openSUSE Security Update : ldb / samba / talloc / etc (openSUSE-2015-943)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for ldb, samba, talloc, tdb, tevent fixes the following
security issues and bugs :

The Samba LDB was updated to version 1.1.24 :

- Fix ldap \00 search expression attack dos;
CVE-2015-3223; (bso#11325)

- Fix remote read memory exploit in ldb; CVE-2015-5330;
(bso#11599)

- Move ldb_(un)pack_data into ldb_module.h for testing

- Fix installation of _ldb_text.py

- Fix propagation of ldb errors through tdb

- Fix bug triggered by having an empty message in database
during search

Samba was updated to fix these issues :

- Malicious request can cause Samba LDAP server to hang,
spinning using CPU; CVE-2015-3223; (bso#11325);
(bnc#958581).

- Remote read memory exploit in LDB; CVE-2015-5330;
(bso#11599); (bnc#958586).

- Insufficient symlink verification (file access outside
the share); CVE-2015-5252; (bso#11395); (bnc#958582).

- No man in the middle protection when forcing smb
encryption on the client side; CVE-2015-5296;
(bso#11536); (bnc#958584).

- Currently the snapshot browsing is not secure thru
windows previous version (shadow_copy2); CVE-2015-5299;
(bso#11529); (bnc#958583).

- Fix Microsoft MS15-096 to prevent machine accounts from
being changed into user accounts; CVE-2015-8467;
(bso#11552); (bnc#958585).

- Changing log level of two entries to from 1 to 3;
(bso#9912).

- vfs_gpfs: Re-enable share modes; (bso#11243).

- wafsamba: Also build libraries with RELRO protection;
(bso#11346).

- ctdb: Strip trailing spaces from nodes file;
(bso#11365).

- s3-smbd: Fix old DOS client doing wildcard delete -
gives a attribute type of zero; (bso#11452).

- nss_wins: Do not run into use after free issues when we
access memory allocated on the globals and the global
being reinitialized; (bso#11563).

- async_req: Fix non-blocking connect(); (bso#11564).

- auth: gensec: Fix a memory leak; (bso#11565).

- lib: util: Make non-critical message a warning;
(bso#11566).

- Fix winbindd crashes with samlogon for trusted domain
user; (bso#11569); (bnc#949022).

- smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).

- ctdb: Open the RO tracking db with perms 0600 instead of
0000; (bso#11577).

- manpage: Correct small typo error; (bso#11584).

- s3: smbd: If EA's are turned off on a share don't allow
an SMB2 create containing them; (bso#11589).

- Backport some valgrind fixes from upstream master;
(bso#11597).

- s3: smbd: have_file_open_below() fails to enumerate open
files below an open directory handle; (bso#11615).

- docs: Fix some typos in the idmap config section of man
5 smb.conf; (bso#11619).

- Cleanup and enhance the pidl sub package.

- s3: smbd: Fix our access-based enumeration on 'hide
unreadable' to match Windows; (bso#10252).

- smbd: Fix file name buflen and padding in notify
repsonse; (bso#10634).

- kerberos: Make sure we only use prompter type when
available; (bso#11038).

- s3:ctdbd_conn: Make sure we destroy tevent_fd before
closing the socket; (bso#11316).

- dcerpc.idl: accept invalid dcerpc_bind_nak pdus;
(bso#11327).

- Fix a deadlock in tdb; (bso#11381).

- s3: smbd: Fix mkdir race condition; (bso#11486).

- pam_winbind: Fix a segfault if initialization fails;
(bso#11502).

- s3: dfs: Fix a crash when the dfs targets are disabled;
(bso#11509).

- s3: smbd: Fix opening/creating :stream files on the root
share directory; (bso#11522).

- net: Fix a crash with 'net ads keytab create';
(bso#11528).

- s3: smbd: Fix a crash in unix_convert() and a NULL
pointer bug introduced by previous 'raw' stream fix
(bso#11522); (bso#11535).

- vfs_fruit: Return value of ad_pack in vfs_fruit.c;
(bso#11543).

- vfs_commit: Set the fd on open before calling
SMB_VFS_FSTAT; (bso#11547).

- Fix bug in smbstatus where the lease info is not
printed; (bso#11549).

- s3:smbstatus: Add stream name to share_entry_forall();
(bso#11550).

- Prevent NULL pointer access in samlogon fallback when
security credentials are null; (bnc#949022).

- Fix 100% CPU in winbindd when logging in with 'user must
change password on next logon'; (bso#11038).

talloc was updated to version 2.1.5; (bsc#954658) (bsc#951660).

- Test that talloc magic differs between processes.

- Increment minor version due to added
talloc_test_get_magic.

- Provide tests access to talloc_magic.

- Test magic protection measures.

tdb was updated to version 1.3.8; (bsc#954658).

- Improved python3 bindings

tevent was updated to 0.9.26; (bsc#954658).

- New tevent_thread_proxy api

- Minor build fixes This update was imported from the
SUSE:SLE-12-SP1:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=949022
https://bugzilla.opensuse.org/show_bug.cgi?id=951660
https://bugzilla.opensuse.org/show_bug.cgi?id=954658
https://bugzilla.opensuse.org/show_bug.cgi?id=958581
https://bugzilla.opensuse.org/show_bug.cgi?id=958582
https://bugzilla.opensuse.org/show_bug.cgi?id=958583
https://bugzilla.opensuse.org/show_bug.cgi?id=958584
https://bugzilla.opensuse.org/show_bug.cgi?id=958585
https://bugzilla.opensuse.org/show_bug.cgi?id=958586

Solution :

Update the affected ldb / samba / talloc / etc packages.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 87621 ()

Bugtraq ID:

CVE ID: CVE-2015-3223
CVE-2015-5252
CVE-2015-5296
CVE-2015-5299
CVE-2015-5330
CVE-2015-8467

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now