Security update for ldb, samba

Announcement ID: SUSE-SU-2021:1440-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2020-27840 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2020-27840 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-20254 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
  • CVE-2021-20254 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • CVE-2021-20277 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  • CVE-2021-20277 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Enterprise Storage 7
  • SUSE Linux Enterprise Server 15 SP2

An update that solves three vulnerabilities and has two security fixes can now be installed.

Description:

This update for ldb, samba fixes the following issues:

  • ldb was updated to 2.2.1
  • CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574).
  • CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677).

  • CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572).

  • samba was updated to 4.13.6

  • CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574).
  • CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677).
  • CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572).
  • Spec file fixes around systemd and requires; (bsc#1182830);

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Enterprise Storage 7
    zypper in -t patch SUSE-Storage-7-2021-1440=1

Package List:

  • SUSE Enterprise Storage 7 (aarch64 x86_64)
    • libndr-krb5pac0-4.13.6+git.211.555d60b24ba-3.9.1
    • python3-ldb-debuginfo-2.2.1-4.3.1
    • libldb2-debuginfo-2.2.1-4.3.1
    • libsamba-passdb0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libsamdb0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • ctdb-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libndr1-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • samba-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libsamba-errors0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libndr1-4.13.6+git.211.555d60b24ba-3.9.1
    • ctdb-4.13.6+git.211.555d60b24ba-3.9.1
    • libsmbclient0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libtevent-util0-4.13.6+git.211.555d60b24ba-3.9.1
    • libsamba-hostconfig0-4.13.6+git.211.555d60b24ba-3.9.1
    • libsmbldap2-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libndr-krb5pac0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libsmbclient0-4.13.6+git.211.555d60b24ba-3.9.1
    • samba-ceph-4.13.6+git.211.555d60b24ba-3.9.1
    • libndr-standard0-4.13.6+git.211.555d60b24ba-3.9.1
    • samba-winbind-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libsmbconf0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libsmbconf0-4.13.6+git.211.555d60b24ba-3.9.1
    • samba-client-4.13.6+git.211.555d60b24ba-3.9.1
    • libtevent-util0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libsamdb0-4.13.6+git.211.555d60b24ba-3.9.1
    • libnetapi0-4.13.6+git.211.555d60b24ba-3.9.1
    • samba-ceph-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libdcerpc0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • samba-libs-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libndr-nbt0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libwbclient0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libdcerpc-binding0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • samba-libs-python3-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • python3-ldb-2.2.1-4.3.1
    • samba-client-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libldb2-2.2.1-4.3.1
    • libsamba-credentials0-4.13.6+git.211.555d60b24ba-3.9.1
    • libnetapi0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libdcerpc-binding0-4.13.6+git.211.555d60b24ba-3.9.1
    • samba-libs-4.13.6+git.211.555d60b24ba-3.9.1
    • samba-libs-python3-4.13.6+git.211.555d60b24ba-3.9.1
    • samba-winbind-4.13.6+git.211.555d60b24ba-3.9.1
    • libwbclient0-4.13.6+git.211.555d60b24ba-3.9.1
    • libsamba-errors0-4.13.6+git.211.555d60b24ba-3.9.1
    • libsamba-hostconfig0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libndr-nbt0-4.13.6+git.211.555d60b24ba-3.9.1
    • libsamba-credentials0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • samba-4.13.6+git.211.555d60b24ba-3.9.1
    • samba-debugsource-4.13.6+git.211.555d60b24ba-3.9.1
    • libsmbldap2-4.13.6+git.211.555d60b24ba-3.9.1
    • libsamba-passdb0-4.13.6+git.211.555d60b24ba-3.9.1
    • libdcerpc0-4.13.6+git.211.555d60b24ba-3.9.1
    • libsamba-util0-4.13.6+git.211.555d60b24ba-3.9.1
    • libndr-standard0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • libsamba-util0-debuginfo-4.13.6+git.211.555d60b24ba-3.9.1
    • ldb-debugsource-2.2.1-4.3.1

References: