Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.21699
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.21699
<patchinfo incident="21699"> <issue tracker="bnc" id="1014440">VUL-0: EMBARGOED: CVE-2016-2124: samba: don't fallback to non spnego authentication if we require kerberos</issue> <issue tracker="bnc" id="1192214">VUL-0: EMBARGOED: CVE-2021-23192: samba: dcerpc requests don't check all fragments against the first auth_state</issue> <issue tracker="bnc" id="1192215">VUL-0: EMBARGOED: CVE-2021-3738: samba: crash in dsdb stack</issue> <issue tracker="bnc" id="1192246">VUL-0: EMBARGOED: CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets to other servers</issue> <issue tracker="bnc" id="1192247">VUL-0: EMBARGOED: CVE-2020-25719: samba: AD DC Username based races when no PAC is given</issue> <issue tracker="bnc" id="1192283">VUL-0: EMBARGOED: CVE-2020-25722: samba: AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues)</issue> <issue tracker="bnc" id="1192284">VUL-0: EMBARGOED: CVE-2020-25717: samba: A user on the domain can become root on domain members</issue> <issue tracker="bnc" id="1192505">VUL-0: EMBARGOED: CVE-2020-25721: samba: Kerberos acceptors need easy access to stableAD identifiers (eg objectSid)</issue> <issue tracker="cve" id="2016-2124"/> <issue tracker="cve" id="2020-25717"/> <issue tracker="cve" id="2020-25718"/> <issue tracker="cve" id="2020-25719"/> <issue tracker="cve" id="2020-25721"/> <issue tracker="cve" id="2020-25722"/> <issue tracker="cve" id="2021-23192"/> <issue tracker="cve" id="2021-3738"/> <packager>npower</packager> <rating>important</rating> <category>security</category> <summary>Security update for samba and ldb</summary> <description>This update for samba and ldb fixes the following issues: - CVE-2020-25718: Fixed that an RODC can issue (forge) administrator tickets to other servers (bsc#1192246). - CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215). - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given (bsc#1192247). - CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues) (bsc#1192283). - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214). - CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values (bsc#1192505). Samba was updated to 4.13.13 * rodc_rwdc test flaps;(bso#14868). * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642). * Python ldb.msg_diff() memory handling failure;(bso#14836). * "in" operator on ldb.Message is case sensitive;(bso#14845). * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871). * Allow special chars like "@" in samAccountName when generating the salt;(bso#14874). * Fix transit path validation;(bso#12998). * Prepare to operate with MIT krb5 >= 1.20;(bso#14870). * rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645). * Python ldb.msg_diff() memory handling failure;(bso#14836). * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848). Samba was updated to 4.13.12: * Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806). * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Address flapping samba_tool_drs_showrepl test;(bso#14818). * Address flapping dsdb_schema_attributes test;(bso#14819). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Fix CTDB flag/status update race conditions(bso#14784). Samba was updated to 4.13.11: * smbd: panic on force-close share during offload write; (bso#14769). * Fix returned attributes on fake quota file handle and avoid hitting the VFS;(bso#14731). * smbd: "deadtime" parameter doesn't work anymore;(bso#14783). * net conf list crashes when run as normal user;(bso#14787). * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607). * Start the SMB encryption as soon as possible;(bso#14793). * Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792). ldb was updated to 2.2.2: + CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246); (bso#14558) + CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848) Release ldb 2.2.2 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message;(bso#14845). + Fix memory handling in ldb.msg_diff Corrected python docstrings;(bso#14836) + Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor