Mailinglist Archive: opensuse-updates (102 mails)

< Previous Next >
openSUSE-SU-2014:0405-1: moderate: samba: security and bugfix update
openSUSE Security Update: samba: security and bugfix update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0405-1
Rating: moderate
References: #437293 #741623 #755663 #786677 #844307 #844720
#849224 #853021 #853347 #854520 #863748 #865561

Cross-References: CVE-2012-6150 CVE-2013-4408 CVE-2013-4496

Affected Products:
openSUSE 12.3
______________________________________________________________________________

An update that solves three vulnerabilities and has 9 fixes
is now available.

Description:


Samba was updated to fix security issues and bugs:

Security issues fixed:
- Password lockout was not enforced for SAMR password
changes, this allowed brute force attacks on passwords.
CVE-2013-4496; (bnc#849224).

- The DCE-RPC fragment length field is incorrectly checked,
which could expose samba clients to buffer overflow
exploits caused by malicious servers; CVE-2013-4408;
(bnc#844720).

- The pam_winbind login without require_membership_of
restrictions could allow fallbacks to local users even if
they were not intended to be allowed; CVE-2012-6150;
(bnc#853347).

Also non security bugs were fixed:
- Fix problem with server taking too long to respond to a
MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748).

- Fix memory leak in printer_list_get_printer();
(bso#9993); (bnc#865561).

- Depend on %version-%release with all manual Provides and
Requires; (bnc#844307).

- Remove superfluous obsoletes *-64bit in the ifarch ppc64
case; (bnc#437293).

- Fix Winbind 100% CPU utilization caused by domain list
corruption; (bso#10358); (bnc#786677).

- Samba is chatty about being unable to open a printer;
(bso#10118).
- nsswitch: Fix short writes in winbind_write_sock;
(bso#10195).
- xattr: fix listing EAs on *BSD for non-root users;
(bso#10247).
- spoolss: accept XPS_PASS datatype used by Windows 8;
(bso#10267).
- The preceding bugs are tracked by (bnc#854520) too.


- Make use of the full gpg pub key file name including the
key ID.

- Remove bogus libsmbclient0 package description and
cleanup the libsmbclient line from baselibs.conf;
(bnc#853021).

- Allow smbcacls to take a '--propagate-inheritance' flag
to indicate that the add, delete, modify and set
operations now support automatic propagation of
inheritable ACE(s); (FATE#316474).

- Attempt to use samlogon validation level 6; (bso#7945);
(bnc#741623).

- Recover from ncacn_ip_tcp ACCESS_DENIED/SEC_PKG_ERROR lsa
errors; (bso#7944); (bnc#755663).
- Fix lsa_LookupSids3 and lsa_LookupNames4 arguments.


- Use simplified smb signing infrastructure; (bnc#741623).


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-229

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.3 (i586 x86_64):

libnetapi-devel-3.6.12-59.19.1
libnetapi0-3.6.12-59.19.1
libnetapi0-debuginfo-3.6.12-59.19.1
libsmbclient-devel-3.6.12-59.19.1
libsmbclient0-3.6.12-59.19.1
libsmbclient0-debuginfo-3.6.12-59.19.1
libsmbsharemodes-devel-3.6.12-59.19.1
libsmbsharemodes0-3.6.12-59.19.1
libsmbsharemodes0-debuginfo-3.6.12-59.19.1
libwbclient-devel-3.6.12-59.19.1
libwbclient0-3.6.12-59.19.1
libwbclient0-debuginfo-3.6.12-59.19.1
samba-3.6.12-59.19.1
samba-client-3.6.12-59.19.1
samba-client-debuginfo-3.6.12-59.19.1
samba-debuginfo-3.6.12-59.19.1
samba-debugsource-3.6.12-59.19.1
samba-devel-3.6.12-59.19.1
samba-krb-printing-3.6.12-59.19.1
samba-krb-printing-debuginfo-3.6.12-59.19.1
samba-winbind-3.6.12-59.19.1
samba-winbind-debuginfo-3.6.12-59.19.1

- openSUSE 12.3 (x86_64):

libsmbclient0-32bit-3.6.12-59.19.1
libsmbclient0-debuginfo-32bit-3.6.12-59.19.1
libwbclient0-32bit-3.6.12-59.19.1
libwbclient0-debuginfo-32bit-3.6.12-59.19.1
samba-32bit-3.6.12-59.19.1
samba-client-32bit-3.6.12-59.19.1
samba-client-debuginfo-32bit-3.6.12-59.19.1
samba-debuginfo-32bit-3.6.12-59.19.1
samba-winbind-32bit-3.6.12-59.19.1
samba-winbind-debuginfo-32bit-3.6.12-59.19.1

- openSUSE 12.3 (noarch):

samba-doc-3.6.12-59.19.1


References:

http://support.novell.com/security/cve/CVE-2012-6150.html
http://support.novell.com/security/cve/CVE-2013-4408.html
http://support.novell.com/security/cve/CVE-2013-4496.html
https://bugzilla.novell.com/437293
https://bugzilla.novell.com/741623
https://bugzilla.novell.com/755663
https://bugzilla.novell.com/786677
https://bugzilla.novell.com/844307
https://bugzilla.novell.com/844720
https://bugzilla.novell.com/849224
https://bugzilla.novell.com/853021
https://bugzilla.novell.com/853347
https://bugzilla.novell.com/854520
https://bugzilla.novell.com/863748
https://bugzilla.novell.com/865561


< Previous Next >
This Thread
  • No further messages