openSUSE-SU-2013:1921-1: moderate: update for samba

19 Dec 2013

      openSUSE Security Update: update for samba
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2013:1921-1
Rating:             moderate
References:         #844720 #848101 #848103 #853021 #853347 
Cross-References:   CVE-2012-6150 CVE-2013-4408 CVE-2013-4475
                    CVE-2013-4476
Affected Products:
                    openSUSE 13.1
______________________________________________________________________________

   An update that solves four vulnerabilities and has one
   errata is now available.

Description:

   - Update to 4.1.3.
   + DCE-RPC fragment length field is incorrectly checked;
   CVE-2013-4408; (bnc#844720).
   + pam_winbind login without require_membership_of
   restrictions; CVE-2012-6150; (bnc#853347).

   - Make use of the full gpg pub key file name including the
   key ID.

   - Add transparent file compression support; (fate#316266).
   + Implement FSCTL_GET_COMPRESSION and
   FSCTL_SET_COMPRESSION handlers.
   + Add FILE_ATTRIBUTE_COMPRESSED and FILE_NO_COMPRESSION
   support.
   + Extend vfs_btrfs VFS module to utilize get/set
   compression hooks.

   - Add support for FSCTL_SRV_COPYCHUNK_WRITE; (fate#314770).

   - Remove bogus libsmbclient0 package description and
   cleanup the libsmbclient line from baselibs.conf;
   (bnc#853021).

   - BuildRequire systemd on post-12.2 systems.

   - Update to 4.1.2.
   + s4-dns: dlz_bind9: Create dns-HOSTNAME account
   disabled; (bso#9091).
   + dfs_server: Use dsdb_search_one to catch 0 results as
   well as NO_SUCH_OBJECT errors; (bso#10052).
   + Missing talloc_free can leak stackframe in error path;
   (bso#10187).
   + Fix memset used with constant zero length parameter;
   (bso#10190).
   + s4:dsdb/rootdse: report 'dnsHostName' instead of
   'dNSHostName'; (bso#10193).
   + Make offline logon cache updating for cross child
   domain group membership; (bso#10194).
   + nsswitch: Fix short writes in winbind_write_sock;
   (bso#10195).
   + RW Deny for a specific user is not overriding RW Allow
   for a group; (bso#10196).
   + vfs_glusterfs: Fix excessive debug output from
   vfs_gluster_open(); (bso#10224).
   + vfs_glusterfs: Implement proper
   mashalling/unmarshalling of ACLs; (bso#10224).
   + VFS plugin was sending the actual size of the volume
   instead of the total number of block units because of
   which windows was getting the wrong volume capacity;
   (bso#10224).
   + libcli/smb: Fix smb2cli_ioctl*() against Windows 2008;
   (bso#10232).
   + xattr: Fix listing EAs on *BSD for non-root users;
   (bso#10247).
   + Fix the build of vfs_glusterfs; (bso#10253).
   + s3-winbindd: Fix cache_traverse_validate_fn failure for
   NDR cache entries; (bso#10264).
   + util: Remove 32bit macros breaking strict aliasing;
   (bso#10269).

   - Let gpg verify execution condition not fail on non SUSE
   systems.

   - Add systemd support for post-12.2 systems.

   - Update to 4.1.1.
   + ACLs are not checked on opening an alternate data
   stream on a file or directory; CVE-2013-4475;
   (bso#10229); (bnc#848101).
   + Private key in key.pem world readable; CVE-2013-4476;
   (bnc#848103).

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.1:

      zypper in -t patch openSUSE-2013-996

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE 13.1 (i586 x86_64):

      libdcerpc-atsvc-devel-4.1.3-3.12.1
      libdcerpc-atsvc0-4.1.3-3.12.1
      libdcerpc-atsvc0-debuginfo-4.1.3-3.12.1
      libdcerpc-binding0-4.1.3-3.12.1
      libdcerpc-binding0-debuginfo-4.1.3-3.12.1
      libdcerpc-devel-4.1.3-3.12.1
      libdcerpc-samr-devel-4.1.3-3.12.1
      libdcerpc-samr0-4.1.3-3.12.1
      libdcerpc-samr0-debuginfo-4.1.3-3.12.1
      libdcerpc0-4.1.3-3.12.1
      libdcerpc0-debuginfo-4.1.3-3.12.1
      libgensec-devel-4.1.3-3.12.1
      libgensec0-4.1.3-3.12.1
      libgensec0-debuginfo-4.1.3-3.12.1
      libndr-devel-4.1.3-3.12.1
      libndr-krb5pac-devel-4.1.3-3.12.1
      libndr-krb5pac0-4.1.3-3.12.1
      libndr-krb5pac0-debuginfo-4.1.3-3.12.1
      libndr-nbt-devel-4.1.3-3.12.1
      libndr-nbt0-4.1.3-3.12.1
      libndr-nbt0-debuginfo-4.1.3-3.12.1
      libndr-standard-devel-4.1.3-3.12.1
      libndr-standard0-4.1.3-3.12.1
      libndr-standard0-debuginfo-4.1.3-3.12.1
      libndr0-4.1.3-3.12.1
      libndr0-debuginfo-4.1.3-3.12.1
      libnetapi-devel-4.1.3-3.12.1
      libnetapi0-4.1.3-3.12.1
      libnetapi0-debuginfo-4.1.3-3.12.1
      libpdb-devel-4.1.3-3.12.1
      libpdb0-4.1.3-3.12.1
      libpdb0-debuginfo-4.1.3-3.12.1
      libregistry-devel-4.1.3-3.12.1
      libregistry0-4.1.3-3.12.1
      libregistry0-debuginfo-4.1.3-3.12.1
      libsamba-credentials-devel-4.1.3-3.12.1
      libsamba-credentials0-4.1.3-3.12.1
      libsamba-credentials0-debuginfo-4.1.3-3.12.1
      libsamba-hostconfig-devel-4.1.3-3.12.1
      libsamba-hostconfig0-4.1.3-3.12.1
      libsamba-hostconfig0-debuginfo-4.1.3-3.12.1
      libsamba-policy-devel-4.1.3-3.12.1
      libsamba-policy0-4.1.3-3.12.1
      libsamba-policy0-debuginfo-4.1.3-3.12.1
      libsamba-util-devel-4.1.3-3.12.1
      libsamba-util0-4.1.3-3.12.1
      libsamba-util0-debuginfo-4.1.3-3.12.1
      libsamdb-devel-4.1.3-3.12.1
      libsamdb0-4.1.3-3.12.1
      libsamdb0-debuginfo-4.1.3-3.12.1
      libsmbclient-devel-4.1.3-3.12.1
      libsmbclient-raw-devel-4.1.3-3.12.1
      libsmbclient-raw0-4.1.3-3.12.1
      libsmbclient-raw0-debuginfo-4.1.3-3.12.1
      libsmbclient0-4.1.3-3.12.1
      libsmbclient0-debuginfo-4.1.3-3.12.1
      libsmbconf-devel-4.1.3-3.12.1
      libsmbconf0-4.1.3-3.12.1
      libsmbconf0-debuginfo-4.1.3-3.12.1
      libsmbldap-devel-4.1.3-3.12.1
      libsmbldap0-4.1.3-3.12.1
      libsmbldap0-debuginfo-4.1.3-3.12.1
      libsmbsharemodes-devel-4.1.3-3.12.1
      libsmbsharemodes0-4.1.3-3.12.1
      libsmbsharemodes0-debuginfo-4.1.3-3.12.1
      libtevent-util-devel-4.1.3-3.12.1
      libtevent-util0-4.1.3-3.12.1
      libtevent-util0-debuginfo-4.1.3-3.12.1
      libwbclient-devel-4.1.3-3.12.1
      libwbclient0-4.1.3-3.12.1
      libwbclient0-debuginfo-4.1.3-3.12.1
      samba-4.1.3-3.12.1
      samba-client-4.1.3-3.12.1
      samba-client-debuginfo-4.1.3-3.12.1
      samba-core-devel-4.1.3-3.12.1
      samba-debuginfo-4.1.3-3.12.1
      samba-debugsource-4.1.3-3.12.1
      samba-libs-4.1.3-3.12.1
      samba-libs-debuginfo-4.1.3-3.12.1
      samba-pidl-4.1.3-3.12.1
      samba-python-4.1.3-3.12.1
      samba-python-debuginfo-4.1.3-3.12.1
      samba-test-4.1.3-3.12.1
      samba-test-debuginfo-4.1.3-3.12.1
      samba-test-devel-4.1.3-3.12.1
      samba-winbind-4.1.3-3.12.1
      samba-winbind-debuginfo-4.1.3-3.12.1

   - openSUSE 13.1 (x86_64):

      libdcerpc-atsvc0-32bit-4.1.3-3.12.1
      libdcerpc-atsvc0-debuginfo-32bit-4.1.3-3.12.1
      libdcerpc-binding0-32bit-4.1.3-3.12.1
      libdcerpc-binding0-debuginfo-32bit-4.1.3-3.12.1
      libdcerpc-samr0-32bit-4.1.3-3.12.1
      libdcerpc-samr0-debuginfo-32bit-4.1.3-3.12.1
      libdcerpc0-32bit-4.1.3-3.12.1
      libdcerpc0-debuginfo-32bit-4.1.3-3.12.1
      libgensec0-32bit-4.1.3-3.12.1
      libgensec0-debuginfo-32bit-4.1.3-3.12.1
      libndr-krb5pac0-32bit-4.1.3-3.12.1
      libndr-krb5pac0-debuginfo-32bit-4.1.3-3.12.1
      libndr-nbt0-32bit-4.1.3-3.12.1
      libndr-nbt0-debuginfo-32bit-4.1.3-3.12.1
      libndr-standard0-32bit-4.1.3-3.12.1
      libndr-standard0-debuginfo-32bit-4.1.3-3.12.1
      libndr0-32bit-4.1.3-3.12.1
      libndr0-debuginfo-32bit-4.1.3-3.12.1
      libnetapi0-32bit-4.1.3-3.12.1
      libnetapi0-debuginfo-32bit-4.1.3-3.12.1
      libpdb0-32bit-4.1.3-3.12.1
      libpdb0-debuginfo-32bit-4.1.3-3.12.1
      libregistry0-32bit-4.1.3-3.12.1
      libregistry0-debuginfo-32bit-4.1.3-3.12.1
      libsamba-credentials0-32bit-4.1.3-3.12.1
      libsamba-credentials0-debuginfo-32bit-4.1.3-3.12.1
      libsamba-hostconfig0-32bit-4.1.3-3.12.1
      libsamba-hostconfig0-debuginfo-32bit-4.1.3-3.12.1
      libsamba-policy0-32bit-4.1.3-3.12.1
      libsamba-policy0-debuginfo-32bit-4.1.3-3.12.1
      libsamba-util0-32bit-4.1.3-3.12.1
      libsamba-util0-debuginfo-32bit-4.1.3-3.12.1
      libsamdb0-32bit-4.1.3-3.12.1
      libsamdb0-debuginfo-32bit-4.1.3-3.12.1
      libsmbclient-raw0-32bit-4.1.3-3.12.1
      libsmbclient-raw0-debuginfo-32bit-4.1.3-3.12.1
      libsmbclient0-32bit-4.1.3-3.12.1
      libsmbclient0-debuginfo-32bit-4.1.3-3.12.1
      libsmbconf0-32bit-4.1.3-3.12.1
      libsmbconf0-debuginfo-32bit-4.1.3-3.12.1
      libsmbldap0-32bit-4.1.3-3.12.1
      libsmbldap0-debuginfo-32bit-4.1.3-3.12.1
      libtevent-util0-32bit-4.1.3-3.12.1
      libtevent-util0-debuginfo-32bit-4.1.3-3.12.1
      libwbclient0-32bit-4.1.3-3.12.1
      libwbclient0-debuginfo-32bit-4.1.3-3.12.1
      samba-32bit-4.1.3-3.12.1
      samba-client-32bit-4.1.3-3.12.1
      samba-client-debuginfo-32bit-4.1.3-3.12.1
      samba-debuginfo-32bit-4.1.3-3.12.1
      samba-libs-32bit-4.1.3-3.12.1
      samba-libs-debuginfo-32bit-4.1.3-3.12.1
      samba-winbind-32bit-4.1.3-3.12.1
      samba-winbind-debuginfo-32bit-4.1.3-3.12.1

   - openSUSE 13.1 (noarch):

      samba-doc-4.1.3-3.12.1

References:

   http://support.novell.com/security/cve/CVE-2012-6150.html
   http://support.novell.com/security/cve/CVE-2013-4408.html
   http://support.novell.com/security/cve/CVE-2013-4475.html
   http://support.novell.com/security/cve/CVE-2013-4476.html
   https://bugzilla.novell.com/844720
   https://bugzilla.novell.com/848101
   https://bugzilla.novell.com/848103
   https://bugzilla.novell.com/853021
   https://bugzilla.novell.com/853347

opensuse-security＠opensuse.org

tags

participants (1)