SUSE-SU-2020:2673-1: important: Security update for samba

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Sep 17 13:14:17 MDT 2020


   SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2673-1
Rating:             important
References:         #1141267 #1144902 #1154289 #1154598 #1158108 
                    #1158109 #1160850 #1160852 #1160888 #1169850 
                    #1169851 #1173159 #1173160 #1173359 #1174120 
                    
Cross-References:   CVE-2019-10197 CVE-2019-10218 CVE-2019-14833
                    CVE-2019-14847 CVE-2019-14861 CVE-2019-14870
                    CVE-2019-14902 CVE-2019-14907 CVE-2019-19344
                    CVE-2020-10700 CVE-2020-10704 CVE-2020-10730
                    CVE-2020-10745 CVE-2020-10760 CVE-2020-14303
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP5
                    SUSE Linux Enterprise Server 12-SP5
                    SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________

   An update that fixes 15 vulnerabilities is now available.

Description:

   This update for samba to version 4.10.17 fixes the following issues:

   - Fixed net command unable to negotiate SMB2; (bsc#1174120);

   - Update to 4.10.17
     - CVE-2020-10745: Invalid DNS or NBT queries containing dots use several
       seconds of CPU each; (bso#14378); (bsc#1173160).
     - CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and
       VLV combined; (bso#14364); (bsc#1173159).
     - CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP server
       with paged_result or VLV; (bso#14402); (1173161).
     - CVE-2020-14303: Fix endless loop from empty UDP packet sent to AD DC
       nbt_server; (bso#14417); (bsc#1173359).
     - CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and
       VLV combined, ldb: Bump version to 1.5.8; (bso#14364); (bsc#1173159).
   - Update to 4.10.16 s3: lib: Paranoia around use of snprintf copying into
     a fixed-size buffer from a getenv() pointer. lib:util: Fix smbclient -l
     basename dir; (bso#14345). Malicous SMB1 server can crash libsmbclient;
     (bso#14366). s3:libads: Fix ads_get_upn(); (bso#14336). docs-xml: Fix
     usernames in pam_winbind manpages; (bso#14358). Client tools are not
     able to read gencache anymore since 4.10; (bso#14370).
   - Update to 4.10.15
      - CVE-2020-10700: Fix use-after-free in AD DC LDAP server when ASQ and
        paged_results combined; (bso#14331); (bsc#1169850).
      - CVE-2020-10704: Fix LDAP Denial of Service (stack overflow) in Samba
        AD DC; (bso#20454); (bsc#1169851).
   - Update to 4.10.14 s3: lib: nmblib. Clean up and harden nmb packet
     processing; (bso#14239). s3: VFS: full_audit. Use system session_info if
     called from a temporary share definition; (bso#14283). nmblib: Avoid
     undefined behaviour in handle_name_ptrs(); (bso#20193). dsdb: Correctly
     handle memory in objectclass_attrs; (bso#14258). auth: Fix CID 1458418
     Null pointer dereferences (REVERSE_INULL), auth: Fix CID 1458420 Null
     pointer dereferences (REVERSE_INULL); (bso#14247). winbind member
     (source3) fails local SAM auth with empty domain name; (bso#14247).
     winbindd: Handling missing idmap in getgrgid(); (bso#14265). lib:util:
     Log mkdir error on correct debug levels; (bso#14253). wafsamba: Do not
     use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). ctdb-tcp:
     Make error handling for outbound connection consistent; (bso#14274).
     Starting ctdb node that was powered off hard before results in recovery
     loop; (bso#14295).
   - Update to 4.10.13 s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't
     return an inode number; (bso#14161). s3: utils: smbtree. Ensure we don't
     call cli_RNetShareEnum()
       on an SMB1 connection; (bso#14174). s3: libsmb: Ensure return from
        net_share_enum_rpc() sets cli->raw_status on error; (bso#14176). s3:
        smbd: SMB2 - Ensure we use the correct session_id if encrypting an
        interim response; (bso#14189). s3: smbd: Only set
        xconn->smb1.negprot.done = true after
        supported_protocols[protocol].proto_reply_fn() succeeds; (bso#14205).
        pygpo: Use correct method flags; (bso#14209). s3: Remove now unneeded
        call to cmdline_messaging_context(); (bso#13925). Incomplete
        conversion of former parametric options; (bso#14069). Fix sync
        dosmode fallback in async dosmode codepath; (bso#14070). vfs_fruit
        returns capped resource fork length; (bso#14171). s3:printing: Fix %J
        substition; (bso#13745). libnet_join: Add SPNs for
        additional-dns-hostnames entries; (bso#14116). Avoiding bad call
        flags with python 3.8, using METH_NOARGS instead of zero;
        (bso#14209). docs-xml/winbindnssinfo: Clarify interaction with
        idmap_ad etc; (bso#14122). ctdb-tcp: Close inflight connecting TCP
        sockets after fork; (bso#14175). s4:dirsync: Fix interaction of
        dirsync and extended_dn controls; (bso#14153). upgradedns: Ensure
        lmdb lock files linked; (bso#14199). s3: VFS: glusterfs: Reset nlinks
        for symlink entries during readdir; (bso#14182). wscript: Remove
        checks for shm_open and shmget; (bso#14140). libsmbclient:
        smbc_stat() doesn't return the correct st_mode and also the uid/gid
        is not filled (SMBv1); (bso#14101). replace: Only link libnsl and
        libsocket if required; (bso#14168). librpc: Fix string length
        checking in ndr_pull_charset_to_null(); (bso#14219). heimdal-build:
        Avoid hard-coded /usr/include/heimdal in asn1_compile-generated code;
        (bso#13856). ctdb-tcp: Drop tracking of file descriptor for incoming
        connections; (bso#14175). ctdb-scripts: Strip square brackets when
        gathering connection info; (bso#14227).
   - Update to 4.10.12
      - CVE-2019-14902: Replication of ACLs down subtree on AD Directory not
        automatic; (bso#12497); (bsc#1160850);
      - CVE-2019-14907: lib/util: Do not print the failed to convert string
        into the logs; (bso#14208); (bsc#1160888).
      - CVE-2019-19344: kcc dns scavenging: Fix use after free in
        dns_tombstone_records_zone; (bso#14050); (bsc#1160852).
   - Update to 4.10.11
      - CVE-2019-14861: Fix DNSServer RPC server crash; (bso#14138);
        (bsc#1158108).
      - CVE-2019-14870: DelegationNotAllowed not being enforced; (bso#14187);
        (bsc#1158109).
   - Update to 4.10.10
      - CVE-2019-10218 - s3: libsmb: Protect SMB1 and SMB2 client code from
        evil server returned names; (bso#14071); (bsc#1144902).
      - CVE-2019-14833: Use utf8 characters in the unacceptable password;
        (bso#12438); (bsc#1154289).
      - CVE-2019-14847 dsdb: Correct behaviour of ranged_results when
        combined with dirsync; (bso#14040); (bsc#1154598).
      - CVE-2019-14833 dsdb: Send full password to check password script;
        (bso#12438); (bsc#1154289).
   - Update to 4.10.9 Different Device Id for GlusterFS FUSE mount is causing
     data loss in CTDB cluster; (bso#13972). winbind: Provide passwd struct
     for group sid with ID_TYPE_BOTH mapping (again); (bso#14141).
     smbc_readdirplus() is incompatible with smbc_telldir() and
     smbc_lseekdir(); (bso#14094). s3: smbclient: Stop an SMB2-connection
     from blundering into SMB1-specific calls; (bso#14152). s4/scripting:
     MORE py3 compatible print functions. ldb: Release ldb 1.5.6;
     (bso#13978). undoduididx: Add "or later" to warning about using tools
     from Samba 4.8; (bso#13978). ldb_tdb fails to check error return when
     parsing pack formats; (bso#13959). ctdb: Fix compilation on systems with
     glibc robust mutexes; (bso#14038). GPO security filtering based on the
     groups in Kerberos PAC (but primary group is missing); (bso#11362). Fix
     spnego fallback from kerberos to ntlmssp in smbd server; (bso#14106).
     s3-winbindd: fix forest trusts with additional trust attributes;
     (bso#14130). vfs_glusterfs: Use pthreadpool for scheduling aio
     operations; (bso#14098). ldb: baseinfo pack format check on init;
     (bso#13977). ldb: ldbdump key and pack format version comments;
     (bso#13978). Overlinking libreplace against librt and pthread against
     every binary or library causes issues; (bso#14140). ctdb-vacuum: Process
     all records not deleted on a remote node; (bso#14147). classicupgrade:
     Fix uncaught exception; (bso#14136). fault.c: Improve fault_report
     message text pointing to our wiki; (bso#14139). s3:client:Use
     DEVICE_URI, instead of argv[0],for Device URI; (bso#14128). We should
     send SMB2_NETNAME_NEGOTIATE_CONTEXT_ID negotiation context; (bso#14055).
     'pam_winbind' with 'krb5_auth' or 'wbinfo -K' doesn't work for users of
     trusted domains/forests principals" logic; (bso#14124). vfs_glusterfs:
     Enable profiling for file system operations; (bso#14093). vfs_gpfs:
     Implement special case for denying owner access to ACL; (bso#14032).
     Joining Active Directory should not use SAMR to set the password;
     (bso#13884). s3:libsmb: Do not check the SPNEGO neg token for KRB5;
     (bso#14106). Overlinking libreplace against librt and pthread against
     every binary or library causes issues; (bso#14140). 'kpasswd' fails when
     built with MIT Kerberos; (bso#14155). CTDB replies can be lost before
     nodes are bidirectionally connected; (bso#14084). "ctdb stop" command
     completes before databases are frozen; (bso#14087). ctdb-tools: Stop
     deleted nodes from influencing ctdb nodestatus exit code; (bso#14129).
     s3:ldap: Fix join with don't exists machine account; (bso#14007).
   - Update to 4.10.8
      - CVE-2019-10197: Permissions check deny can allow user to escape from
        the share; (bso#14035); (bsc#1141267).
      - CVE-2019-10197: Permissions check deny can allow user to escape from
        the share; (bso#14035); (bsc#1141267).
   - Update to 4.10.7 Unable to create or rename file/directory inside shares
     configured with vfs_glusterfs_fuse module; (bso#14010). build: Allow
     build when '--disable-gnutls' is set; (bso#13844). samba-tool: Add
     'import samba.drs_utils' to fsmo.py; (bso#13973). Fix 'Error 32
     determining PSOs in system' message on old DB with FL upgrade;
     (bso#14008). s4/libnet: Fix joining a Windows pre-2008R2 DC;
     (bso#14021). join: Use a specific attribute order for the DsAddEntry
     nTDSDSA object; (bso#14046). vfs_catia: Pass stat info to
     synthetic_smb_fname(); (bso#14015). lookup_name: Allow own domain lookup
     when flags == 0; (bso#14091). s4 librpc rpc pyrpc: Ensure tevent_context
     deleted last; (bso#13932). DEBUGC and DEBUGADDC doesn't print into a
     class specific log file; (bso#13915). Request to keep deprecated option
     "server schannel", VMWare Quickprep requires "auto"; (bso#13949).
     dbcheck: Fallback to the default tombstoneLifetime of 180 days;
     (bso#13967). dnsProperty fails to decode values from older Windows
     versions; (bso#13969). samba-tool: Use only one LDAP modify for dns
     partition fsmo role transfer; (bso#13973). third_party: Update waf to
     version 2.0.17; (bso#13960). netcmd: Allow 'drs replicate --local' to
     create partitions; (bso#14051). ctdb-config: Depend on /etc/ctdb/nodes
     file; (bso#14017).
   - Update to 4.10.6 s3: winbind: Fix crash when invoking winbind idmap
     scripts; (bso#13956). smbd does not correctly parse arguments passed to
     dfree and quota scripts; (bso#13964). samba-tool dns: use bytes for
     inet_ntop; (bso#13965). samba-tool domain provision: Fix --interactive
     module in python3; (bso#13828). ldb_kv: Skip @ records early in a search
     full scan; (bso#13893). docs: Improve documentation of "lanman auth" and
     "ntlm auth" connection; (bso#13981). python/ntacls: Use correct "state
     directory" smb.conf option instead of "state dir"; (bso#14002).
     registry: Add a missing include; (bso#13840). Fix SMB guest
     authentication; (bso#13944). AppleDouble conversion breaks
     Resourceforks; (bso#13958). vfs_fruit makes direct use of syscalls like
     mmap() and pread(); (bso#13968). s3:mdssvc: Fix flex compilation error;
     (bso#13987). s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly:;
     (bso#13872). dsdb:samdb: schemainfo update with relax control;
     (bso#13799). s3:util: Move static file_pload() function to lib/util;
     (bso#13964). smbd: Fix a panic; (bso#13957). ldap server: Generate
     correct referral schemes; (bso#12478). s4 dsdb/repl_meta_data: fix use
     after free in dsdb_audit_add_ldb_value; (bso#13941). s4 dsdb: Fix use
     after free in samldb_rename_search_base_callback; (bso#13942).
     dsdb/repl: we need to replicate the whole schema before we can apply it;
     (bso#12204). ldb: Release ldb 1.5.5; (bso#12478). Schema replication
     fails if link crosses chunk boundary backwards; (bso#13713). 'samba-tool
     domain schemaupgrade' uses relax control and skips the schemaInfo update
     provision; (bso#13799). dsdb_audit: avoid printing "... remote host
     [Unknown] SID [(NULL SID)] ..."; (bso#13916). python/ntacls: We only
     need security.SEC_STD_READ_CONTROL in
       order to get the ACL; (bso#13917). s3:loadparm: Ensure to truncate FS
        Volume Label at multibyte boundary; (bso#13947). Using Kerberos
        credentials to print using spoolss doesn't work; (bso#13939).
        wafsamba: Use native waf timer; (bso#13998). ctdb-scripts: Fix
        tcp_tw_recycle existence check; (bso#13984).

   This update for ldb to version 1.5.8 fixes the following issues:

   - Update to 1.5.8
      - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when
        ASQ and VLV combined (bsc#1173159).
   - Update to 1.5.7
      - CVE-2020-10700: Fixed a use-after-free in AD DC LDAP server when ASQ
        and paged_results combined (bsc#1169850).
   - Update to 1.5.6
      - Fix segfault parsing new pack formats or invalid packed data
      - Check for new pack formats during startup
      - Making ldbdump print out pack format info and keys so we have low
        level visibility for testing in python
   - Update to 1.5.5 LDAP_REFERRAL_SCHEME_OPAQUE was added Skip @ records
     early in a search full scan


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP5:

      zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2673=1

   - SUSE Linux Enterprise Server 12-SP5:

      zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2673=1

   - SUSE Linux Enterprise High Availability 12-SP5:

      zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2673=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):

      ldb-debugsource-1.5.8-3.5.1
      libldb-devel-1.5.8-3.5.1
      libndr-devel-4.10.17+git.203.862547088ca-3.14.1
      libndr-krb5pac-devel-4.10.17+git.203.862547088ca-3.14.1
      libndr-nbt-devel-4.10.17+git.203.862547088ca-3.14.1
      libndr-standard-devel-4.10.17+git.203.862547088ca-3.14.1
      libsamba-util-devel-4.10.17+git.203.862547088ca-3.14.1
      libsmbclient-devel-4.10.17+git.203.862547088ca-3.14.1
      libwbclient-devel-4.10.17+git.203.862547088ca-3.14.1
      python-ldb-1.5.8-3.5.1
      python-ldb-debuginfo-1.5.8-3.5.1
      python-ldb-devel-1.5.8-3.5.1
      samba-core-devel-4.10.17+git.203.862547088ca-3.14.1
      samba-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      samba-debugsource-4.10.17+git.203.862547088ca-3.14.1

   - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):

      ldb-debugsource-1.5.8-3.5.1
      ldb-tools-1.5.8-3.5.1
      ldb-tools-debuginfo-1.5.8-3.5.1
      libdcerpc-binding0-4.10.17+git.203.862547088ca-3.14.1
      libdcerpc-binding0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libdcerpc0-4.10.17+git.203.862547088ca-3.14.1
      libdcerpc0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libldb1-1.5.8-3.5.1
      libldb1-debuginfo-1.5.8-3.5.1
      libndr-krb5pac0-4.10.17+git.203.862547088ca-3.14.1
      libndr-krb5pac0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libndr-nbt0-4.10.17+git.203.862547088ca-3.14.1
      libndr-nbt0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libndr-standard0-4.10.17+git.203.862547088ca-3.14.1
      libndr-standard0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libndr0-4.10.17+git.203.862547088ca-3.14.1
      libndr0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libnetapi0-4.10.17+git.203.862547088ca-3.14.1
      libnetapi0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libsamba-credentials0-4.10.17+git.203.862547088ca-3.14.1
      libsamba-credentials0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libsamba-errors0-4.10.17+git.203.862547088ca-3.14.1
      libsamba-errors0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libsamba-hostconfig0-4.10.17+git.203.862547088ca-3.14.1
      libsamba-hostconfig0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libsamba-passdb0-4.10.17+git.203.862547088ca-3.14.1
      libsamba-passdb0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libsamba-util0-4.10.17+git.203.862547088ca-3.14.1
      libsamba-util0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libsamdb0-4.10.17+git.203.862547088ca-3.14.1
      libsamdb0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libsmbclient0-4.10.17+git.203.862547088ca-3.14.1
      libsmbclient0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libsmbconf0-4.10.17+git.203.862547088ca-3.14.1
      libsmbconf0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libsmbldap2-4.10.17+git.203.862547088ca-3.14.1
      libsmbldap2-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libtevent-util0-4.10.17+git.203.862547088ca-3.14.1
      libtevent-util0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      libwbclient0-4.10.17+git.203.862547088ca-3.14.1
      libwbclient0-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      samba-4.10.17+git.203.862547088ca-3.14.1
      samba-client-4.10.17+git.203.862547088ca-3.14.1
      samba-client-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      samba-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      samba-debugsource-4.10.17+git.203.862547088ca-3.14.1
      samba-libs-4.10.17+git.203.862547088ca-3.14.1
      samba-libs-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      samba-libs-python3-4.10.17+git.203.862547088ca-3.14.1
      samba-libs-python3-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      samba-winbind-4.10.17+git.203.862547088ca-3.14.1
      samba-winbind-debuginfo-4.10.17+git.203.862547088ca-3.14.1

   - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):

      libdcerpc-binding0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libdcerpc-binding0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libdcerpc0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libdcerpc0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libldb1-32bit-1.5.8-3.5.1
      libldb1-debuginfo-32bit-1.5.8-3.5.1
      libndr-krb5pac0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libndr-krb5pac0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libndr-nbt0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libndr-nbt0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libndr-standard0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libndr-standard0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libndr0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libndr0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libnetapi0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libnetapi0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsamba-credentials0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsamba-credentials0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsamba-errors0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsamba-errors0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsamba-hostconfig0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsamba-hostconfig0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsamba-passdb0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsamba-passdb0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsamba-util0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsamba-util0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsamdb0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsamdb0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsmbclient0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsmbclient0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsmbconf0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsmbconf0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsmbldap2-32bit-4.10.17+git.203.862547088ca-3.14.1
      libsmbldap2-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libtevent-util0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libtevent-util0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      libwbclient0-32bit-4.10.17+git.203.862547088ca-3.14.1
      libwbclient0-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      samba-client-32bit-4.10.17+git.203.862547088ca-3.14.1
      samba-client-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      samba-libs-32bit-4.10.17+git.203.862547088ca-3.14.1
      samba-libs-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      samba-libs-python3-32bit-4.10.17+git.203.862547088ca-3.14.1
      samba-libs-python3-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1
      samba-winbind-32bit-4.10.17+git.203.862547088ca-3.14.1
      samba-winbind-debuginfo-32bit-4.10.17+git.203.862547088ca-3.14.1

   - SUSE Linux Enterprise Server 12-SP5 (noarch):

      samba-doc-4.10.17+git.203.862547088ca-3.14.1

   - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

      ctdb-4.10.17+git.203.862547088ca-3.14.1
      ctdb-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      samba-debuginfo-4.10.17+git.203.862547088ca-3.14.1
      samba-debugsource-4.10.17+git.203.862547088ca-3.14.1


References:

   https://www.suse.com/security/cve/CVE-2019-10197.html
   https://www.suse.com/security/cve/CVE-2019-10218.html
   https://www.suse.com/security/cve/CVE-2019-14833.html
   https://www.suse.com/security/cve/CVE-2019-14847.html
   https://www.suse.com/security/cve/CVE-2019-14861.html
   https://www.suse.com/security/cve/CVE-2019-14870.html
   https://www.suse.com/security/cve/CVE-2019-14902.html
   https://www.suse.com/security/cve/CVE-2019-14907.html
   https://www.suse.com/security/cve/CVE-2019-19344.html
   https://www.suse.com/security/cve/CVE-2020-10700.html
   https://www.suse.com/security/cve/CVE-2020-10704.html
   https://www.suse.com/security/cve/CVE-2020-10730.html
   https://www.suse.com/security/cve/CVE-2020-10745.html
   https://www.suse.com/security/cve/CVE-2020-10760.html
   https://www.suse.com/security/cve/CVE-2020-14303.html
   https://bugzilla.suse.com/1141267
   https://bugzilla.suse.com/1144902
   https://bugzilla.suse.com/1154289
   https://bugzilla.suse.com/1154598
   https://bugzilla.suse.com/1158108
   https://bugzilla.suse.com/1158109
   https://bugzilla.suse.com/1160850
   https://bugzilla.suse.com/1160852
   https://bugzilla.suse.com/1160888
   https://bugzilla.suse.com/1169850
   https://bugzilla.suse.com/1169851
   https://bugzilla.suse.com/1173159
   https://bugzilla.suse.com/1173160
   https://bugzilla.suse.com/1173359
   https://bugzilla.suse.com/1174120



More information about the sle-security-updates mailing list