openSUSE-SU-2014:0405-1: moderate: samba: security and bugfix update - openSUSE Updates

20 Mar 2014


      openSUSE Security Update: samba: security and bugfix update
______________________________________________________________________________
Announcement ID:    openSUSE-SU-2014:0405-1
Rating:             moderate
References:         #437293 #741623 #755663 #786677 #844307 #844720 
                    #849224 #853021 #853347 #854520 #863748 #865561
Cross-References:   CVE-2012-6150 CVE-2013-4408 CVE-2013-4496
Affected Products:
                    openSUSE 12.3
______________________________________________________________________________
An update that solves three vulnerabilities and has 9 fixes
   is now available.
Description:
Samba was updated to fix security issues and bugs:
Security issues fixed:
   - Password lockout was not enforced for SAMR password
   changes, this allowed brute force attacks on passwords.
   CVE-2013-4496; (bnc#849224).
- The DCE-RPC fragment length field is incorrectly checked,
   which could expose samba clients to buffer overflow
   exploits caused by malicious servers; CVE-2013-4408;
   (bnc#844720).
- The pam_winbind login without require_membership_of
   restrictions could allow fallbacks to local users even if
   they were not intended to be allowed; CVE-2012-6150;
   (bnc#853347).
Also non security bugs were fixed:
   - Fix problem with server taking too long to respond to a
   MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748).
- Fix memory leak in printer_list_get_printer();
   (bso#9993); (bnc#865561).
- Depend on %version-%release with all manual Provides and
   Requires; (bnc#844307).
- Remove superfluous obsoletes *-64bit in the ifarch ppc64
   case; (bnc#437293).
- Fix Winbind 100% CPU utilization caused by domain list
   corruption; (bso#10358); (bnc#786677).
- Samba is chatty about being unable to open a printer;
   (bso#10118).
   - nsswitch: Fix short writes in winbind_write_sock;
   (bso#10195).
   - xattr: fix listing EAs on *BSD for non-root users;
   (bso#10247).
   - spoolss: accept XPS_PASS datatype used by Windows 8;
   (bso#10267).
   - The preceding bugs are tracked by (bnc#854520) too.
- Make use of the full gpg pub key file name including the
   key ID.
- Remove bogus libsmbclient0 package description and
   cleanup the libsmbclient line from baselibs.conf;
   (bnc#853021).
- Allow smbcacls to take a '--propagate-inheritance' flag
   to indicate that the add, delete, modify and set
   operations now support automatic propagation of
   inheritable ACE(s); (FATE#316474).
- Attempt to use samlogon validation level 6; (bso#7945);
   (bnc#741623).
- Recover from ncacn_ip_tcp ACCESS_DENIED/SEC_PKG_ERROR lsa
   errors; (bso#7944); (bnc#755663).
   - Fix lsa_LookupSids3 and lsa_LookupNames4 arguments.
- Use simplified smb signing infrastructure; (bnc#741623).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:
- openSUSE 12.3:
zypper in -t patch openSUSE-2014-229
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.3 (i586 x86_64):
libnetapi-devel-3.6.12-59.19.1
      libnetapi0-3.6.12-59.19.1
      libnetapi0-debuginfo-3.6.12-59.19.1
      libsmbclient-devel-3.6.12-59.19.1
      libsmbclient0-3.6.12-59.19.1
      libsmbclient0-debuginfo-3.6.12-59.19.1
      libsmbsharemodes-devel-3.6.12-59.19.1
      libsmbsharemodes0-3.6.12-59.19.1
      libsmbsharemodes0-debuginfo-3.6.12-59.19.1
      libwbclient-devel-3.6.12-59.19.1
      libwbclient0-3.6.12-59.19.1
      libwbclient0-debuginfo-3.6.12-59.19.1
      samba-3.6.12-59.19.1
      samba-client-3.6.12-59.19.1
      samba-client-debuginfo-3.6.12-59.19.1
      samba-debuginfo-3.6.12-59.19.1
      samba-debugsource-3.6.12-59.19.1
      samba-devel-3.6.12-59.19.1
      samba-krb-printing-3.6.12-59.19.1
      samba-krb-printing-debuginfo-3.6.12-59.19.1
      samba-winbind-3.6.12-59.19.1
      samba-winbind-debuginfo-3.6.12-59.19.1
- openSUSE 12.3 (x86_64):
libsmbclient0-32bit-3.6.12-59.19.1
      libsmbclient0-debuginfo-32bit-3.6.12-59.19.1
      libwbclient0-32bit-3.6.12-59.19.1
      libwbclient0-debuginfo-32bit-3.6.12-59.19.1
      samba-32bit-3.6.12-59.19.1
      samba-client-32bit-3.6.12-59.19.1
      samba-client-debuginfo-32bit-3.6.12-59.19.1
      samba-debuginfo-32bit-3.6.12-59.19.1
      samba-winbind-32bit-3.6.12-59.19.1
      samba-winbind-debuginfo-32bit-3.6.12-59.19.1
- openSUSE 12.3 (noarch):
samba-doc-3.6.12-59.19.1
References:
http://support.novell.com/security/cve/CVE-2012-6150.html
   http://support.novell.com/security/cve/CVE-2013-4408.html
   http://support.novell.com/security/cve/CVE-2013-4496.html
   https://bugzilla.novell.com/437293
   https://bugzilla.novell.com/741623
   https://bugzilla.novell.com/755663
   https://bugzilla.novell.com/786677
   https://bugzilla.novell.com/844307
   https://bugzilla.novell.com/844720
   https://bugzilla.novell.com/849224
   https://bugzilla.novell.com/853021
   https://bugzilla.novell.com/853347
   https://bugzilla.novell.com/854520
   https://bugzilla.novell.com/863748
   https://bugzilla.novell.com/865561