[security-announce] SUSE-SU-2013:0519-1: important: Security update for Samba

SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0519-1 Rating: important References: #499233 #741623 #755663 #759731 #764577 #783384 #799641 #800982 Cross-References: CVE-2013-0213 CVE-2013-0214 Affected Products: SUSE Linux Enterprise Server 10 GPLv3 Extras ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 4.0.1 was affected by a cross-site request forgery; CVE-2013-0214; (bnc#799641). The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 4.0.1 could possibly be used in clickjacking attacks; CVE-2013-0213; (bnc#800982). Also the following bugs have been fixed: * Don't clutter the spec file diff view; (bnc#783384). * s3: Fix uninitialized memory read in talloc_free(); (bnc#764577). * Attempt to use samlogon validation level 6; (bso#7945); (bnc#741623). * Add PreReq /etc/init.d/nscd to the winbind package; (bnc#759731). * Recover from ncacn_ip_tcp ACCESS_DENIED/SEC_PKG_ERROR lsa errors; (bso#7944); (bnc#755663). * Fix lsa_LookupSids3 and lsa_LookupNames4 arguments. Security Issue references: * CVE-2013-0213 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213

* CVE-2013-0214 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214

Package List: - SUSE Linux Enterprise Server 10 GPLv3 Extras (i586 ia64 ppc s390x x86_64): libnetapi-devel-3.4.3-0.47.3 libnetapi0-3.4.3-0.47.3 libtalloc-devel-3.4.3-0.47.3 libtalloc1-3.4.3-0.47.3 libtdb-devel-3.4.3-0.47.3 libtdb1-3.4.3-0.47.3 libwbclient-devel-3.4.3-0.47.3 libwbclient0-3.4.3-0.47.3 samba-gplv3-3.4.3-0.47.3 samba-gplv3-client-3.4.3-0.47.3 samba-gplv3-krb-printing-3.4.3-0.47.3 samba-gplv3-winbind-3.4.3-0.47.3 - SUSE Linux Enterprise Server 10 GPLv3 Extras (noarch): samba-gplv3-doc-3.4.3-0.47.3 References: http://support.novell.com/security/cve/CVE-2013-0213.html http://support.novell.com/security/cve/CVE-2013-0214.html https://bugzilla.novell.com/499233 https://bugzilla.novell.com/741623 https://bugzilla.novell.com/755663 https://bugzilla.novell.com/759731 https://bugzilla.novell.com/764577 https://bugzilla.novell.com/783384 https://bugzilla.novell.com/799641 https://bugzilla.novell.com/800982 http://download.novell.com/patch/finder/?keywords=2420a6d522645b2b55c7b8e17a... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org