openSUSE Security Update : samba / ldb / talloc / etc (openSUSE-2015-945)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for ldb, samba, talloc, tdb, tevent fixes the following
issues :

ldb was updated to 1.1.24.

+ Fix ldap \00 search expression attack dos;
cve-2015-3223; (bso#11325)

+ Fix remote read memory exploit in ldb; cve-2015-5330;
(bso#11599)

+ Move ldb_(un)pack_data into ldb_module.h for testing

+ Fix installation of _ldb_text.py

+ Fix propagation of ldb errors through tdb

+ Fix bug triggered by having an empty message in database
during search

+ Test improvements

+ Improved python bindings

+ Validate_ldb of string(generalized-time) does not accept
millisecond format '.000Z'; (bso#9810)

+ Fix logic in ldb_val_to_time()

+ Allow to register extended match rules

+ Fixes for segfaults in pyldb

+ Documentation fixes

+ Build system improvements

+ Fix a typo in the comment, ldb_flags_mod_xxx ->
ldb_flag_mod_xxx

+ Fix check for third_party

+ Make the successful ldb_transaction_start() message
clearer

+ Ldb-samba: fix a memory leak in
ldif_canonicalise_objectcategory()

+ Ldb-samba: move pyldb-utils dependency to
python_samba__ldb

+ Build: improve detection of srcdir

Samba was updated to 4.1.22.

+ Malicious request can cause samba ldap server to hang,
spinning using cpu; CVE-2015-3223; (bso#11325);
(boo#958581).

+ Remote read memory exploit in ldb; cve-2015-5330;
(bso#11599); (boo#958586).

+ Insufficient symlink verification (file access outside
the share); CVE-2015-5252; (bso#11395); (boo#958582).

+ No man in the middle protection when forcing smb
encryption on the client side; CVE-2015-5296;
(bso#11536); (boo#958584).

+ Currently the snapshot browsing is not secure thru
windows previous version (shadow_copy2); CVE-2015-5299;
(bso#11529); (boo#958583).

+ Fix microsoft ms15-096 to prevent machine accounts from
being changed into user accounts; CVE-2015-8467;
(bso#11552); (boo#958585).

+ Fix remote dos in samba (ad) ldap server; cve-2015-7540;
(bso#9187); (boo#958580).

+ Ensure attempt to ssh into locked account triggers 'Your
account is disabled.....' to the console; (boo#953382).

+ Prevent NULL pointer access in samlogon fallback when
security credentials are null; (boo#949022).

talloc was updated to 2.1.5; (boo#954658).

+ Minor build fixes

+ Point ld_library_path to the just-built libraries while
calling make test.

+ Disable rpath-install and silent-rules while configure.

+ Update to 2.1.4; (boo#951660).

+ Test that talloc magic differs between processes.

+ Increment minor version due to added
talloc_test_get_magic.

+ Provide tests access to talloc_magic.

+ Test magic protection measures.

+ Update the samba library distribution key file
'talloc.keyring'; (bso#945116).

+ Update to 2.1.3; (boo#939051).

+ Improved python3 bindings

+ Documentation fixes regarding talloc_reference() and
talloc_unlink()

tdb was updated to version 1.3.8; (boo#954658).

+ Fix broken build with --disable-python

+ Minor build fixes

+ Disable rpath-install and silent-rules while configure.

+ Update the samba library distribution key file
'tdb.keyring'; (bso#945116).

+ Update to version 1.3.7.

+ First fix deadlock in the interaction between fcntl and
mutex locking; (bso#11381)

+ Improved python3 bindings

+ Update to version 1.3.6.

+ Fix runtime detection for robust mutexes in the
standalone build; (bso#11326).

+ Possible fix for the build with robust mutexes on
solaris 11; (bso#11319).

+ Update to version 1.3.5.

+ Abi change: tdb_chainlock_read_nonblock() has been
added, a nonblock variant of tdb_chainlock_read()

+ Do not build test binaries if it's not a standalone
build

+ Fix cid 1034842 resource leak

+ Fix cid 1034841 resource leak

+ Don't let tdb_wrap_open() segfault with name==null

+ Update to version 1.3.4.

+ Toos: allow transactions with tdb_mutex_locking

+ Test: add tdb1-run-mutex-transaction1 test

+ Allow transactions on on tdb's with tdb_mutex_locking

+ Update to version 1.3.3.

+ Test: tdb_clear_if_first | tdb_mutex_locking, o_rdonly
is a valid combination

+ Update to version 1.3.2.

+ Allow tdb_open_ex() with o_rdonly of
tdb_feature_flag_mutex tdbs.

+ Fix a comment

+ Fix tdb_runtime_check_for_robust_mutexes()

+ Improve wording in a comment

+ Tdb.h needs bool type; obsoletes
include_stdbool_bso10625.patch

+ Tdb_wrap: make mutexes easier to use

+ Tdb_wrap: only pull in samba-debug

+ Tdb_wrap: standalone compile without includes.h

+ Tdb_wrap: tdb_wrap.h doesn't need struct
loadparm_context

- Update to version 1.3.1.

+ Tools: fix a compiler warning

+ Defragment the freelist in tdb_allocate_from_freelist()

+ Add 'freelist_size' sub-command to tdbtool

+ Use tdb_freelist_merge_adjacent in tdb_freelist_size()

+ Add tdb_freelist_merge_adjacent()

+ Add utility function check_merge_ptr_with_left_record()

+ Simplify tdb_free() using check_merge_with_left_record()

+ Add utility function check_merge_with_left_record()

+ Improve comments for tdb_free().

+ Factor merge_with_left_record() out of tdb_free()

+ Fix debug message in tdb_free()

+ Reduce indentation in tdb_free() for merging left

+ Increase readability of read_record_on_left()

+ Factor read_record_on_left() out of tdb_free()

+ Build: improve detection of srcdir.

tevent was update to version 0.9.26; (boo#954658).

+ New tevent_thread_proxy api

+ Minor build fixes

+ Update the samba library distribution key file
'tevent.keyring'; (bso#945116).

+ Update to 0.9.25.

+ Fix compile error in solaris ports backend.

+ Fix access after free in tevent_common_check_signal();
(bso#11308).

+ Improve pytevent bindings.

+ Testsuite fixes.

+ Improve the documentation of the tevent_add_fd()
assumtions. it must be talloc_free'ed before closing the
fd! (bso##11141); (bso#11316).

+ Update to 0.9.24.

+ Ignore unexpected signal events in the same way the
epoll backend does.

+ Update to 0.9.23.

+ Update the tevent_data.dox tutrial stuff to fix some
errors, including white space problems.

+ Use tevent_req_simple_recv_unix in a few places.

+ Update to 0.9.22.

+ Remove unused exit_code in tevent_select.c

+ Remove unused exit_code in tevent_poll.c

+ Build: improve detection of srcdir

+ Lib: tevent: make tevent_sig_increment atomic.

+ Update flags in tevent pkgconfig file

+ Utilize doxygen to generate the api documentation and
package it.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=939050
https://bugzilla.opensuse.org/show_bug.cgi?id=939051
https://bugzilla.opensuse.org/show_bug.cgi?id=949022
https://bugzilla.opensuse.org/show_bug.cgi?id=951660
https://bugzilla.opensuse.org/show_bug.cgi?id=953382
https://bugzilla.opensuse.org/show_bug.cgi?id=954658
https://bugzilla.opensuse.org/show_bug.cgi?id=958580
https://bugzilla.opensuse.org/show_bug.cgi?id=958581
https://bugzilla.opensuse.org/show_bug.cgi?id=958582
https://bugzilla.opensuse.org/show_bug.cgi?id=958583
https://bugzilla.opensuse.org/show_bug.cgi?id=958584
https://bugzilla.opensuse.org/show_bug.cgi?id=958585
https://bugzilla.opensuse.org/show_bug.cgi?id=958586

Solution :

Update the affected samba / ldb / talloc / etc packages.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 87622 ()

Bugtraq ID:

CVE ID: CVE-2015-3223
CVE-2015-5252
CVE-2015-5296
CVE-2015-5299
CVE-2015-5330
CVE-2015-7540
CVE-2015-8467

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now