-1: EMBARGOED: CVE-2020-10730: samba: NULL de-reference in AD DC LDAP server when ASQ and VLV combined

bnc#1173359

VUL-1: EMBARGOED: CVE-2020-14303: samba: Endless loop from empty UDP packet sent to AD DC nbt_server

bnc#1173160

VUL-0: EMBARGOED: CVE-2020-10745: samba: invalid DNS or NBT queries containing dots use several seconds of CPU each

Places

Fixed bugs

Selected Binaries

Places