Security update for samba

Announcement ID:	SUSE-SU-2021:0185-1
Rating:	moderate
References:	bsc#1173902 bsc#1173994 bsc#1177355 bsc#1177613 bsc#1178469
Cross-References:	CVE-2020-14318 CVE-2020-14323 CVE-2020-14383
CVSS scores:	CVE-2020-14318 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-14318 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-14323 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2020-14323 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-14383 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-14383 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Enterprise Storage 7 SUSE Linux Enterprise Server 15 SP2

An update that solves three vulnerabilities and has two security fixes can now be installed.

Description:

This update for samba fixes the following issues:

• Update to 4.13.3
• libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob; (bso#14210);
• s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function; (bso#14486);
• s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE(); (bso#14515);
• s3: spoolss: Make parameters in call to user_ok_token() match all other uses; (bso#14568);
• s3: smbd: Quiet log messages from usershares for an unknown share; (bso#14590);
• samba process does not honor max log size; (bso#14248);
• vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE; (bso#14587);
• s3-libads: Pass timeout to open_socket_out in ms; (bso#13124);
• s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486);
• smbclient: Fix recursive mget; (bso#14517);
• clitar: Use do_list()'s recursion in clitar.c; (bso#14581);
• manpages/vfs_glusterfs: Mention silent skipping of write-behind translator; (bso#14486);
• vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573);

• interface: Fix if_index is not parsed correctly; (bso#14514);

• Update to 4.13.2

• s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return; (bso#14486);
• RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471);
• smb.conf.5: Add clarification how configuration changes reflected by Samba; (bso#14538);
• daemons: Report status to systemd even when running in foreground; (bso#14552);
• DNS Resolver: Support both dnspython before and after 2.0.0; (bso#14553);
• s3-vfs_glusterfs: Refuse connection when write-behind xlator is present; (bso#14486);
• provision: Add support for BIND 9.16.x; (bso#14487);
• ctdb-common: Avoid aliasing errors during code optimization; (bso#14537);
• libndr: Avoid assigning duplicate versions to symbols; (bso#14541);
• docs: Fix default value of spoolss:architecture; (bso#14522);
• winbind: Fix a memleak; (bso#14388);
• s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531);
• docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs; (bso#14486);
• nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
• vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530);
• third_party: Update resolv_wrapper to version 1.1.7; (bso#14547);
• examples:auth: Do not install example plugin; (bso#14550);
• ctdb-recoverd: Drop unnecessary and broken code; (bso#14513);

• RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471);

• Adjust smbcacls '--propagate-inheritance' feature to align with upstream; (bsc#1178469).

• Update to samba 4.13.1

• CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records; (bsc#1177613); (bso#14472);
• CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994); (bso#14436);
• CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify; (bsc#1173902); (bso#14434);
• Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba; (bsc#1177355);

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Enterprise Storage 7
  zypper in -t patch SUSE-Storage-7-2021-185=1

Package List:

• SUSE Enterprise Storage 7 (aarch64 x86_64)
  • libdcerpc0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • samba-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsmbconf0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • samba-winbind-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • samba-debugsource-4.13.3+git.181.fc4672a5b81-3.3.1
  • libnetapi0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libndr-standard0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsamba-passdb0-4.13.3+git.181.fc4672a5b81-3.3.1
  • libndr-krb5pac0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsmbconf0-4.13.3+git.181.fc4672a5b81-3.3.1
  • libnetapi0-4.13.3+git.181.fc4672a5b81-3.3.1
  • libtevent-util0-4.13.3+git.181.fc4672a5b81-3.3.1
  • samba-libs-python3-4.13.3+git.181.fc4672a5b81-3.3.1
  • samba-client-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libtevent-util0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsamba-hostconfig0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsmbldap2-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libdcerpc-binding0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsmbldap2-4.13.3+git.181.fc4672a5b81-3.3.1
  • libndr1-4.13.3+git.181.fc4672a5b81-3.3.1
  • samba-libs-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsamba-passdb0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsmbclient0-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsamdb0-4.13.3+git.181.fc4672a5b81-3.3.1
  • samba-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libwbclient0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsamdb0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • samba-ceph-4.13.3+git.181.fc4672a5b81-3.3.1
  • samba-winbind-4.13.3+git.181.fc4672a5b81-3.3.1
  • libndr-krb5pac0-4.13.3+git.181.fc4672a5b81-3.3.1
  • samba-client-4.13.3+git.181.fc4672a5b81-3.3.1
  • samba-libs-python3-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsamba-credentials0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • ctdb-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsamba-errors0-4.13.3+git.181.fc4672a5b81-3.3.1
  • samba-libs-4.13.3+git.181.fc4672a5b81-3.3.1
  • libdcerpc-binding0-4.13.3+git.181.fc4672a5b81-3.3.1
  • ctdb-4.13.3+git.181.fc4672a5b81-3.3.1
  • libndr1-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libndr-standard0-4.13.3+git.181.fc4672a5b81-3.3.1
  • libdcerpc0-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsamba-credentials0-4.13.3+git.181.fc4672a5b81-3.3.1
  • libwbclient0-4.13.3+git.181.fc4672a5b81-3.3.1
  • samba-ceph-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libndr-nbt0-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsamba-hostconfig0-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsamba-util0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsamba-util0-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsamba-errors0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libndr-nbt0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1
  • libsmbclient0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1

References:

• https://www.suse.com/security/cve/CVE-2020-14318.html
• https://www.suse.com/security/cve/CVE-2020-14323.html
• https://www.suse.com/security/cve/CVE-2020-14383.html
• https://bugzilla.suse.com/show_bug.cgi?id=1173902
• https://bugzilla.suse.com/show_bug.cgi?id=1173994
• https://bugzilla.suse.com/show_bug.cgi?id=1177355
• https://bugzilla.suse.com/show_bug.cgi?id=1177613
• https://bugzilla.suse.com/show_bug.cgi?id=1178469