SuSE Local Security Checks : openSUSE: Security Advisory for ldb, (openSUSE-SU-2020:1313-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.853399

Kategorie: SuSE Local Security Checks

Titel: openSUSE: Security Advisory for ldb, (openSUSE-SU-2020:1313-1)

Zusammenfassung: The remote host is missing an update for the 'ldb, '; package(s) announced via the openSUSE-SU-2020:1313-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'ldb, '
package(s) announced via the openSUSE-SU-2020:1313-1 advisory.

Vulnerability Insight:
This update for ldb, samba fixes the following issues:

Changes in samba:

- Update to samba 4.11.11
+ CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and
VLV combined, (bso#14364), (bsc#1173159]
+ CVE-2020-10745: invalid DNS or NBT queries containing dots use several
seconds of CPU each, (bso#14378), (bsc#1173160).
+ CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server
with paged_result or VLV, (bso#14402), (bsc#1173161)
+ CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC
nbt_server, (bso#14417), (bsc#1173359).

- Update to samba 4.11.10
+ Fix segfault when using SMBC_opendir_ctx() routine for share folder
that contains incorrect symbols in any file name, (bso#14374).
+ vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode,
(bso#14350)
+ ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr, (bso#14413).
+ Malicious SMB1 server can crash libsmbclient, (bso#14366)
+ winbindd: Fix a use-after-free when winbind clients exit, (bso#14382)
+ ldb: Bump version to 2.0.11, LMDB databases can grow without bounds.
(bso#14330)

- Update to samba 4.11.9
+ nmblib: Avoid undefined behaviour in handle_name_ptrs(), (bso#14242).
+ 'samba-tool group' commands do not handle group names with special
chars correctly, (bso#14296).
+ smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid,
(bso#14237).
+ Missing check for DMAPI offline status in async DOS attributes,
(bso#14293).
+ smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs,
(bso#14307).
+ vfs_recycle: Prevent flooding the log if we're called on non-existent
paths, (bso#14316)
+ smbd mistakenly updates a file's write-time on close, (bso#14320).
+ RPC handles cannot be differentiated in source3 RPC server,
(bso#14359).
+ librpc: Fix IDL for svcctl_ChangeServiceConfigW, (bso#14313).
+ nsswitch: Fix use-after-free causing segfault in _pam_delete_cred,
(bso#14327).
+ Fix fruit:time machine max size on arm, (bso#13622)
+ CTDB recovery corner cases can cause record resurrection and node
banning, (bso#14294).
+ ctdb: Fix a memleak, (bso#14348).
+ libsmb: Don't try to find posix stat info in SMBC_getatr().
+ ctdb-tcp: Move free of inbound queue to TCP restart, (bso#14295),
(bsc#1162680).
+ s3/librpc/crypto: Fix double free with unresolved credential cache,
(bso#14344), (bsc#1169095)
+ s3:libads: Fix ads_get_upn(), (bso#14336).
+ CTDB recovery corner cases can cause record resurrection and node
banning, (bso#14294)
+ Starting ctdb node that was powered off hard before results in
...

Description truncated. Please see the references for more information.

Affected Software/OS:
'ldb, ' package(s) on openSUSE Leap 15.2.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-10700
Common Vulnerability Exposure (CVE) ID: CVE-2020-10704
Common Vulnerability Exposure (CVE) ID: CVE-2020-10730
Common Vulnerability Exposure (CVE) ID: CVE-2020-10745
Common Vulnerability Exposure (CVE) ID: CVE-2020-10760
Common Vulnerability Exposure (CVE) ID: CVE-2020-14303

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.853399
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for ldb, (openSUSE-SU-2020:1313-1)
Zusammenfassung:	The remote host is missing an update for the 'ldb, '; package(s) announced via the openSUSE-SU-2020:1313-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ldb, ' package(s) announced via the openSUSE-SU-2020:1313-1 advisory. Vulnerability Insight: This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined, (bso#14364), (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each, (bso#14378), (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV, (bso#14402), (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server, (bso#14417), (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name, (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode, (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr, (bso#14413). + Malicious SMB1 server can crash libsmbclient, (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit, (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(), (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly, (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid, (bso#14237). + Missing check for DMAPI offline status in async DOS attributes, (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs, (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existent paths, (bso#14316) + smbd mistakenly updates a file's write-time on close, (bso#14320). + RPC handles cannot be differentiated in source3 RPC server, (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW, (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred, (bso#14327). + Fix fruit:time machine max size on arm, (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning, (bso#14294). + ctdb: Fix a memleak, (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart, (bso#14295), (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache, (bso#14344), (bsc#1169095) + s3:libads: Fix ads_get_upn(), (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning, (bso#14294) + Starting ctdb node that was powered off hard before results in ... Description truncated. Please see the references for more information. Affected Software/OS: 'ldb, ' package(s) on openSUSE Leap 15.2. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-10700 Common Vulnerability Exposure (CVE) ID: CVE-2020-10704 Common Vulnerability Exposure (CVE) ID: CVE-2020-10730 Common Vulnerability Exposure (CVE) ID: CVE-2020-10745 Common Vulnerability Exposure (CVE) ID: CVE-2020-10760 Common Vulnerability Exposure (CVE) ID: CVE-2020-14303
Copyright	Copyright (C) 2020 Greenbone Networks GmbH