File _patchinfo of Package patchinfo.15667
<patchinfo incident="15667">
<issue tracker="cve" id="2020-10700"/>
<issue tracker="cve" id="2020-10760"/>
<issue tracker="cve" id="2020-10730"/>
<issue tracker="cve" id="2020-10745"/>
<issue tracker="cve" id="2020-10704"/>
<issue tracker="cve" id="2020-14303"/>
<issue tracker="bnc" id="1169850">VUL-0: CVE-2020-10700: samba: Use-after-free in AD DC LDAP server when ASQ and paged_results combined</issue>
<issue tracker="bnc" id="1172307">Missing 32-bit libnetapi development package</issue>
<issue tracker="bnc" id="1173160">VUL-0: CVE-2020-10745: samba: invalid DNS or NBT queries containing dots use several seconds of CPU each</issue>
<issue tracker="bnc" id="1169851">VUL-0: CVE-2020-10704: samba: Stack overflow in AD DC (C)LDAP server</issue>
<issue tracker="bnc" id="1173359">VUL-1: CVE-2020-14303: samba: Endless loop from empty UDP packet sent to AD DC nbt_server</issue>
<issue tracker="bnc" id="1173161">VUL-0: CVE-2020-10760: samba: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV</issue>
<issue tracker="bnc" id="1141320">Samba vfs_ceph_snapshots fails to find snapdir for relative paths at share root</issue>
<issue tracker="bnc" id="1169521">samba_winbind package is installing python3-base</issue>
<issue tracker="bnc" id="1169095">calling smbclient as user crashes on SP2</issue>
<issue tracker="bnc" id="1162680">[Build 134.1] openQA test fails in check_after_reboot</issue>
<issue tracker="bnc" id="1171437">Installing: samba-4.12.2+git.152.c5bf9f6da52-1.1.x86_6 - service does not exist and unit not found</issue>
<issue tracker="bnc" id="1173159">VUL-0: CVE-2020-10730: samba: NULL de-reference in AD DC LDAP server when ASQ and VLV combined</issue>
<issue tracker="bnc" id="1174120">net command unable to connect</issue>
<packager>npower</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for ldb, samba</summary>
<description>This update for ldb, samba fixes the following issues:
Changes in samba:
- Update to samba 4.11.11
+ CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
and VLV combined; (bso#14364); (bsc#1173159]
+ CVE-2020-10745: invalid DNS or NBT queries containing dots use
several seconds of CPU each; (bso#14378); (bsc#1173160).
+ CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP
server with paged_result or VLV; (bso#14402); (bsc#1173161)
+ CVE-2020-14303: Endless loop from empty UDP packet sent to
AD DC nbt_server; (bso#14417); (bsc#1173359).
- Update to samba 4.11.10
+ Fix segfault when using SMBC_opendir_ctx() routine for share
folder that contains incorrect symbols in any file name;
(bso#14374).
+ vfs_shadow_copy2 doesn't fail case looking in
snapdirseverywhere mode; (bso#14350)
+ ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr;
(bso#14413).
+ Malicous SMB1 server can crash libsmbclient; (bso#14366)
+ winbindd: Fix a use-after-free when winbind clients exit;
(bso#14382)
+ ldb: Bump version to 2.0.11, LMDB databases can grow without
bounds. (bso#14330)
- Update to samba 4.11.9
+ nmblib: Avoid undefined behaviour in handle_name_ptrs();
(bso#14242).
+ 'samba-tool group' commands do not handle group names with
special chars correctly; (bso#14296).
+ smbd: avoid calling vfs_file_id_from_sbuf() if statinfo
is not valid; (bso#14237).
+ Missing check for DMAPI offline status in async DOS
attributes; (bso#14293).
+ smbd: Ignore set NTACL requests which contain
S-1-5-88 NFS ACEs; (bso#14307).
+ vfs_recycle: Prevent flooding the log if we're called on
non-existant paths; (bso#14316)
+ smbd mistakenly updates a file's write-time on close;
(bso#14320).
+ RPC handles cannot be differentiated in source3 RPC server;
(bso#14359).
+ librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313).
+ nsswitch: Fix use-after-free causing segfault in
_pam_delete_cred; (bso#14327).
+ Fix fruit:time machine max size on arm; (bso#13622)
+ CTDB recovery corner cases can cause record resurrection
and node banning; (bso#14294).
+ ctdb: Fix a memleak; (bso#14348).
+ libsmb: Don't try to find posix stat info in SMBC_getatr().
+ ctdb-tcp: Move free of inbound queue to TCP restart;
(bso#14295); (bsc#1162680).
+ s3/librpc/crypto: Fix double free with unresolved
credential cache; (bso#14344); (bsc#1169095)
+ s3:libads: Fix ads_get_upn(); (bso#14336).
+ CTDB recovery corner cases can cause record resurrection
and node banning; (bso#14294)
+ Starting ctdb node that was powered off hard before
results in recovery loop; (bso#14295); (bsc#1162680).
+ ctdb-recoverd: Avoid dereferencing NULL rec->nodemap;
(bso#14324)
- Update to samba 4.11.8
+ CVE-2020-10700: Use-after-free in Samba AD DC LDAP
Server with ASQ; (bso#14331); (bsc#1169850);
+ CVE-2020-10704: LDAP Denial of Service (stack overflow)
in Samba AD DC; (bso#14334); (bsc#1169851);
- Update to samba 4.11.7
+ s3: lib: nmblib. Clean up and harden nmb packet
processing; (bso#14239).
+ s3: VFS: full_audit. Use system session_info if called
from a temporary share definition; (bso#14283)
+ dsdb: Correctly handle memory in objectclass_attrs;
(bso#14258).
+ ldb: version 2.0.9, Samba 4.11 and later give incorrect
results for SCOPE_ONE searches; (bso#14270)
+ auth: Fix CIDs 1458418 and 1458420 Null pointer
dereferences; (bso#14247).
+ smbd: Handle EINTR from open(2) properly; (bso#14285)
+ winbind member (source3) fails local SAM auth with empty
domain name; (bso#14247)
+ winbindd: Handling missing idmap in getgrgid(); (bso#14265).
+ lib:util: Log mkdir error on correct debug levels;
(bso#14253).
+ wafsamba: Do not use 'rU' as the 'U' is deprecated in
Python 3.9; (bso#14266).
+ ctdb-tcp: Make error handling for outbound connection
consistent; (bso#14274).
- Update to samba 4.11.6
+ pygpo: Use correct method flags; (bso#14209).
+ vfs_ceph_snapshots: Fix root relative path handling;
(bso#14216); (bsc#1141320).
+ Avoiding bad call flags with python 3.8, using METH_NOARGS
instead of zero; (bso#14209).
+ source4/utils/oLschema2ldif: Include stdint.h before
cmocka.h; (bso#14218).
+ docs-xml/winbindnssinfo: Clarify interaction with
idmap_ad etc; (bso#14122).
+ smbd: Fix the build with clang; (bso#14251).
+ upgradedns: Ensure lmdb lock files linked; (bso#14199).
+ s3: VFS: glusterfs: Reset nlinks for symlink entries during
readdir; (bso#14182).
+ smbc_stat() doesn't return the correct st_mode and also
the uid/gid is not filled (SMBv1) file; (bso#14101).
+ librpc: Fix string length checking in
ndr_pull_charset_to_null(); (bso#14219).
+ ctdb-scripts: Strip square brackets when gathering
connection info; (bso#14227).
- Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307);
- Installing: samba - samba-ad-dc.service does not exist and unit
not found; (bsc#1171437);
- Fix samba_winbind package is installing python3-base without
python3 package; (bsc#1169521);
Changes in ldb:
- Update to version 2.0.12
+ CVE-2020-10730: NULL de-reference in AD DC LDAP server
when ASQ and VLV combined; (bso#14364); (bsc#1173159).
+ ldb_ldap: fix off-by-one increment in lldb_add_msg_attr;
(bso#14413).
+ lib/ldb: add unit test for ldb_ldap internal code.
- Update to version 2.0.11
+ lib ldb: lmdb init var before calling mdb_reader_check.
+ lib ldb: lmdb clear stale readers on write txn start;
(bso#14330).
+ ldb tests: Confirm lmdb free list handling
</description>
</patchinfo>
