No urgency for us; a quick check shows that we don't have any servers using Samba (or at least talking on port 137). Company policy requires:  This message may contain confidential and/or privileged information.  If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein.  If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message.  Thank you for your cooperation. -----Original Message----- From: opensuse-security@opensuse.org [mailto:opensuse-security@opensuse.org] Sent: Tuesday, April 08, 2014 2:05 PM To: opensuse-security-announce@opensuse.org Subject: [security-announce] SUSE-SU-2014:0497-1: important: Security update for Samba SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0497-1 Rating: important References: #726937 #786677 #844307 #847009 #849224 #863748 #865561 Cross-References: CVE-2013-4496 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: The Samba fileserver suite was updated to fix bugs and security issues. The following security issue have been fixed: * No Password lockout or ratelimiting was enforced for SAMR password changes, making brute force guessing attacks possible. CVE-2013-4496. Also the following feature has been added: * Allow smbcacls to take a '--propagate-inheritance' flag to indicate that the add, delete, modify and set operations now support automatic propagation of inheritable ACE(s); (FATE#316474). And the following bugs have been fixed: * Fixed problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748). * Fixed memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561). * Fixed Winbind 100% CPU utilization caused by domain list corruption; (bso#10358); (bnc#786677). * Make winbindd print the interface version when it gets an INTERFACE_VERSION request; (bnc#726937). Security Issue reference: * CVE-2013-4496 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496

Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-cifs-mount-9010 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cifs-mount-9010 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cifs-mount-9010 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cifs-mount-9010 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.50.1 libnetapi-devel-3.6.3-0.50.1 libnetapi0-3.6.3-0.50.1 libsmbclient-devel-3.6.3-0.50.1 libsmbsharemodes-devel-3.6.3-0.50.1 libsmbsharemodes0-3.6.3-0.50.1 libtalloc-devel-3.6.3-0.50.1 libtdb-devel-3.6.3-0.50.1 libtevent-devel-3.6.3-0.50.1 libwbclient-devel-3.6.3-0.50.1 samba-devel-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ldapsmb-1.34b-12.50.1 libldb1-3.6.3-0.50.1 libsmbclient0-3.6.3-0.50.1 libtalloc2-3.6.3-0.50.1 libtdb1-3.6.3-0.50.1 libtevent0-3.6.3-0.50.1 libwbclient0-3.6.3-0.50.1 samba-3.6.3-0.50.1 samba-client-3.6.3-0.50.1 samba-krb-printing-3.6.3-0.50.1 samba-winbind-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.50.1 libtalloc2-32bit-3.6.3-0.50.1 libtdb1-32bit-3.6.3-0.50.1 libtevent0-32bit-3.6.3-0.50.1 libwbclient0-32bit-3.6.3-0.50.1 samba-32bit-3.6.3-0.50.1 samba-client-32bit-3.6.3-0.50.1 samba-winbind-32bit-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): samba-doc-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-12.50.1 libldb1-3.6.3-0.50.1 libsmbclient0-3.6.3-0.50.1 libtalloc2-3.6.3-0.50.1 libtdb1-3.6.3-0.50.1 libtevent0-3.6.3-0.50.1 libwbclient0-3.6.3-0.50.1 samba-3.6.3-0.50.1 samba-client-3.6.3-0.50.1 samba-krb-printing-3.6.3-0.50.1 samba-winbind-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.50.1 libtalloc2-32bit-3.6.3-0.50.1 libtdb1-32bit-3.6.3-0.50.1 libtevent0-32bit-3.6.3-0.50.1 libwbclient0-32bit-3.6.3-0.50.1 samba-32bit-3.6.3-0.50.1 samba-client-32bit-3.6.3-0.50.1 samba-winbind-32bit-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): samba-doc-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libsmbclient0-x86-3.6.3-0.50.1 libtalloc2-x86-3.6.3-0.50.1 libtdb1-x86-3.6.3-0.50.1 libwbclient0-x86-3.6.3-0.50.1 samba-client-x86-3.6.3-0.50.1 samba-winbind-x86-3.6.3-0.50.1 samba-x86-3.6.3-0.50.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libldb1-3.6.3-0.50.1 libsmbclient0-3.6.3-0.50.1 libtalloc2-3.6.3-0.50.1 libtdb1-3.6.3-0.50.1 libtevent0-3.6.3-0.50.1 libwbclient0-3.6.3-0.50.1 samba-3.6.3-0.50.1 samba-client-3.6.3-0.50.1 samba-krb-printing-3.6.3-0.50.1 samba-winbind-3.6.3-0.50.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libldb1-32bit-3.6.3-0.50.1 libsmbclient0-32bit-3.6.3-0.50.1 libtalloc2-32bit-3.6.3-0.50.1 libtdb1-32bit-3.6.3-0.50.1 libtevent0-32bit-3.6.3-0.50.1 libwbclient0-32bit-3.6.3-0.50.1 samba-32bit-3.6.3-0.50.1 samba-client-32bit-3.6.3-0.50.1 samba-winbind-32bit-3.6.3-0.50.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): samba-doc-3.6.3-0.50.1 References: http://support.novell.com/security/cve/CVE-2013-4496.html https://bugzilla.novell.com/726937 https://bugzilla.novell.com/786677 https://bugzilla.novell.com/844307 https://bugzilla.novell.com/847009 https://bugzilla.novell.com/849224 https://bugzilla.novell.com/863748 https://bugzilla.novell.com/865561 http://download.suse.com/patch/finder/?keywords=4a7ee13a3179340603da9ffb1703... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org