Security update for samba
This update for samba fixes the following issues:
- CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574).
- CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677).
- CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572).
- Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156).
- s3-libads: use dns name to open a ldap session (bsc#1184310).
- Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
-
Submitted by
Noel Power (npower)
Fixed bugs
bnc#1178469
smbcacls --propagate-inheritance update
bnc#1183572
VUL-0: CVE-2020-27840: ldb: Unauthenticated remote heap corruption via bad DNs
bnc#1179156
smbd crash with Bad talloc magic value - access after free
bnc#1183574
VUL-0: CVE-2021-20277: ldb: out of bounds read in ldb_handler_fold
bnc#1184677
VUL-0: EMBARGOED: CVE-2021-20254: samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token
bnc#1184310
L3: StartTLS certificate verification broken in ldap ssl ads
