openSUSE Security Update : samba / ldb / talloc / etc (openSUSE-2015-945)

Medium Nessus Plugin ID 87622

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for ldb, samba, talloc, tdb, tevent fixes the following issues :

ldb was updated to 1.1.24.

+ Fix ldap \00 search expression attack dos;
cve-2015-3223; (bso#11325)

+ Fix remote read memory exploit in ldb; cve-2015-5330;
(bso#11599)

+ Move ldb_(un)pack_data into ldb_module.h for testing

+ Fix installation of _ldb_text.py

+ Fix propagation of ldb errors through tdb

+ Fix bug triggered by having an empty message in database during search

+ Test improvements

+ Improved python bindings

+ Validate_ldb of string(generalized-time) does not accept millisecond format '.000Z'; (bso#9810)

+ Fix logic in ldb_val_to_time()

+ Allow to register extended match rules

+ Fixes for segfaults in pyldb

+ Documentation fixes

+ Build system improvements

+ Fix a typo in the comment, ldb_flags_mod_xxx -> ldb_flag_mod_xxx

+ Fix check for third_party

+ Make the successful ldb_transaction_start() message clearer

+ Ldb-samba: fix a memory leak in ldif_canonicalise_objectcategory()

+ Ldb-samba: move pyldb-utils dependency to python_samba__ldb

+ Build: improve detection of srcdir

Samba was updated to 4.1.22.

+ Malicious request can cause samba ldap server to hang, spinning using cpu; CVE-2015-3223; (bso#11325);
(boo#958581).

+ Remote read memory exploit in ldb; cve-2015-5330;
(bso#11599); (boo#958586).

+ Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (boo#958582).

+ No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296;
(bso#11536); (boo#958584).

+ Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299;
(bso#11529); (boo#958583).

+ Fix microsoft ms15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467;
(bso#11552); (boo#958585).

+ Fix remote dos in samba (ad) ldap server; cve-2015-7540;
(bso#9187); (boo#958580).

+ Ensure attempt to ssh into locked account triggers 'Your account is disabled.....' to the console; (boo#953382).

+ Prevent NULL pointer access in samlogon fallback when security credentials are null; (boo#949022).

talloc was updated to 2.1.5; (boo#954658).

+ Minor build fixes

+ Point ld_library_path to the just-built libraries while calling make test.

+ Disable rpath-install and silent-rules while configure.

+ Update to 2.1.4; (boo#951660).

+ Test that talloc magic differs between processes.

+ Increment minor version due to added talloc_test_get_magic.

+ Provide tests access to talloc_magic.

+ Test magic protection measures.

+ Update the samba library distribution key file 'talloc.keyring'; (bso#945116).

+ Update to 2.1.3; (boo#939051).

+ Improved python3 bindings

+ Documentation fixes regarding talloc_reference() and talloc_unlink()

tdb was updated to version 1.3.8; (boo#954658).

+ Fix broken build with --disable-python

+ Minor build fixes

+ Disable rpath-install and silent-rules while configure.

+ Update the samba library distribution key file 'tdb.keyring'; (bso#945116).

+ Update to version 1.3.7.

+ First fix deadlock in the interaction between fcntl and mutex locking; (bso#11381)

+ Improved python3 bindings

+ Update to version 1.3.6.

+ Fix runtime detection for robust mutexes in the standalone build; (bso#11326).

+ Possible fix for the build with robust mutexes on solaris 11; (bso#11319).

+ Update to version 1.3.5.

+ Abi change: tdb_chainlock_read_nonblock() has been added, a nonblock variant of tdb_chainlock_read()

+ Do not build test binaries if it's not a standalone build

+ Fix cid 1034842 resource leak

+ Fix cid 1034841 resource leak

+ Don't let tdb_wrap_open() segfault with name==null

+ Update to version 1.3.4.

+ Toos: allow transactions with tdb_mutex_locking

+ Test: add tdb1-run-mutex-transaction1 test

+ Allow transactions on on tdb's with tdb_mutex_locking

+ Update to version 1.3.3.

+ Test: tdb_clear_if_first | tdb_mutex_locking, o_rdonly is a valid combination

+ Update to version 1.3.2.

+ Allow tdb_open_ex() with o_rdonly of tdb_feature_flag_mutex tdbs.

+ Fix a comment

+ Fix tdb_runtime_check_for_robust_mutexes()

+ Improve wording in a comment

+ Tdb.h needs bool type; obsoletes include_stdbool_bso10625.patch

+ Tdb_wrap: make mutexes easier to use

+ Tdb_wrap: only pull in samba-debug

+ Tdb_wrap: standalone compile without includes.h

+ Tdb_wrap: tdb_wrap.h doesn't need struct loadparm_context

- Update to version 1.3.1.

+ Tools: fix a compiler warning

+ Defragment the freelist in tdb_allocate_from_freelist()

+ Add 'freelist_size' sub-command to tdbtool

+ Use tdb_freelist_merge_adjacent in tdb_freelist_size()

+ Add tdb_freelist_merge_adjacent()

+ Add utility function check_merge_ptr_with_left_record()

+ Simplify tdb_free() using check_merge_with_left_record()

+ Add utility function check_merge_with_left_record()

+ Improve comments for tdb_free().

+ Factor merge_with_left_record() out of tdb_free()

+ Fix debug message in tdb_free()

+ Reduce indentation in tdb_free() for merging left

+ Increase readability of read_record_on_left()

+ Factor read_record_on_left() out of tdb_free()

+ Build: improve detection of srcdir.

tevent was update to version 0.9.26; (boo#954658).

+ New tevent_thread_proxy api

+ Minor build fixes

+ Update the samba library distribution key file 'tevent.keyring'; (bso#945116).

+ Update to 0.9.25.

+ Fix compile error in solaris ports backend.

+ Fix access after free in tevent_common_check_signal();
(bso#11308).

+ Improve pytevent bindings.

+ Testsuite fixes.

+ Improve the documentation of the tevent_add_fd() assumtions. it must be talloc_free'ed before closing the fd! (bso##11141); (bso#11316).

+ Update to 0.9.24.

+ Ignore unexpected signal events in the same way the epoll backend does.

+ Update to 0.9.23.

+ Update the tevent_data.dox tutrial stuff to fix some errors, including white space problems.

+ Use tevent_req_simple_recv_unix in a few places.

+ Update to 0.9.22.

+ Remove unused exit_code in tevent_select.c

+ Remove unused exit_code in tevent_poll.c

+ Build: improve detection of srcdir

+ Lib: tevent: make tevent_sig_increment atomic.

+ Update flags in tevent pkgconfig file

+ Utilize doxygen to generate the api documentation and package it.

Solution

Update the affected samba / ldb / talloc / etc packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=939050

https://bugzilla.opensuse.org/show_bug.cgi?id=939051

https://bugzilla.opensuse.org/show_bug.cgi?id=949022

https://bugzilla.opensuse.org/show_bug.cgi?id=951660

https://bugzilla.opensuse.org/show_bug.cgi?id=953382

https://bugzilla.opensuse.org/show_bug.cgi?id=954658

https://bugzilla.opensuse.org/show_bug.cgi?id=958580

https://bugzilla.opensuse.org/show_bug.cgi?id=958581

https://bugzilla.opensuse.org/show_bug.cgi?id=958582

https://bugzilla.opensuse.org/show_bug.cgi?id=958583

https://bugzilla.opensuse.org/show_bug.cgi?id=958584

https://bugzilla.opensuse.org/show_bug.cgi?id=958585

https://bugzilla.opensuse.org/show_bug.cgi?id=958586

Plugin Details

Severity: Medium

ID: 87622

File Name: openSUSE-2015-945.nasl

Version: 2.7

Type: local

Agent: unix

Published: 2015/12/29

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 5.9

CVSS v2.0

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:ldb-debugsource, p-cpe:/a:novell:opensuse:ldb-tools, p-cpe:/a:novell:opensuse:ldb-tools-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc-atsvc-devel, p-cpe:/a:novell:opensuse:libdcerpc-atsvc0, p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-32bit, p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libdcerpc-binding0, p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit, p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libdcerpc-devel, p-cpe:/a:novell:opensuse:libdcerpc-samr-devel, p-cpe:/a:novell:opensuse:libdcerpc-samr0, p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit, p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libdcerpc0, p-cpe:/a:novell:opensuse:libdcerpc0-32bit, p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libgensec-devel, p-cpe:/a:novell:opensuse:libgensec0, p-cpe:/a:novell:opensuse:libgensec0-32bit, p-cpe:/a:novell:opensuse:libgensec0-debuginfo, p-cpe:/a:novell:opensuse:libgensec0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libldb-devel, p-cpe:/a:novell:opensuse:libldb1, p-cpe:/a:novell:opensuse:libldb1-32bit, p-cpe:/a:novell:opensuse:libldb1-debuginfo, p-cpe:/a:novell:opensuse:libldb1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libndr-devel, p-cpe:/a:novell:opensuse:libndr-krb5pac-devel, p-cpe:/a:novell:opensuse:libndr-krb5pac0, p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit, p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo, p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libndr-nbt-devel, p-cpe:/a:novell:opensuse:libndr-nbt0, p-cpe:/a:novell:opensuse:libndr-nbt0-32bit, p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo, p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libndr-standard-devel, p-cpe:/a:novell:opensuse:libndr-standard0, p-cpe:/a:novell:opensuse:libndr-standard0-32bit, p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo, p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libndr0, p-cpe:/a:novell:opensuse:libndr0-32bit, p-cpe:/a:novell:opensuse:libndr0-debuginfo, p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libnetapi-devel, p-cpe:/a:novell:opensuse:libnetapi0, p-cpe:/a:novell:opensuse:libnetapi0-32bit, p-cpe:/a:novell:opensuse:libnetapi0-debuginfo, p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libpdb-devel, p-cpe:/a:novell:opensuse:libpdb0, p-cpe:/a:novell:opensuse:libpdb0-32bit, p-cpe:/a:novell:opensuse:libpdb0-debuginfo, p-cpe:/a:novell:opensuse:libpdb0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libregistry-devel, p-cpe:/a:novell:opensuse:libregistry0, p-cpe:/a:novell:opensuse:libregistry0-32bit, p-cpe:/a:novell:opensuse:libregistry0-debuginfo, p-cpe:/a:novell:opensuse:libregistry0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamba-credentials-devel, p-cpe:/a:novell:opensuse:libsamba-credentials0, p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit, p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel, p-cpe:/a:novell:opensuse:libsamba-hostconfig0, p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit, p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamba-policy-devel, p-cpe:/a:novell:opensuse:libsamba-policy0, p-cpe:/a:novell:opensuse:libsamba-policy0-32bit, p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamba-util-devel, p-cpe:/a:novell:opensuse:libsamba-util0, p-cpe:/a:novell:opensuse:libsamba-util0-32bit, p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamdb-devel, p-cpe:/a:novell:opensuse:libsamdb0, p-cpe:/a:novell:opensuse:libsamdb0-32bit, p-cpe:/a:novell:opensuse:libsamdb0-debuginfo, p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbclient-devel, p-cpe:/a:novell:opensuse:libsmbclient-raw-devel, p-cpe:/a:novell:opensuse:libsmbclient-raw0, p-cpe:/a:novell:opensuse:libsmbclient-raw0-32bit, p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbclient0, p-cpe:/a:novell:opensuse:libsmbclient0-32bit, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbconf-devel, p-cpe:/a:novell:opensuse:libsmbconf0, p-cpe:/a:novell:opensuse:libsmbconf0-32bit, p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo, p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbldap-devel, p-cpe:/a:novell:opensuse:libsmbldap0, p-cpe:/a:novell:opensuse:libsmbldap0-32bit, p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo, p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbsharemodes-devel, p-cpe:/a:novell:opensuse:libsmbsharemodes0, p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo, p-cpe:/a:novell:opensuse:libtalloc-devel, p-cpe:/a:novell:opensuse:libtalloc2, p-cpe:/a:novell:opensuse:libtalloc2-32bit, p-cpe:/a:novell:opensuse:libtalloc2-debuginfo, p-cpe:/a:novell:opensuse:libtalloc2-debuginfo-32bit, p-cpe:/a:novell:opensuse:libtdb-devel, p-cpe:/a:novell:opensuse:libtdb1, p-cpe:/a:novell:opensuse:libtdb1-32bit, p-cpe:/a:novell:opensuse:libtdb1-debuginfo, p-cpe:/a:novell:opensuse:libtdb1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libtevent-devel, p-cpe:/a:novell:opensuse:libtevent-util-devel, p-cpe:/a:novell:opensuse:libtevent-util0, p-cpe:/a:novell:opensuse:libtevent-util0-32bit, p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo, p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libtevent0, p-cpe:/a:novell:opensuse:libtevent0-32bit, p-cpe:/a:novell:opensuse:libtevent0-debuginfo, p-cpe:/a:novell:opensuse:libtevent0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libwbclient-devel, p-cpe:/a:novell:opensuse:libwbclient0, p-cpe:/a:novell:opensuse:libwbclient0-32bit, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit, p-cpe:/a:novell:opensuse:pyldb, p-cpe:/a:novell:opensuse:pyldb-32bit, p-cpe:/a:novell:opensuse:pyldb-debuginfo, p-cpe:/a:novell:opensuse:pyldb-debuginfo-32bit, p-cpe:/a:novell:opensuse:pyldb-devel, p-cpe:/a:novell:opensuse:pytalloc, p-cpe:/a:novell:opensuse:pytalloc-32bit, p-cpe:/a:novell:opensuse:pytalloc-debuginfo, p-cpe:/a:novell:opensuse:pytalloc-debuginfo-32bit, p-cpe:/a:novell:opensuse:pytalloc-devel, p-cpe:/a:novell:opensuse:python-tdb, p-cpe:/a:novell:opensuse:python-tdb-32bit, p-cpe:/a:novell:opensuse:python-tdb-debuginfo, p-cpe:/a:novell:opensuse:python-tdb-debuginfo-32bit, p-cpe:/a:novell:opensuse:python-tevent, p-cpe:/a:novell:opensuse:python-tevent-32bit, p-cpe:/a:novell:opensuse:python-tevent-debuginfo, p-cpe:/a:novell:opensuse:python-tevent-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba, p-cpe:/a:novell:opensuse:samba-32bit, p-cpe:/a:novell:opensuse:samba-client, p-cpe:/a:novell:opensuse:samba-client-32bit, p-cpe:/a:novell:opensuse:samba-client-debuginfo, p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-core-devel, p-cpe:/a:novell:opensuse:samba-debuginfo, p-cpe:/a:novell:opensuse:samba-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-debugsource, p-cpe:/a:novell:opensuse:samba-libs, p-cpe:/a:novell:opensuse:samba-libs-32bit, p-cpe:/a:novell:opensuse:samba-libs-debuginfo, p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-pidl, p-cpe:/a:novell:opensuse:samba-python, p-cpe:/a:novell:opensuse:samba-python-debuginfo, p-cpe:/a:novell:opensuse:samba-test, p-cpe:/a:novell:opensuse:samba-test-debuginfo, p-cpe:/a:novell:opensuse:samba-test-devel, p-cpe:/a:novell:opensuse:samba-winbind, p-cpe:/a:novell:opensuse:samba-winbind-32bit, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit, p-cpe:/a:novell:opensuse:talloc-debugsource, p-cpe:/a:novell:opensuse:tdb-debugsource, p-cpe:/a:novell:opensuse:tdb-tools, p-cpe:/a:novell:opensuse:tdb-tools-debuginfo, p-cpe:/a:novell:opensuse:tevent-debugsource, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2015/12/24

Reference Information

CVE: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540, CVE-2015-8467