Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0266 Security update for samba 22 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: samba Publisher: SUSE Operating System: SUSE Impact/Access: Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-14383 CVE-2020-14323 CVE-2020-14318 Reference: ESB-2020.4436 ESB-2020.4143 ESB-2020.3755 Original Bulletin: https://www.suse.com/support/update/announcement/2021/suse-su-20210185-1 - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0185-1 Rating: moderate References: #1173902 #1173994 #1177355 #1177613 #1178469 Cross-References: CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for samba fixes the following issues: o Update to 4.13.3 + libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob; (bso#14210); + s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function; (bso#14486); + s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE(); (bso#14515); + s3: spoolss: Make parameters in call to user_ok_token() match all other uses; (bso#14568); + s3: smbd: Quiet log messages from usershares for an unknown share; (bso#14590); + samba process does not honor max log size; (bso#14248); + vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE; (bso#14587); + s3-libads: Pass timeout to open_socket_out in ms; (bso#13124); + s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486); + smbclient: Fix recursive mget; (bso#14517); + clitar: Use do_list()'s recursion in clitar.c; (bso#14581); + manpages/vfs_glusterfs: Mention silent skipping of write-behind translator; (bso#14486); + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573); + interface: Fix if_index is not parsed correctly; (bso#14514); o Update to 4.13.2 + s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return; (bso#14486); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); + smb.conf.5: Add clarification how configuration changes reflected by Samba; (bso#14538); + daemons: Report status to systemd even when running in foreground; (bso# 14552); + DNS Resolver: Support both dnspython before and after 2.0.0; (bso #14553); + s3-vfs_glusterfs: Refuse connection when write-behind xlator is present; (bso#14486); + provision: Add support for BIND 9.16.x; (bso# 14487); + ctdb-common: Avoid aliasing errors during code optimization; (bso #14537); + libndr: Avoid assigning duplicate versions to symbols; (bso# 14541); + docs: Fix default value of spoolss:architecture; (bso#14522); + winbind: Fix a memleak; (bso#14388); + s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531); + docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs; (bso#14486); + nsswitch/ nsstest.c: Avoid nss function conflicts with glibc nss.h. + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530); + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547); + examples:auth: Do not install example plugin; (bso#14550); + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); o Adjust smbcacls '--propagate-inheritance' feature to align with upstream; (bsc#1178469). o Update to samba 4.13.1 + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records; (bsc#1177613); (bso#14472); + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994); (bso# 14436); + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify; (bsc#1173902); (bso#14434); o Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run /samba; (bsc#1177355); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-185=1 Package List: o SUSE Enterprise Storage 7 (aarch64 x86_64): ctdb-4.13.3+git.181.fc4672a5b81-3.3.1 ctdb-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libdcerpc-binding0-4.13.3+git.181.fc4672a5b81-3.3.1 libdcerpc-binding0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libdcerpc0-4.13.3+git.181.fc4672a5b81-3.3.1 libdcerpc0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libndr-krb5pac0-4.13.3+git.181.fc4672a5b81-3.3.1 libndr-krb5pac0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libndr-nbt0-4.13.3+git.181.fc4672a5b81-3.3.1 libndr-nbt0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libndr-standard0-4.13.3+git.181.fc4672a5b81-3.3.1 libndr-standard0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libndr1-4.13.3+git.181.fc4672a5b81-3.3.1 libndr1-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libnetapi0-4.13.3+git.181.fc4672a5b81-3.3.1 libnetapi0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-credentials0-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-credentials0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-errors0-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-errors0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-hostconfig0-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-hostconfig0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-passdb0-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-passdb0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-util0-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-util0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsamdb0-4.13.3+git.181.fc4672a5b81-3.3.1 libsamdb0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsmbclient0-4.13.3+git.181.fc4672a5b81-3.3.1 libsmbclient0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsmbconf0-4.13.3+git.181.fc4672a5b81-3.3.1 libsmbconf0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsmbldap2-4.13.3+git.181.fc4672a5b81-3.3.1 libsmbldap2-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libtevent-util0-4.13.3+git.181.fc4672a5b81-3.3.1 libtevent-util0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libwbclient0-4.13.3+git.181.fc4672a5b81-3.3.1 libwbclient0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 samba-4.13.3+git.181.fc4672a5b81-3.3.1 samba-ceph-4.13.3+git.181.fc4672a5b81-3.3.1 samba-ceph-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 samba-client-4.13.3+git.181.fc4672a5b81-3.3.1 samba-client-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 samba-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 samba-debugsource-4.13.3+git.181.fc4672a5b81-3.3.1 samba-libs-4.13.3+git.181.fc4672a5b81-3.3.1 samba-libs-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 samba-libs-python3-4.13.3+git.181.fc4672a5b81-3.3.1 samba-libs-python3-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 samba-winbind-4.13.3+git.181.fc4672a5b81-3.3.1 samba-winbind-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 References: o https://www.suse.com/security/cve/CVE-2020-14318.html o https://www.suse.com/security/cve/CVE-2020-14323.html o https://www.suse.com/security/cve/CVE-2020-14383.html o https://bugzilla.suse.com/1173902 o https://bugzilla.suse.com/1173994 o https://bugzilla.suse.com/1177355 o https://bugzilla.suse.com/1177613 o https://bugzilla.suse.com/1178469 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYApb9uNLKJtyKPYoAQjb/Q//cDlXYWjhH9EpxbO7+Au91orwWdOZgzGW 2CVEFXxk2dSG+z2lMtDl/tj2+Ni9hir8Fr6mkoOdJtnnHswrc1F0KcIf9mw5LExH hLuUV5mE4fOZwIM9RMlx05mZDLgLQceEXt18k1mi6aP1mLdR8Q7Ii8Dl0gdNoiwT IxXWfoGFFZipQ4lPmnk5k8YFs2Q4qNDGuY+rtwOiTMC3y2oMWhedHARwFagxg69b iBirMXfVOQB75gzHpx+UaHk7QT5pNBHVQg4+viOC6Wzt54XCoigECGUhWSO7R2Bt OShUoFQd9cjYV7KslJYa9GgD9Y73//4HC8l86Wz8Wy8q0ai0T4u560m8vxCYj1N9 bKD5NlcgcWL6zEyDuVW1LtcRcE3XkaPRyRpDVoPzQyyq5GWe3GN915GxhRyMy9Sk o4kYQsSesxUgHbC8/0xTjP/4uvVE4nvkltttarGHB3oHRYK3P1NgY2kBUscZyR8f tUldz4Go+2kXetp7EikVJiAkPfLla88u3+29imuScR3K6OuIqfjyqridAqvJaBzi vtrtq4VK34zmWxErO/77KnWvE7kwNvSVR1+A6iKhFiQSdQK0RisGZ2QzIUst7goD DcZEva3ABLMZ6LaXkGRn7XjfmISa9yW5aczTfYex1UVyhMjRWrbwqP45v0XvHiMu O2qLgxgmNow= =DowE -----END PGP SIGNATURE-----