Mailinglist Archive: opensuse-updates (102 mails)

< Previous Next >
openSUSE-SU-2014:0404-1: moderate: samba: security and bugfix update to 4.1.6
openSUSE Security Update: samba: security and bugfix update to 4.1.6
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0404-1
Rating: moderate
References: #437293 #726937 #786677 #844307 #846586 #849224
#855866 #856759 #857454 #860648 #860809 #860832
#861135 #862370 #862558 #863079 #863748 #865095
#865397 #865561 #865641 #865771 #867665
Cross-References: CVE-2013-4496 CVE-2013-6442
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that solves two vulnerabilities and has 21 fixes
is now available.

Description:


Samba was updated to 4.1.6, fixing bugs and security issues:


- Password lockout not enforced for SAMR password changes,
this allowed brute forcing of passwords; CVE-2013-4496;
(bnc#849224).

- smbcacls can remove a file or directory ACL by mistake;
CVE-2013-6442; (bnc#855866).

Also the following bugs were fixed:
- Call update-apparmor-samba-profile via ExecStartPre too;
(bnc#867665).

- Retry named pipe open requests on
STATUS_PIPE_NOT_AVAILABLE; (bso#10484); (bnc#865095).

- Propagate snapshot enumeration permissions errors to SMB
clients; (bnc#865641).

- Properly handle empty 'requires_membership_of' entries in
/etc/security/pam_winbind.conf; (bnc#865771).

- Fix problem with server taking too long to respond to a
MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748).
- Fix memory leak in printer_list_get_printer();
(bso#9993); (bnc#865561).

- Fix stream_depot VFS module on Btrfs; (bso#10467);
(bnc#865397).

- Use libarchive to provide improved smbclient tarmode
functionality; (bso#9667); (bnc#861135).

- Depend on %version-%release with all manual Provides and
Requires; (bnc#844307).

- Update to 4.1.5.
+ Fix 100% CPU utilization in winbindd when trying to
free memory in winbindd_reinit_after_fork; (bso#10358);
(bnc#786677).
+ smbd: Fix memory overwrites; (bso#10415).
+ s3-winbind: Improve performance of
wb_fill_pwent_sid2uid_done(); (bso#2191).
+ ntlm_auth sometimes returns the wrong username to
mod_ntlm_auth_winbind; (bso#10087).
+ s3: smbpasswd: Fix crashes on invalid input;
(bso#10320).
+ s3: vfs_dirsort module: Allow dirsort to work when
multiple simultaneous directories are open; (bso#10406).
+ Add support for Heimdal's unified krb5 and hdb plugin
system, cope with first element in hdb_method having a
different name in different heimdal versions and fix
INTERNAL ERROR: Signal 11 in the kdc pid; (bso#10418).
+ vfs_btrfs: Fix incorrect zero length server-side copy
request handling; (bso#10424).
+ s3: modules: streaminfo: As we have no VFS function
SMB_VFS_LLISTXATTR we can't cope with a symlink when
lp_posix_pathnames() is true; (bso#10429).
+ smbd: Fix an ancient oplock bug; (bso#10436).
+ Fix crash bug in smb2_notify code; (bso#10442).

- Remove superfluous obsoletes *-64bit in the ifarch ppc64
case; (bnc#437293).

- Migrate @GMT token parsing functionality into
vfs_snapper; (bnc#863079).
+ Improve vfs_snapper documentation.

- Fix Winbind 100% CPU utilization caused by domain list
corruption; (bso#10358); (bnc#786677).

- Fix memory overwrite in FSCTL_VALIDATE_NEGOTIATE_INFO
handler; (bso#10415); (bnc#862370).

- Streamline the vendor suffix handling and add support for
SLE 12.

- Fix zero length server-side copy request handling;
(bso#10424); (bnc#862558).

- Set the PID directory to /run/samba on post-12.2 systems.

- Make use of the tmpfilesdir macro while calling
systemd-tmpfiles.

- Make winbindd print the interface version when it gets an
INTERFACE_VERSION request; (bnc#726937).

- Fix vfs_btrfs build on older platforms with duplicate
WRITE_FLUSH definitions; (bnc#860832).

- Check for NULL gensec_security in
gensec_security_by_auth_type(); (bnc#860809).

- Ensure ndr table initialization; (bnc#860648).

- Add File Server Remote VSS Protocol (FSRVP) server for
SMB share shadow-copies; (fate#313346).

- s3-dir: Fix the DOS clients against 64-bit smbd's;
(bso#2662).
- shadow_copy2: module "Previous Version" not working in
Windows 7; (bso#10259).
- s3-passdb: Fix string duplication to pointers;
(bso#10367).
- vfs/glusterfs: in case atime is not passed, set it to the
current atime; (bso#10384)

- s3: winbindd: Move calling setup_domain_child() into
add_trusted_domain(); (bso#10358); (bnc#786677).

- Default sysconfig daemon options to -D; (bso#10388);
(bnc#857454).

- Add /var/cache/samba to the client file list;
(bnc#846586).

- Really add the WINBINDDOPTIONS sysconfig variable on
install; (bnc#857454).

- Correct sysconfig variable names by adding the missing D
char; (bnc#857454).

- Update to 4.1.4.
+ Fix segfault in smbd; (bso#10284).
+ Fix SMB2 server panic when a smb2 brlock times out;
(bso#10311).

- Call stop_on_removal from preun and restart_on_update and
insserv_cleanup from postun on pre-12.3 systems only;
(bnc#857454).

- BuildRequire gamin-devel instead of unmaintained
fam-devel package on post-12.1 systems.

- smbd: allow updates on directory write times on open
handles; (bso#9870).
- lib/util: use proper include for struct stat; (bso#10276).
- s3:winbindd fix use of uninitialized variables;
(bso#10280).
- s3-winbindd: Fix DEBUG statement in
winbind_msg_offline(); (bso#10285).
- s3-lib: Fix %G substitution for domain users in smbd;
(bso#10286).
- smbd: Always use UCF_PREP_CREATEFILE for filename_convert
calls to resolve a path for open; (bso#10297).
- smb2_server processing overhead; (bso#10298).
- ldb: bad if test in ldb_comparison_fold(); (bso#10305).
- Fix AIO with SMB2 and locks; (bso#10310).
- smbd: Fix a panic when a smb2 brlock times out;
(bso#10311).
- vfs_glusterfs: Enable per client log file; (bso#10337).

- Add /etc/sysconfig/samba to the main and winbind package;
(bnc#857454).

- Create /var/run/samba with systemd-tmpfiles on post-12.2
systems; (bnc#856759).

- Fix broken rc{nmb,smb,winbind} sym links which should
point to the service binary on post-12.2 systems;
(bnc#856759).

- Add Snapper VFS module for snapshot manipulation;
(fate#313347).
+ dbus-1-devel required at build time.

- Add File Server Remote VSS Protocol (FSRVP) client for
SMB share shadow-copies; (fate#313345).

- Do not BuildRequire perl ExtUtils::MakeMaker and
Parse::Yapp as they're part of the minimum build
environment.


- Allow smbcacls to take a '--propagate-inheritance' flag
to indicate that the add, delete, modify and set
operations now support automatic propagation of
inheritable ACE(s); (FATE#316474).


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-228

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

libdcerpc-atsvc-devel-4.1.6-3.18.1
libdcerpc-atsvc0-4.1.6-3.18.1
libdcerpc-atsvc0-debuginfo-4.1.6-3.18.1
libdcerpc-binding0-4.1.6-3.18.1
libdcerpc-binding0-debuginfo-4.1.6-3.18.1
libdcerpc-devel-4.1.6-3.18.1
libdcerpc-samr-devel-4.1.6-3.18.1
libdcerpc-samr0-4.1.6-3.18.1
libdcerpc-samr0-debuginfo-4.1.6-3.18.1
libdcerpc0-4.1.6-3.18.1
libdcerpc0-debuginfo-4.1.6-3.18.1
libgensec-devel-4.1.6-3.18.1
libgensec0-4.1.6-3.18.1
libgensec0-debuginfo-4.1.6-3.18.1
libndr-devel-4.1.6-3.18.1
libndr-krb5pac-devel-4.1.6-3.18.1
libndr-krb5pac0-4.1.6-3.18.1
libndr-krb5pac0-debuginfo-4.1.6-3.18.1
libndr-nbt-devel-4.1.6-3.18.1
libndr-nbt0-4.1.6-3.18.1
libndr-nbt0-debuginfo-4.1.6-3.18.1
libndr-standard-devel-4.1.6-3.18.1
libndr-standard0-4.1.6-3.18.1
libndr-standard0-debuginfo-4.1.6-3.18.1
libndr0-4.1.6-3.18.1
libndr0-debuginfo-4.1.6-3.18.1
libnetapi-devel-4.1.6-3.18.1
libnetapi0-4.1.6-3.18.1
libnetapi0-debuginfo-4.1.6-3.18.1
libpdb-devel-4.1.6-3.18.1
libpdb0-4.1.6-3.18.1
libpdb0-debuginfo-4.1.6-3.18.1
libregistry-devel-4.1.6-3.18.1
libregistry0-4.1.6-3.18.1
libregistry0-debuginfo-4.1.6-3.18.1
libsamba-credentials-devel-4.1.6-3.18.1
libsamba-credentials0-4.1.6-3.18.1
libsamba-credentials0-debuginfo-4.1.6-3.18.1
libsamba-hostconfig-devel-4.1.6-3.18.1
libsamba-hostconfig0-4.1.6-3.18.1
libsamba-hostconfig0-debuginfo-4.1.6-3.18.1
libsamba-policy-devel-4.1.6-3.18.1
libsamba-policy0-4.1.6-3.18.1
libsamba-policy0-debuginfo-4.1.6-3.18.1
libsamba-util-devel-4.1.6-3.18.1
libsamba-util0-4.1.6-3.18.1
libsamba-util0-debuginfo-4.1.6-3.18.1
libsamdb-devel-4.1.6-3.18.1
libsamdb0-4.1.6-3.18.1
libsamdb0-debuginfo-4.1.6-3.18.1
libsmbclient-devel-4.1.6-3.18.1
libsmbclient-raw-devel-4.1.6-3.18.1
libsmbclient-raw0-4.1.6-3.18.1
libsmbclient-raw0-debuginfo-4.1.6-3.18.1
libsmbclient0-4.1.6-3.18.1
libsmbclient0-debuginfo-4.1.6-3.18.1
libsmbconf-devel-4.1.6-3.18.1
libsmbconf0-4.1.6-3.18.1
libsmbconf0-debuginfo-4.1.6-3.18.1
libsmbldap-devel-4.1.6-3.18.1
libsmbldap0-4.1.6-3.18.1
libsmbldap0-debuginfo-4.1.6-3.18.1
libsmbsharemodes-devel-4.1.6-3.18.1
libsmbsharemodes0-4.1.6-3.18.1
libsmbsharemodes0-debuginfo-4.1.6-3.18.1
libtevent-util-devel-4.1.6-3.18.1
libtevent-util0-4.1.6-3.18.1
libtevent-util0-debuginfo-4.1.6-3.18.1
libwbclient-devel-4.1.6-3.18.1
libwbclient0-4.1.6-3.18.1
libwbclient0-debuginfo-4.1.6-3.18.1
samba-4.1.6-3.18.1
samba-client-4.1.6-3.18.1
samba-client-debuginfo-4.1.6-3.18.1
samba-core-devel-4.1.6-3.18.1
samba-debuginfo-4.1.6-3.18.1
samba-debugsource-4.1.6-3.18.1
samba-libs-4.1.6-3.18.1
samba-libs-debuginfo-4.1.6-3.18.1
samba-pidl-4.1.6-3.18.1
samba-python-4.1.6-3.18.1
samba-python-debuginfo-4.1.6-3.18.1
samba-test-4.1.6-3.18.1
samba-test-debuginfo-4.1.6-3.18.1
samba-test-devel-4.1.6-3.18.1
samba-winbind-4.1.6-3.18.1
samba-winbind-debuginfo-4.1.6-3.18.1

- openSUSE 13.1 (x86_64):

libdcerpc-atsvc0-32bit-4.1.6-3.18.1
libdcerpc-atsvc0-debuginfo-32bit-4.1.6-3.18.1
libdcerpc-binding0-32bit-4.1.6-3.18.1
libdcerpc-binding0-debuginfo-32bit-4.1.6-3.18.1
libdcerpc-samr0-32bit-4.1.6-3.18.1
libdcerpc-samr0-debuginfo-32bit-4.1.6-3.18.1
libdcerpc0-32bit-4.1.6-3.18.1
libdcerpc0-debuginfo-32bit-4.1.6-3.18.1
libgensec0-32bit-4.1.6-3.18.1
libgensec0-debuginfo-32bit-4.1.6-3.18.1
libndr-krb5pac0-32bit-4.1.6-3.18.1
libndr-krb5pac0-debuginfo-32bit-4.1.6-3.18.1
libndr-nbt0-32bit-4.1.6-3.18.1
libndr-nbt0-debuginfo-32bit-4.1.6-3.18.1
libndr-standard0-32bit-4.1.6-3.18.1
libndr-standard0-debuginfo-32bit-4.1.6-3.18.1
libndr0-32bit-4.1.6-3.18.1
libndr0-debuginfo-32bit-4.1.6-3.18.1
libnetapi0-32bit-4.1.6-3.18.1
libnetapi0-debuginfo-32bit-4.1.6-3.18.1
libpdb0-32bit-4.1.6-3.18.1
libpdb0-debuginfo-32bit-4.1.6-3.18.1
libregistry0-32bit-4.1.6-3.18.1
libregistry0-debuginfo-32bit-4.1.6-3.18.1
libsamba-credentials0-32bit-4.1.6-3.18.1
libsamba-credentials0-debuginfo-32bit-4.1.6-3.18.1
libsamba-hostconfig0-32bit-4.1.6-3.18.1
libsamba-hostconfig0-debuginfo-32bit-4.1.6-3.18.1
libsamba-policy0-32bit-4.1.6-3.18.1
libsamba-policy0-debuginfo-32bit-4.1.6-3.18.1
libsamba-util0-32bit-4.1.6-3.18.1
libsamba-util0-debuginfo-32bit-4.1.6-3.18.1
libsamdb0-32bit-4.1.6-3.18.1
libsamdb0-debuginfo-32bit-4.1.6-3.18.1
libsmbclient-raw0-32bit-4.1.6-3.18.1
libsmbclient-raw0-debuginfo-32bit-4.1.6-3.18.1
libsmbclient0-32bit-4.1.6-3.18.1
libsmbclient0-debuginfo-32bit-4.1.6-3.18.1
libsmbconf0-32bit-4.1.6-3.18.1
libsmbconf0-debuginfo-32bit-4.1.6-3.18.1
libsmbldap0-32bit-4.1.6-3.18.1
libsmbldap0-debuginfo-32bit-4.1.6-3.18.1
libtevent-util0-32bit-4.1.6-3.18.1
libtevent-util0-debuginfo-32bit-4.1.6-3.18.1
libwbclient0-32bit-4.1.6-3.18.1
libwbclient0-debuginfo-32bit-4.1.6-3.18.1
samba-32bit-4.1.6-3.18.1
samba-client-32bit-4.1.6-3.18.1
samba-client-debuginfo-32bit-4.1.6-3.18.1
samba-debuginfo-32bit-4.1.6-3.18.1
samba-libs-32bit-4.1.6-3.18.1
samba-libs-debuginfo-32bit-4.1.6-3.18.1
samba-winbind-32bit-4.1.6-3.18.1
samba-winbind-debuginfo-32bit-4.1.6-3.18.1

- openSUSE 13.1 (noarch):

samba-doc-4.1.6-3.18.1


References:

http://support.novell.com/security/cve/CVE-2013-4496.html
http://support.novell.com/security/cve/CVE-2013-6442.html
https://bugzilla.novell.com/437293
https://bugzilla.novell.com/726937
https://bugzilla.novell.com/786677
https://bugzilla.novell.com/844307
https://bugzilla.novell.com/846586
https://bugzilla.novell.com/849224
https://bugzilla.novell.com/855866
https://bugzilla.novell.com/856759
https://bugzilla.novell.com/857454
https://bugzilla.novell.com/860648
https://bugzilla.novell.com/860809
https://bugzilla.novell.com/860832
https://bugzilla.novell.com/861135
https://bugzilla.novell.com/862370
https://bugzilla.novell.com/862558
https://bugzilla.novell.com/863079
https://bugzilla.novell.com/863748
https://bugzilla.novell.com/865095
https://bugzilla.novell.com/865397
https://bugzilla.novell.com/865561
https://bugzilla.novell.com/865641
https://bugzilla.novell.com/865771
https://bugzilla.novell.com/867665


< Previous Next >
This Thread
  • No further messages