openSUSE-SU-2014:0405-1: moderate: samba: security and bugfix update
openSUSE Security Update: samba: security and bugfix update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0405-1 Rating: moderate References: #437293 #741623 #755663 #786677 #844307 #844720 #849224 #853021 #853347 #854520 #863748 #865561 Cross-References: CVE-2012-6150 CVE-2013-4408 CVE-2013-4496 Affected Products: openSUSE 12.3 ______________________________________________________________________________ An update that solves three vulnerabilities and has 9 fixes is now available. Description: Samba was updated to fix security issues and bugs: Security issues fixed: - Password lockout was not enforced for SAMR password changes, this allowed brute force attacks on passwords. CVE-2013-4496; (bnc#849224). - The DCE-RPC fragment length field is incorrectly checked, which could expose samba clients to buffer overflow exploits caused by malicious servers; CVE-2013-4408; (bnc#844720). - The pam_winbind login without require_membership_of restrictions could allow fallbacks to local users even if they were not intended to be allowed; CVE-2012-6150; (bnc#853347). Also non security bugs were fixed: - Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748). - Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561). - Depend on %version-%release with all manual Provides and Requires; (bnc#844307). - Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293). - Fix Winbind 100% CPU utilization caused by domain list corruption; (bso#10358); (bnc#786677). - Samba is chatty about being unable to open a printer; (bso#10118). - nsswitch: Fix short writes in winbind_write_sock; (bso#10195). - xattr: fix listing EAs on *BSD for non-root users; (bso#10247). - spoolss: accept XPS_PASS datatype used by Windows 8; (bso#10267). - The preceding bugs are tracked by (bnc#854520) too. - Make use of the full gpg pub key file name including the key ID. - Remove bogus libsmbclient0 package description and cleanup the libsmbclient line from baselibs.conf; (bnc#853021). - Allow smbcacls to take a '--propagate-inheritance' flag to indicate that the add, delete, modify and set operations now support automatic propagation of inheritable ACE(s); (FATE#316474). - Attempt to use samlogon validation level 6; (bso#7945); (bnc#741623). - Recover from ncacn_ip_tcp ACCESS_DENIED/SEC_PKG_ERROR lsa errors; (bso#7944); (bnc#755663). - Fix lsa_LookupSids3 and lsa_LookupNames4 arguments. - Use simplified smb signing infrastructure; (bnc#741623). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2014-229 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): libnetapi-devel-3.6.12-59.19.1 libnetapi0-3.6.12-59.19.1 libnetapi0-debuginfo-3.6.12-59.19.1 libsmbclient-devel-3.6.12-59.19.1 libsmbclient0-3.6.12-59.19.1 libsmbclient0-debuginfo-3.6.12-59.19.1 libsmbsharemodes-devel-3.6.12-59.19.1 libsmbsharemodes0-3.6.12-59.19.1 libsmbsharemodes0-debuginfo-3.6.12-59.19.1 libwbclient-devel-3.6.12-59.19.1 libwbclient0-3.6.12-59.19.1 libwbclient0-debuginfo-3.6.12-59.19.1 samba-3.6.12-59.19.1 samba-client-3.6.12-59.19.1 samba-client-debuginfo-3.6.12-59.19.1 samba-debuginfo-3.6.12-59.19.1 samba-debugsource-3.6.12-59.19.1 samba-devel-3.6.12-59.19.1 samba-krb-printing-3.6.12-59.19.1 samba-krb-printing-debuginfo-3.6.12-59.19.1 samba-winbind-3.6.12-59.19.1 samba-winbind-debuginfo-3.6.12-59.19.1 - openSUSE 12.3 (x86_64): libsmbclient0-32bit-3.6.12-59.19.1 libsmbclient0-debuginfo-32bit-3.6.12-59.19.1 libwbclient0-32bit-3.6.12-59.19.1 libwbclient0-debuginfo-32bit-3.6.12-59.19.1 samba-32bit-3.6.12-59.19.1 samba-client-32bit-3.6.12-59.19.1 samba-client-debuginfo-32bit-3.6.12-59.19.1 samba-debuginfo-32bit-3.6.12-59.19.1 samba-winbind-32bit-3.6.12-59.19.1 samba-winbind-debuginfo-32bit-3.6.12-59.19.1 - openSUSE 12.3 (noarch): samba-doc-3.6.12-59.19.1 References: http://support.novell.com/security/cve/CVE-2012-6150.html http://support.novell.com/security/cve/CVE-2013-4408.html http://support.novell.com/security/cve/CVE-2013-4496.html https://bugzilla.novell.com/437293 https://bugzilla.novell.com/741623 https://bugzilla.novell.com/755663 https://bugzilla.novell.com/786677 https://bugzilla.novell.com/844307 https://bugzilla.novell.com/844720 https://bugzilla.novell.com/849224 https://bugzilla.novell.com/853021 https://bugzilla.novell.com/853347 https://bugzilla.novell.com/854520 https://bugzilla.novell.com/863748 https://bugzilla.novell.com/865561
participants (1)
-
opensuse-security@opensuse.org