openSUSE Security Update: samba: Fixed various security issues ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0346-1 Rating: important References: #550002 #577868 #605935 #606947 #611927 Cross-References: CVE-2010-2063 Affected Products: openSUSE 11.1 openSUSE 11.0 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. It includes two new package versions. Description: This update of the Samba server package fixes security issues and bugs. Following security issues were fixed: CVE-2010-2063: A buffer overrun was possible in chain_reply code in 3.3.x and below, which could be used to crash the samba server or potentially execute code. CVE-2010-0787: Take extra care that a mount point of mount.cifs isn't changed during mount. Also the following bugs were fixed: - Honor "interfaces" list in net ad dns register. (bnc#606947) - An uninitialized variable read could cause an smbd crash; (bso#7254); (bnc#605935). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch cifs-mount-2543 - openSUSE 11.0: zypper in -t patch cifs-mount-2543 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (i586 ppc src x86_64) [New Version: 3.2.7]: samba-3.2.7-11.7.1 - openSUSE 11.1 (i586 ppc x86_64) [New Version: 3.2.7]: cifs-mount-3.2.7-11.7.1 ldapsmb-1.34b-6.7.1 libnetapi-devel-3.2.7-11.7.1 libnetapi0-3.2.7-11.7.1 libsmbclient-devel-3.2.7-11.7.1 libsmbclient0-3.2.7-11.7.1 libsmbsharemodes-devel-3.2.7-11.7.1 libsmbsharemodes0-3.2.7-11.7.1 libtalloc-devel-3.2.7-11.7.1 libtalloc1-3.2.7-11.7.1 libtdb-devel-3.2.7-11.7.1 libtdb1-3.2.7-11.7.1 libwbclient-devel-3.2.7-11.7.1 libwbclient0-3.2.7-11.7.1 samba-client-3.2.7-11.7.1 samba-devel-3.2.7-11.7.1 samba-krb-printing-3.2.7-11.7.1 samba-vscan-0.3.6b-6.7.1 samba-winbind-3.2.7-11.7.1 - openSUSE 11.1 (x86_64) [New Version: 3.2.7]: libsmbclient0-32bit-3.2.7-11.7.1 libtalloc1-32bit-3.2.7-11.7.1 libtdb1-32bit-3.2.7-11.7.1 libwbclient0-32bit-3.2.7-11.7.1 samba-32bit-3.2.7-11.7.1 samba-client-32bit-3.2.7-11.7.1 samba-winbind-32bit-3.2.7-11.7.1 - openSUSE 11.1 (ppc) [New Version: 3.2.7]: libsmbclient0-64bit-3.2.7-11.7.1 libtalloc1-64bit-3.2.7-11.7.1 libtdb1-64bit-3.2.7-11.7.1 libwbclient0-64bit-3.2.7-11.7.1 samba-64bit-3.2.7-11.7.1 samba-client-64bit-3.2.7-11.7.1 samba-winbind-64bit-3.2.7-11.7.1 - openSUSE 11.0 (i586 ppc src x86_64) [New Version: 3.2.4]: samba-3.2.4-4.12 - openSUSE 11.0 (i586 ppc x86_64) [New Version: 3.2.4]: cifs-mount-3.2.4-4.12 ldapsmb-1.34b-195.17 libnetapi-devel-3.2.4-4.12 libnetapi0-3.2.4-4.12 libsmbclient-devel-3.2.4-4.12 libsmbclient0-3.2.4-4.12 libsmbsharemodes-devel-3.2.4-4.12 libsmbsharemodes0-3.2.4-4.12 libtalloc-devel-3.2.4-4.12 libtalloc1-3.2.4-4.12 libtdb-devel-3.2.4-4.12 libtdb1-3.2.4-4.12 libwbclient-devel-3.2.4-4.12 libwbclient0-3.2.4-4.12 samba-client-3.2.4-4.12 samba-devel-3.2.4-4.12 samba-krb-printing-3.2.4-4.12 samba-winbind-3.2.4-4.12 - openSUSE 11.0 (x86_64) [New Version: 3.2.4]: libsmbclient0-32bit-3.2.4-4.12 libtalloc1-32bit-3.2.4-4.12 libtdb1-32bit-3.2.4-4.12 libwbclient0-32bit-3.2.4-4.12 samba-32bit-3.2.4-4.12 samba-client-32bit-3.2.4-4.12 samba-winbind-32bit-3.2.4-4.12 - openSUSE 11.0 (ppc) [New Version: 3.2.4]: libsmbclient0-64bit-3.2.4-4.12 libtalloc1-64bit-3.2.4-4.12 libtdb1-64bit-3.2.4-4.12 libwbclient0-64bit-3.2.4-4.12 samba-64bit-3.2.4-4.12 samba-client-64bit-3.2.4-4.12 samba-winbind-64bit-3.2.4-4.12 References: http://support.novell.com/security/cve/CVE-2010-2063.html https://bugzilla.novell.com/550002 https://bugzilla.novell.com/577868 https://bugzilla.novell.com/605935 https://bugzilla.novell.com/606947 https://bugzilla.novell.com/611927