Security update for ldb, samba

Announcement ID:	SUSE-SU-2020:1948-1
Rating:	important
References:	bsc#1141320 bsc#1162680 bsc#1169095 bsc#1169521 bsc#1169850 bsc#1169851 bsc#1171437 bsc#1172307 bsc#1173159 bsc#1173160 bsc#1173161 bsc#1173359 bsc#1174120
Cross-References:	CVE-2020-10700 CVE-2020-10704 CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303
CVSS scores:	CVE-2020-10700 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10700 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-10704 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-10704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-10730 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10730 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10745 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-10745 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-10760 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10760 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-14303 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-14303 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15-SP2 Python 2 Module 15-SP2 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

An update that solves six vulnerabilities and has seven security fixes can now be installed.

Description:

This update for ldb, samba fixes the following issues:

Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227).

• Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307);

• Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437);

• Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521);

Changes in ldb: - Update to version 2.0.12 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159). + ldb_ldap: fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + lib/ldb: add unit test for ldb_ldap internal code. - Update to version 2.0.11 + lib ldb: lmdb init var before calling mdb_reader_check. + lib ldb: lmdb clear stale readers on write txn start; (bso#14330). + ldb tests: Confirm lmdb free list handling

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Basesystem Module 15-SP2
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1948=1
• Python 2 Module 15-SP2
  zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1948=1
• SUSE Linux Enterprise High Availability Extension 15 SP2
  zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-1948=1

Package List:

• Basesystem Module 15-SP2 (aarch64 ppc64le s390x x86_64)
  • libdcerpc-binding0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • python3-ldb-devel-2.0.12-3.3.1
  • libsamba-errors0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libnetapi-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-errors0-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-core-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-libs-python3-4.11.11+git.180.2cf3b203f07-4.5.1
  • libtevent-util-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libldb-devel-2.0.12-3.3.1
  • samba-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-hostconfig0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr-standard0-4.11.11+git.180.2cf3b203f07-4.5.1
  • libdcerpc-binding0-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr-standard0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-policy0-python3-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamdb0-4.11.11+git.180.2cf3b203f07-4.5.1
  • libdcerpc-samr-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • ldb-tools-debuginfo-2.0.12-3.3.1
  • ldb-debugsource-2.0.12-3.3.1
  • libsamba-credentials-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr-nbt0-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsmbldap-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-winbind-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamdb-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-policy0-python3-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-util-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsmbclient0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsmbldap2-4.11.11+git.180.2cf3b203f07-4.5.1
  • libdcerpc-samr0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • python3-ldb-debuginfo-2.0.12-3.3.1
  • libsmbconf0-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr-nbt0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-winbind-4.11.11+git.180.2cf3b203f07-4.5.1
  • libwbclient0-4.11.11+git.180.2cf3b203f07-4.5.1
  • libdcerpc0-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-python3-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr-krb5pac0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libtevent-util0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-policy-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libwbclient-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libdcerpc-samr0-4.11.11+git.180.2cf3b203f07-4.5.1
  • libnetapi0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-policy-python3-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-hostconfig-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr-krb5pac0-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr-nbt-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-debugsource-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-hostconfig0-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-client-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • ldb-tools-2.0.12-3.3.1
  • libndr-krb5pac-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-passdb0-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsmbclient0-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsmbldap2-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-credentials0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-credentials0-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamdb0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsmbclient-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • python3-ldb-2.0.12-3.3.1
  • samba-libs-python3-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libtevent-util0-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-util0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-client-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-python3-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsmbconf-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libdcerpc0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-passdb0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libnetapi0-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-errors-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libdcerpc-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libldb2-2.0.12-3.3.1
  • libndr-standard-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-passdb-devel-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr0-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-libs-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-libs-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libldb2-debuginfo-2.0.12-3.3.1
  • libsamba-util0-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsmbconf0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libwbclient0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
• Basesystem Module 15-SP2 (aarch64 x86_64)
  • samba-ceph-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-ceph-4.11.11+git.180.2cf3b203f07-4.5.1
• Basesystem Module 15-SP2 (x86_64)
  • libsamba-hostconfig0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-passdb0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr-nbt0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libwbclient0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libnetapi0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-util0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-credentials0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsmbldap2-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsmbconf0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr-krb5pac0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr-nbt0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-errors0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libwbclient0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr-standard0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-credentials0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamdb0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-passdb0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-libs-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-winbind-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libdcerpc0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libnetapi0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsmbconf0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsmbldap2-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamdb0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libtevent-util0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-winbind-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr-krb5pac0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-errors0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-hostconfig0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libldb2-32bit-2.0.12-3.3.1
  • libndr-standard0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • libdcerpc0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libldb2-32bit-debuginfo-2.0.12-3.3.1
  • libtevent-util0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libdcerpc-binding0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libsamba-util0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-libs-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libndr0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • libdcerpc-binding0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1
• Python 2 Module 15-SP2 (aarch64 ppc64le s390x x86_64)
  • samba-ad-dc-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-dsdb-modules-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-ad-dc-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-dsdb-modules-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-debugsource-4.11.11+git.180.2cf3b203f07-4.5.1
• SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64)
  • ctdb-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1
  • ctdb-4.11.11+git.180.2cf3b203f07-4.5.1
  • samba-debugsource-4.11.11+git.180.2cf3b203f07-4.5.1

References:

• https://www.suse.com/security/cve/CVE-2020-10700.html
• https://www.suse.com/security/cve/CVE-2020-10704.html
• https://www.suse.com/security/cve/CVE-2020-10730.html
• https://www.suse.com/security/cve/CVE-2020-10745.html
• https://www.suse.com/security/cve/CVE-2020-10760.html
• https://www.suse.com/security/cve/CVE-2020-14303.html
• https://bugzilla.suse.com/show_bug.cgi?id=1141320
• https://bugzilla.suse.com/show_bug.cgi?id=1162680
• https://bugzilla.suse.com/show_bug.cgi?id=1169095
• https://bugzilla.suse.com/show_bug.cgi?id=1169521
• https://bugzilla.suse.com/show_bug.cgi?id=1169850
• https://bugzilla.suse.com/show_bug.cgi?id=1169851
• https://bugzilla.suse.com/show_bug.cgi?id=1171437
• https://bugzilla.suse.com/show_bug.cgi?id=1172307
• https://bugzilla.suse.com/show_bug.cgi?id=1173159
• https://bugzilla.suse.com/show_bug.cgi?id=1173160
• https://bugzilla.suse.com/show_bug.cgi?id=1173161
• https://bugzilla.suse.com/show_bug.cgi?id=1173359
• https://bugzilla.suse.com/show_bug.cgi?id=1174120