openSUSE Security Update: Security update for samba
______________________________________________________________________________
Announcement ID: openSUSE-SU-2018:1727-1
Rating: moderate
References: #1081024 #1093664
Cross-References: CVE-2018-1057
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
Samba was updated to 4.6.14, fixing bugs and security issues:
Version update to 4.6.14 (bsc#1093664):
+ vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425).
+ Fix memory leak in vfs_ceph; (bso#13424).
+ winbind: avoid using fstrcpy(dcname,…) in _dual_init_connection;
(bso#13294).
+ s3:smb2_server: correctly maintain request counters for compound
requests; (bso#13215).
+ s3: smbd: Unix extensions attempts to change wrong field in fchown call;
(bso#13375).
+ s3:smbd: map nterror on smb2_flush errorpath; (bso#13338).
+ vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async;
(bso#13297).
+ s3: smbd: Fix possible directory fd leak if the underlying OS doesn’t
support fdopendir(); (bso#13270).
+ s3: ldap: Ensure the ADS_STRUCT pointer doesn’t get freed on error, we
don’t own it here; (bso#13244).
+ s3:libsmb: allow -U”\\administrator” to work; (bso#13206).
+ CVE-2018-1057: s4:dsdb: fix unprivileged password changes; (bso#13272);
(bsc#1081024).
+ s3:smbd: Do not crash if we fail to init the session table; (bso#13315).
+ libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310).
+ smbXcli: Add “force_channel_sequence”; (bso#13215).
+ smbd: Fix channel sequence number checks for long-running requests;
(bso#13215).
+ s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired
sessions; (bso#13197).
+ s3:smbd: return the correct error for cancelled SMB2 notifies on expired
sessions; (bso#13197).
+ samba: Only use async signal-safe functions in signal handler;
(bso#13240).
+ subnet: Avoid a segfault when renaming subnet objects; (bso#13031).
– Fix vfs_ceph with “aio read size” or “aio write size” > 0; (bsc#1093664).
+ vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425).
+ Fix memory leak in vfs_ceph; (bso#13424).
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-649=1
Package List:
– openSUSE Leap 42.3 (i586 x86_64):
ctdb-4.6.14+git.150.1540e575faf-15.1
ctdb-debuginfo-4.6.14+git.150.1540e575faf-15.1
ctdb-tests-4.6.14+git.150.1540e575faf-15.1
ctdb-tests-debuginfo-4.6.14+git.150.1540e575faf-15.1
libdcerpc-binding0-4.6.14+git.150.1540e575faf-15.1
libdcerpc-binding0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libdcerpc-devel-4.6.14+git.150.1540e575faf-15.1
libdcerpc-samr-devel-4.6.14+git.150.1540e575faf-15.1
libdcerpc-samr0-4.6.14+git.150.1540e575faf-15.1
libdcerpc-samr0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libdcerpc0-4.6.14+git.150.1540e575faf-15.1
libdcerpc0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libndr-devel-4.6.14+git.150.1540e575faf-15.1
libndr-krb5pac-devel-4.6.14+git.150.1540e575faf-15.1
libndr-krb5pac0-4.6.14+git.150.1540e575faf-15.1
libndr-krb5pac0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libndr-nbt-devel-4.6.14+git.150.1540e575faf-15.1
libndr-nbt0-4.6.14+git.150.1540e575faf-15.1
libndr-nbt0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libndr-standard-devel-4.6.14+git.150.1540e575faf-15.1
libndr-standard0-4.6.14+git.150.1540e575faf-15.1
libndr-standard0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libndr0-4.6.14+git.150.1540e575faf-15.1
libndr0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libnetapi-devel-4.6.14+git.150.1540e575faf-15.1
libnetapi0-4.6.14+git.150.1540e575faf-15.1
libnetapi0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libsamba-credentials-devel-4.6.14+git.150.1540e575faf-15.1
libsamba-credentials0-4.6.14+git.150.1540e575faf-15.1
libsamba-credentials0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libsamba-errors-devel-4.6.14+git.150.1540e575faf-15.1
libsamba-errors0-4.6.14+git.150.1540e575faf-15.1
libsamba-errors0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libsamba-hostconfig-devel-4.6.14+git.150.1540e575faf-15.1
libsamba-hostconfig0-4.6.14+git.150.1540e575faf-15.1
libsamba-hostconfig0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libsamba-passdb-devel-4.6.14+git.150.1540e575faf-15.1
libsamba-passdb0-4.6.14+git.150.1540e575faf-15.1
libsamba-passdb0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libsamba-policy-devel-4.6.14+git.150.1540e575faf-15.1
libsamba-policy0-4.6.14+git.150.1540e575faf-15.1
libsamba-policy0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libsamba-util-devel-4.6.14+git.150.1540e575faf-15.1
libsamba-util0-4.6.14+git.150.1540e575faf-15.1
libsamba-util0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libsamdb-devel-4.6.14+git.150.1540e575faf-15.1
libsamdb0-4.6.14+git.150.1540e575faf-15.1
libsamdb0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libsmbclient-devel-4.6.14+git.150.1540e575faf-15.1
libsmbclient0-4.6.14+git.150.1540e575faf-15.1
libsmbclient0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libsmbconf-devel-4.6.14+git.150.1540e575faf-15.1
libsmbconf0-4.6.14+git.150.1540e575faf-15.1
libsmbconf0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libsmbldap-devel-4.6.14+git.150.1540e575faf-15.1
libsmbldap0-4.6.14+git.150.1540e575faf-15.1
libsmbldap0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libtevent-util-devel-4.6.14+git.150.1540e575faf-15.1
libtevent-util0-4.6.14+git.150.1540e575faf-15.1
libtevent-util0-debuginfo-4.6.14+git.150.1540e575faf-15.1
libwbclient-devel-4.6.14+git.150.1540e575faf-15.1
libwbclient0-4.6.14+git.150.1540e575faf-15.1
libwbclient0-debuginfo-4.6.14+git.150.1540e575faf-15.1
samba-4.6.14+git.150.1540e575faf-15.1
samba-client-4.6.14+git.150.1540e575faf-15.1
samba-client-debuginfo-4.6.14+git.150.1540e575faf-15.1
samba-core-devel-4.6.14+git.150.1540e575faf-15.1
samba-debuginfo-4.6.14+git.150.1540e575faf-15.1
samba-debugsource-4.6.14+git.150.1540e575faf-15.1
samba-libs-4.6.14+git.150.1540e575faf-15.1
samba-libs-debuginfo-4.6.14+git.150.1540e575faf-15.1
samba-pidl-4.6.14+git.150.1540e575faf-15.1
samba-python-4.6.14+git.150.1540e575faf-15.1
samba-python-debuginfo-4.6.14+git.150.1540e575faf-15.1
samba-test-4.6.14+git.150.1540e575faf-15.1
samba-test-debuginfo-4.6.14+git.150.1540e575faf-15.1
samba-winbind-4.6.14+git.150.1540e575faf-15.1
samba-winbind-debuginfo-4.6.14+git.150.1540e575faf-15.1
– openSUSE Leap 42.3 (noarch):
samba-doc-4.6.14+git.150.1540e575faf-15.1
– openSUSE Leap 42.3 (x86_64):
libdcerpc-binding0-32bit-4.6.14+git.150.1540e575faf-15.1
libdcerpc-binding0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libdcerpc-samr0-32bit-4.6.14+git.150.1540e575faf-15.1
libdcerpc-samr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libdcerpc0-32bit-4.6.14+git.150.1540e575faf-15.1
libdcerpc0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libndr-krb5pac0-32bit-4.6.14+git.150.1540e575faf-15.1
libndr-krb5pac0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libndr-nbt0-32bit-4.6.14+git.150.1540e575faf-15.1
libndr-nbt0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libndr-standard0-32bit-4.6.14+git.150.1540e575faf-15.1
libndr-standard0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libndr0-32bit-4.6.14+git.150.1540e575faf-15.1
libndr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libnetapi0-32bit-4.6.14+git.150.1540e575faf-15.1
libnetapi0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libsamba-credentials0-32bit-4.6.14+git.150.1540e575faf-15.1
libsamba-credentials0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libsamba-errors0-32bit-4.6.14+git.150.1540e575faf-15.1
libsamba-errors0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libsamba-hostconfig0-32bit-4.6.14+git.150.1540e575faf-15.1
libsamba-hostconfig0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libsamba-passdb0-32bit-4.6.14+git.150.1540e575faf-15.1
libsamba-passdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libsamba-policy0-32bit-4.6.14+git.150.1540e575faf-15.1
libsamba-policy0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libsamba-util0-32bit-4.6.14+git.150.1540e575faf-15.1
libsamba-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libsamdb0-32bit-4.6.14+git.150.1540e575faf-15.1
libsamdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libsmbclient0-32bit-4.6.14+git.150.1540e575faf-15.1
libsmbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libsmbconf0-32bit-4.6.14+git.150.1540e575faf-15.1
libsmbconf0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libsmbldap0-32bit-4.6.14+git.150.1540e575faf-15.1
libsmbldap0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libtevent-util0-32bit-4.6.14+git.150.1540e575faf-15.1
libtevent-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
libwbclient0-32bit-4.6.14+git.150.1540e575faf-15.1
libwbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
samba-ceph-4.6.14+git.150.1540e575faf-15.1
samba-ceph-debuginfo-4.6.14+git.150.1540e575faf-15.1
samba-client-32bit-4.6.14+git.150.1540e575faf-15.1
samba-client-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
samba-libs-32bit-4.6.14+git.150.1540e575faf-15.1
samba-libs-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
samba-winbind-32bit-4.6.14+git.150.1540e575faf-15.1
samba-winbind-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1
References:
https://www.suse.com/security/cve/CVE-2018-1057.html
https://bugzilla.suse.com/1081024
https://bugzilla.suse.com/1093664
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org