Security update for samba
Announcement ID: | SUSE-SU-2019:1040-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves one vulnerability and has five security fixes can now be installed.
Description:
This update for samba fixes the following issues:
Security issue fixed:
- CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060).
ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686):
- Out of bound read in ldb_wildcard_compare
- Hold at most 10 outstanding paged result cookies
- Put "results_store" into a doubly linked list
- Refuse to build Samba against a newer minor version of ldb
Non-security issues fixed:
- Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377).
- Abide to the load_printers parameter in smb.conf (bsc#1124223).
- Provide the 32bit samba winbind PAM module and its dependend 32bit libraries.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Basesystem Module 15
zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1040=1
-
Desktop Applications Module 15
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-1040=1
-
Development Tools Module 15
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1040=1
-
SUSE Package Hub 15
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-1040=1
-
SUSE Linux Enterprise High Availability Extension 15
zypper in -t patch SUSE-SLE-Product-HA-15-2019-1040=1
Package List:
-
Basesystem Module 15 (aarch64 ppc64le s390x x86_64)
- libsamba-errors0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libavahi-devel-0.6.32-5.5.3
- libavahi-ui0-0.6.32-5.5.8
- p11-kit-debugsource-0.23.2-4.2.1
- libtalloc2-debuginfo-2.1.11-3.5.3
- libdcerpc-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- talloc-debugsource-2.1.11-3.5.3
- libndr-krb5pac-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- libtasn1-6-debuginfo-4.13-4.2.1
- libavahi-common3-debuginfo-0.6.32-5.5.3
- libtevent0-0.9.36-4.10.3
- python-talloc-debuginfo-2.1.11-3.5.3
- libtevent-util0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- ldb-debugsource-1.2.4-3.12.1
- libndr-nbt-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- p11-kit-tools-debuginfo-0.23.2-4.2.1
- p11-kit-0.23.2-4.2.1
- libwbclient-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- samba-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- cups-devel-2.2.7-3.11.7
- python3-ldb-devel-1.2.4-3.12.1
- libtdb1-1.3.15-3.6.3
- python-talloc-devel-2.1.11-3.5.3
- gamin-devel-0.1.10-3.2.3
- libsamba-credentials0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libcups2-debuginfo-2.2.7-3.11.7
- libndr-krb5pac0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libdcerpc-binding0-4.7.11+git.153.b36ceaf2235-4.27.1
- libtasn1-4.13-4.2.1
- gnutls-3.6.2-6.5.4
- cups-debuginfo-2.2.7-3.11.7
- libavahi-ui-gtk3-0-0.6.32-5.5.8
- libnetapi0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libndr-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamba-hostconfig0-4.7.11+git.153.b36ceaf2235-4.27.1
- python-talloc-2.1.11-3.5.3
- tdb-debugsource-1.3.15-3.6.3
- libsmbldap2-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamba-passdb0-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamba-util0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libcupsimage2-debuginfo-2.2.7-3.11.7
- libtdb-devel-1.3.15-3.6.3
- libsmbconf0-4.7.11+git.153.b36ceaf2235-4.27.1
- p11-kit-nss-trust-0.23.2-4.2.1
- libsamba-util0-4.7.11+git.153.b36ceaf2235-4.27.1
- typelib-1_0-Avahi-0_6-0.6.32-5.5.8
- libsmbldap-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- libwbclient0-4.7.11+git.153.b36ceaf2235-4.27.1
- libnettle-debugsource-3.4.1-4.9.1
- libndr0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamba-credentials-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- libhogweed4-3.4.1-4.9.1
- cups-client-debuginfo-2.2.7-3.11.7
- libavahi-client3-debuginfo-0.6.32-5.5.3
- libgamin-1-0-debuginfo-0.1.10-3.2.3
- libtasn1-debugsource-4.13-4.2.1
- libtdb1-debuginfo-1.3.15-3.6.3
- tevent-man-0.9.36-4.10.3
- libavahi-ui0-debuginfo-0.6.32-5.5.8
- libavahi-ui-gtk3-0-debuginfo-0.6.32-5.5.8
- libsamba-policy0-4.7.11+git.153.b36ceaf2235-4.27.1
- libsmbclient0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libtasn1-6-4.13-4.2.1
- avahi-utils-0.6.32-5.5.3
- libgnutls30-3.6.2-6.5.4
- libndr-nbt0-4.7.11+git.153.b36ceaf2235-4.27.1
- libndr-krb5pac0-4.7.11+git.153.b36ceaf2235-4.27.1
- libsmbclient-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- libtevent-util-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- libndr-nbt0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- samba-client-4.7.11+git.153.b36ceaf2235-4.27.1
- libgnutlsxx-devel-3.6.2-6.5.4
- libsamba-policy-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- python3-ldb-debuginfo-1.2.4-3.12.1
- libndr-standard0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- samba-4.7.11+git.153.b36ceaf2235-4.27.1
- samba-winbind-4.7.11+git.153.b36ceaf2235-4.27.1
- cups-2.2.7-3.11.7
- cups-debugsource-2.2.7-3.11.7
- python3-talloc-debuginfo-2.1.11-3.5.3
- libnettle6-debuginfo-3.4.1-4.9.1
- avahi-debuginfo-0.6.32-5.5.3
- libavahi-core7-debuginfo-0.6.32-5.5.3
- libsamba-errors-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- libtasn1-devel-4.13-4.2.1
- libcupscgi1-2.2.7-3.11.7
- libsamdb0-4.7.11+git.153.b36ceaf2235-4.27.1
- libcupscgi1-debuginfo-2.2.7-3.11.7
- libdcerpc0-4.7.11+git.153.b36ceaf2235-4.27.1
- libavahi-glib1-debuginfo-0.6.32-5.5.8
- libsmbconf-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- libgnutlsxx28-3.6.2-6.5.4
- libcupsmime1-debuginfo-2.2.7-3.11.7
- libdcerpc-samr-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- libtasn1-debuginfo-4.13-4.2.1
- libdcerpc-samr0-4.7.11+git.153.b36ceaf2235-4.27.1
- libcupsmime1-2.2.7-3.11.7
- libtevent0-debuginfo-0.9.36-4.10.3
- libavahi-glib-devel-0.6.32-5.5.8
- libgnutls30-debuginfo-3.6.2-6.5.4
- cups-client-2.2.7-3.11.7
- libavahi-common3-0.6.32-5.5.3
- libdcerpc-samr0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- gamin-devel-debugsource-0.1.10-3.2.3
- libhogweed4-debuginfo-3.4.1-4.9.1
- libsamba-hostconfig0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libdcerpc-binding0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libtalloc-devel-2.1.11-3.5.3
- libtalloc2-2.1.11-3.5.3
- libgamin-1-0-0.1.10-3.2.3
- libsamba-errors0-4.7.11+git.153.b36ceaf2235-4.27.1
- libtevent-devel-0.9.36-4.10.3
- python-ldb-debuginfo-1.2.4-3.12.1
- avahi-0.6.32-5.5.3
- p11-kit-debuginfo-0.23.2-4.2.1
- libldb1-debuginfo-1.2.4-3.12.1
- libndr-standard-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- libnettle-devel-3.4.1-4.9.1
- talloc-man-2.1.11-3.5.3
- libldb1-1.2.4-3.12.1
- libfam0-gamin-0.1.10-3.2.3
- libsmbldap2-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libgnutls-devel-3.6.2-6.5.4
- python3-talloc-2.1.11-3.5.3
- libwbclient0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- samba-debugsource-4.7.11+git.153.b36ceaf2235-4.27.1
- p11-kit-devel-0.23.2-4.2.1
- libavahi-client3-0.6.32-5.5.3
- libldb-devel-1.2.4-3.12.1
- libp11-kit0-debuginfo-0.23.2-4.2.1
- gnutls-debugsource-3.6.2-6.5.4
- libdns_sd-debuginfo-0.6.32-5.5.3
- tdb-tools-1.3.15-3.6.3
- samba-core-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- libhowl0-0.6.32-5.5.3
- samba-libs-4.7.11+git.153.b36ceaf2235-4.27.1
- tevent-debugsource-0.9.36-4.10.3
- libndr-standard0-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamdb0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libnetapi0-4.7.11+git.153.b36ceaf2235-4.27.1
- python-ldb-1.2.4-3.12.1
- libsmbclient0-4.7.11+git.153.b36ceaf2235-4.27.1
- libp11-kit0-0.23.2-4.2.1
- tdb-tools-debuginfo-1.3.15-3.6.3
- libhowl0-debuginfo-0.6.32-5.5.3
- avahi-compat-mDNSResponder-devel-0.6.32-5.5.3
- libsmbconf0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- samba-winbind-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- avahi-debugsource-0.6.32-5.5.3
- gnutls-debuginfo-3.6.2-6.5.4
- libnetapi-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- avahi-utils-debuginfo-0.6.32-5.5.3
- libdcerpc0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- python-ldb-devel-1.2.4-3.12.1
- samba-libs-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libtevent-util0-4.7.11+git.153.b36ceaf2235-4.27.1
- libavahi-core7-0.6.32-5.5.3
- libavahi-gobject0-0.6.32-5.5.8
- libavahi-gobject0-debuginfo-0.6.32-5.5.8
- libfam0-gamin-debuginfo-0.1.10-3.2.3
- libsamba-credentials0-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamba-passdb0-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- python3-ldb-1.2.4-3.12.1
- libsamba-hostconfig-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- libcupsppdc1-2.2.7-3.11.7
- cups-config-2.2.7-3.11.7
- libcupsppdc1-debuginfo-2.2.7-3.11.7
- avahi-compat-howl-devel-0.6.32-5.5.3
- libgnutlsxx28-debuginfo-3.6.2-6.5.4
- libnettle6-3.4.1-4.9.1
- libcups2-2.2.7-3.11.7
- libsamba-util-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- libcupsimage2-2.2.7-3.11.7
- libndr0-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamba-passdb-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamdb-devel-4.7.11+git.153.b36ceaf2235-4.27.1
- p11-kit-tools-0.23.2-4.2.1
- libdns_sd-0.6.32-5.5.3
- python3-talloc-devel-2.1.11-3.5.3
- avahi-glib2-debugsource-0.6.32-5.5.8
- libavahi-glib1-0.6.32-5.5.8
- samba-client-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
-
Basesystem Module 15 (noarch)
- avahi-lang-0.6.32-5.5.3
-
Basesystem Module 15 (x86_64)
- libdcerpc-binding0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libavahi-common3-32bit-0.6.32-5.5.3
- libcups2-32bit-2.2.7-3.11.7
- libndr-krb5pac0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libnettle6-32bit-debuginfo-3.4.1-4.9.1
- libp11-kit0-32bit-debuginfo-0.23.2-4.2.1
- libsamba-util0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamba-passdb0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamba-errors0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamba-errors0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamdb0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libtevent0-32bit-0.9.36-4.10.3
- libtevent0-32bit-debuginfo-0.9.36-4.10.3
- libsmbconf0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libfam0-gamin-32bit-debuginfo-0.1.10-3.2.3
- libwbclient0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libndr0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libndr-standard0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libp11-kit0-32bit-0.23.2-4.2.1
- libsamba-credentials0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libhogweed4-32bit-3.4.1-4.9.1
- libtdb1-32bit-1.3.15-3.6.3
- samba-libs-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- samba-winbind-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libgnutls30-32bit-3.6.2-6.5.4
- libgnutls30-32bit-debuginfo-3.6.2-6.5.4
- libldb1-32bit-debuginfo-1.2.4-3.12.1
- libsmbldap2-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libtasn1-6-32bit-4.13-4.2.1
- libdcerpc0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libndr-nbt0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libavahi-client3-32bit-debuginfo-0.6.32-5.5.3
- libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamba-hostconfig0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- samba-winbind-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamba-util0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libndr0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libsmbclient0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libtevent-util0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libsmbclient0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libavahi-common3-32bit-debuginfo-0.6.32-5.5.3
- libndr-krb5pac0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libtalloc2-32bit-debuginfo-2.1.11-3.5.3
- libsamba-passdb0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libtasn1-6-32bit-debuginfo-4.13-4.2.1
- libnettle6-32bit-3.4.1-4.9.1
- samba-libs-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libndr-nbt0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libhogweed4-32bit-debuginfo-3.4.1-4.9.1
- libdcerpc-binding0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libavahi-client3-32bit-0.6.32-5.5.3
- libsmbldap2-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libsmbconf0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libtdb1-32bit-debuginfo-1.3.15-3.6.3
- libtevent-util0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- samba-client-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libndr-standard0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libtalloc2-32bit-2.1.11-3.5.3
- libdcerpc0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamba-credentials0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libsamdb0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libnetapi0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libnetapi0-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- samba-client-32bit-4.7.11+git.153.b36ceaf2235-4.27.1
- libldb1-32bit-1.2.4-3.12.1
- libfam0-gamin-32bit-0.1.10-3.2.3
- libwbclient0-32bit-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- libcups2-32bit-debuginfo-2.2.7-3.11.7
-
Desktop Applications Module 15 (aarch64 ppc64le s390x x86_64)
- avahi-autoipd-0.6.32-5.5.3
- avahi-debugsource-0.6.32-5.5.3
- libavahi-gobject-devel-0.6.32-5.5.8
- avahi-glib2-debugsource-0.6.32-5.5.8
- avahi-utils-gtk-debuginfo-0.6.32-5.5.8
- avahi-utils-gtk-0.6.32-5.5.8
- avahi-debuginfo-0.6.32-5.5.3
- avahi-autoipd-debuginfo-0.6.32-5.5.3
-
Desktop Applications Module 15 (x86_64)
- libp11-kit0-32bit-debuginfo-0.23.2-4.2.1
- libavahi-common3-32bit-0.6.32-5.5.3
- libcups2-32bit-2.2.7-3.11.7
- libnettle6-32bit-debuginfo-3.4.1-4.9.1
- p11-kit-debugsource-0.23.2-4.2.1
- libp11-kit0-32bit-0.23.2-4.2.1
- libhogweed4-32bit-3.4.1-4.9.1
- libgnutls30-32bit-3.6.2-6.5.4
- libgnutls30-32bit-debuginfo-3.6.2-6.5.4
- libnettle-debugsource-3.4.1-4.9.1
- libtasn1-6-32bit-4.13-4.2.1
- libavahi-client3-32bit-debuginfo-0.6.32-5.5.3
- libtasn1-debugsource-4.13-4.2.1
- libavahi-common3-32bit-debuginfo-0.6.32-5.5.3
- p11-kit-32bit-debuginfo-0.23.2-4.2.1
- libtasn1-6-32bit-debuginfo-4.13-4.2.1
- gnutls-debugsource-3.6.2-6.5.4
- libnettle6-32bit-3.4.1-4.9.1
- libavahi-client3-32bit-0.6.32-5.5.3
- libhogweed4-32bit-debuginfo-3.4.1-4.9.1
- cups-debugsource-2.2.7-3.11.7
- avahi-32bit-debuginfo-0.6.32-5.5.3
- libcups2-32bit-debuginfo-2.2.7-3.11.7
-
Development Tools Module 15 (aarch64 ppc64le s390x x86_64)
- cups-debugsource-2.2.7-3.11.7
- cups-ddk-2.2.7-3.11.7
- cups-debuginfo-2.2.7-3.11.7
- cups-ddk-debuginfo-2.2.7-3.11.7
-
SUSE Package Hub 15 (aarch64 ppc64le s390x x86_64)
- samba-python-4.7.11+git.153.b36ceaf2235-4.27.1
- samba-debugsource-4.7.11+git.153.b36ceaf2235-4.27.1
- avahi-debugsource-0.6.32-5.5.3
- samba-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- python-avahi-0.6.32-5.5.3
- avahi-debuginfo-0.6.32-5.5.3
-
SUSE Linux Enterprise High Availability Extension 15 (aarch64 ppc64le s390x x86_64)
- samba-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- ctdb-debuginfo-4.7.11+git.153.b36ceaf2235-4.27.1
- ctdb-4.7.11+git.153.b36ceaf2235-4.27.1
- samba-debugsource-4.7.11+git.153.b36ceaf2235-4.27.1
References:
- https://www.suse.com/security/cve/CVE-2019-3880.html
- https://bugzilla.suse.com/show_bug.cgi?id=1114407
- https://bugzilla.suse.com/show_bug.cgi?id=1124223
- https://bugzilla.suse.com/show_bug.cgi?id=1125410
- https://bugzilla.suse.com/show_bug.cgi?id=1126377
- https://bugzilla.suse.com/show_bug.cgi?id=1131060
- https://bugzilla.suse.com/show_bug.cgi?id=1131686