Mailinglist Archive: opensuse-updates (48 mails)

< Previous Next >
openSUSE-SU-2014:1040-1: moderate: samba
openSUSE Security Update: samba
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:1040-1
Rating: moderate
References: #865627 #884056 #889429 #889539 #890005 #890008

Cross-References: CVE-2014-3560
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that solves one vulnerability and has 5 fixes is
now available.

Description:


This samba update fixes the following security and non security issues:

- Fix winbind service parameter usage; (bnc#890005).

- lib/param: change the default for "winbind expand groups" to "0";
(bnc#890008).

- Update to 4.1.11.
+ A malicious browser can send packets that may overwrite the heap of
the target nmbd NetBIOS name services daemon; CVE-2014-3560;
(bnc#889429).

- Fix "net time" segfault; (bso#10728); (bnc#889539).

- Update to 4.1.10.
+ net/doc: Make clear that net vampire is for NT4 domains only;
(bso#3263).
+ dbcheck: Add check and test for various invalid userParameters values;
(bso#8077).
+ s4:dsdb/samldb: Don't allow 'userParameters' to be modified over LDAP
for now; (bso#8077).
+ Simple use case results in "no talloc stackframe around, leaking
memory" error; (bso#8449).
+ s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted;
(bso#9763).
+ dsdb: Always store and return the userParameters as a array of LE
16-bit values; (bso#10130).
+ s4:repl_meta_data: fix array assignment in
replmd_process_linked_attribute(); (bso#10294).
+ ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory();
(bso#10469).
+ dbchecker: Verify and fix broken dn values; (bso#10536).
+ dsdb: Rename private_data to rootdse_private_data in rootdse;
(bso#10582).
+ s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1
servers; (bso#10587).
+ Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret";
(bso#10593).
+ rid_array used before status checked - segmentation fault due to null
pointer dereference; (bso#10627).
+ Samba won't start on a machine configured with only IPv4; (bso#10653).
+ msg_channel: Fix a 100% CPU loop; (bso#10663).
+ s3: smbd: Prevent file truncation on an open that fails with share
mode violation; (bso#10671); (bnc#884056).
+ s3: SMB2: Fix leak of blocking lock records in the database;
(bso#10673).
+ samba-tool: Add --site parameter to provision command; (bso#10674).
+ smbstatus: Fix an uninitialized variable; (bso#10680).
+ SMB1 blocking locks can fail notification on unlock, causing client
timeout; (bso#10684).
+ s3: smbd: Locking, fix off-by one calculation in
brl_pending_overlap(); (bso#10685).
+ 'RW2' smbtorture test fails when -N <numprocs> is set to 2 due to the
invalid status check in the second client; (bso#10687).
+ wbcCredentialCache fails if challenge_blob is not first; (bso#10692).
+ Backport ldb-1.1.17 + changes from master; (bso#10693).
+ Fix SEGV from improperly formed SUBSTRING/PRESENCE filter; (bso#10693).
+ ldb: Add a env variable to disable RTLD_DEEPBIND; (bso#10693).
+ ldb: Do not build libldb-cmdline when using system ldb; (bso#10693).
+ ldb: Fix 1138330 Dereference null return value, fix CIDs 241329,
240798, 1034791, 1034792 1034910, 1034910); (bso#10693).
+ ldb: make the successful ldb_transaction_start() message clearer;
(bso#10693).
+ ldb:pyldb: Add some more helper functions for LdbDn; (bso#10693).
+ ldb: Use of NULL pointer bugfix; (bso#10693).
+ lib/ldb: Fix compiler warnings; (bso#10693).
+ pyldb: Decrement ref counters on py_results and quiet warnings;
(bso#10693).
+ s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c;
(bso#10693).
+ dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object;
(bso#10694).
+ s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED;
(bso#10694).
+ Backport autobuild/selftest fixes from master; (bso#10696).
+ Backport drs-crackname fixes from master; (bso#10698).
+ smbd: Avoid double-free in get_print_db_byname; (bso#10699).
+ Backport access check related fixes from master; (bso#10700).
+ Backport provision fixes from master; (bso#10703).
+ s3:smb2_read: let smb2_sendfile_send_data() behave like
send_file_readX(); (bso#10706).
+ s3: Fix missing braces in nfs4_acls.c.

- Add missing newline to debug message in daemon_ready(); (bnc#865627).

- BuildRequire systemd-devel, configure --with-systemd, and modify the
service files accordingly on post-12.2 systems; (bso#10517);
(bnc#865627).

- Prevent file truncation on an open that fails with share mode violation;
(bso#10671); (bnc#884056).

Dependend libraries were version updated:

libtdb was updated to version 1.3.0. (lots of bugfixes, some new
functionality) libtevent was updated to 0.9.21. (lots of bugfixes, some
new functionality) libldb was updated to to 1.1.17 (lots of bugfixes, some
new functionality) libtalloc was updated to 2.1.1. (lots of bugfixes, some
new functionality)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-507

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

ldb-debugsource-1.1.17-3.4.1
ldb-tools-1.1.17-3.4.1
ldb-tools-debuginfo-1.1.17-3.4.1
libdcerpc-atsvc-devel-4.1.11-3.26.1
libdcerpc-atsvc0-4.1.11-3.26.1
libdcerpc-atsvc0-debuginfo-4.1.11-3.26.1
libdcerpc-binding0-4.1.11-3.26.1
libdcerpc-binding0-debuginfo-4.1.11-3.26.1
libdcerpc-devel-4.1.11-3.26.1
libdcerpc-samr-devel-4.1.11-3.26.1
libdcerpc-samr0-4.1.11-3.26.1
libdcerpc-samr0-debuginfo-4.1.11-3.26.1
libdcerpc0-4.1.11-3.26.1
libdcerpc0-debuginfo-4.1.11-3.26.1
libgensec-devel-4.1.11-3.26.1
libgensec0-4.1.11-3.26.1
libgensec0-debuginfo-4.1.11-3.26.1
libldb-devel-1.1.17-3.4.1
libldb-devel-debuginfo-1.1.17-3.4.1
libldb1-1.1.17-3.4.1
libldb1-debuginfo-1.1.17-3.4.1
libndr-devel-4.1.11-3.26.1
libndr-krb5pac-devel-4.1.11-3.26.1
libndr-krb5pac0-4.1.11-3.26.1
libndr-krb5pac0-debuginfo-4.1.11-3.26.1
libndr-nbt-devel-4.1.11-3.26.1
libndr-nbt0-4.1.11-3.26.1
libndr-nbt0-debuginfo-4.1.11-3.26.1
libndr-standard-devel-4.1.11-3.26.1
libndr-standard0-4.1.11-3.26.1
libndr-standard0-debuginfo-4.1.11-3.26.1
libndr0-4.1.11-3.26.1
libndr0-debuginfo-4.1.11-3.26.1
libnetapi-devel-4.1.11-3.26.1
libnetapi0-4.1.11-3.26.1
libnetapi0-debuginfo-4.1.11-3.26.1
libpdb-devel-4.1.11-3.26.1
libpdb0-4.1.11-3.26.1
libpdb0-debuginfo-4.1.11-3.26.1
libregistry-devel-4.1.11-3.26.1
libregistry0-4.1.11-3.26.1
libregistry0-debuginfo-4.1.11-3.26.1
libsamba-credentials-devel-4.1.11-3.26.1
libsamba-credentials0-4.1.11-3.26.1
libsamba-credentials0-debuginfo-4.1.11-3.26.1
libsamba-hostconfig-devel-4.1.11-3.26.1
libsamba-hostconfig0-4.1.11-3.26.1
libsamba-hostconfig0-debuginfo-4.1.11-3.26.1
libsamba-policy-devel-4.1.11-3.26.1
libsamba-policy0-4.1.11-3.26.1
libsamba-policy0-debuginfo-4.1.11-3.26.1
libsamba-util-devel-4.1.11-3.26.1
libsamba-util0-4.1.11-3.26.1
libsamba-util0-debuginfo-4.1.11-3.26.1
libsamdb-devel-4.1.11-3.26.1
libsamdb0-4.1.11-3.26.1
libsamdb0-debuginfo-4.1.11-3.26.1
libsmbclient-devel-4.1.11-3.26.1
libsmbclient-raw-devel-4.1.11-3.26.1
libsmbclient-raw0-4.1.11-3.26.1
libsmbclient-raw0-debuginfo-4.1.11-3.26.1
libsmbclient0-4.1.11-3.26.1
libsmbclient0-debuginfo-4.1.11-3.26.1
libsmbconf-devel-4.1.11-3.26.1
libsmbconf0-4.1.11-3.26.1
libsmbconf0-debuginfo-4.1.11-3.26.1
libsmbldap-devel-4.1.11-3.26.1
libsmbldap0-4.1.11-3.26.1
libsmbldap0-debuginfo-4.1.11-3.26.1
libsmbsharemodes-devel-4.1.11-3.26.1
libsmbsharemodes0-4.1.11-3.26.1
libsmbsharemodes0-debuginfo-4.1.11-3.26.1
libtalloc-devel-2.1.1-7.4.1
libtalloc2-2.1.1-7.4.1
libtalloc2-debuginfo-2.1.1-7.4.1
libtdb-devel-1.3.0-4.4.1
libtdb1-1.3.0-4.4.1
libtdb1-debuginfo-1.3.0-4.4.1
libtevent-devel-0.9.21-4.4.1
libtevent-util-devel-4.1.11-3.26.1
libtevent-util0-4.1.11-3.26.1
libtevent-util0-debuginfo-4.1.11-3.26.1
libtevent0-0.9.21-4.4.1
libtevent0-debuginfo-0.9.21-4.4.1
libwbclient-devel-4.1.11-3.26.1
libwbclient0-4.1.11-3.26.1
libwbclient0-debuginfo-4.1.11-3.26.1
pyldb-1.1.17-3.4.1
pyldb-debuginfo-1.1.17-3.4.1
pyldb-devel-1.1.17-3.4.1
pytalloc-2.1.1-7.4.1
pytalloc-debuginfo-2.1.1-7.4.1
pytalloc-devel-2.1.1-7.4.1
python-tdb-1.3.0-4.4.1
python-tdb-debuginfo-1.3.0-4.4.1
python-tevent-0.9.21-4.4.1
python-tevent-debuginfo-0.9.21-4.4.1
samba-4.1.11-3.26.1
samba-client-4.1.11-3.26.1
samba-client-debuginfo-4.1.11-3.26.1
samba-core-devel-4.1.11-3.26.1
samba-debuginfo-4.1.11-3.26.1
samba-debugsource-4.1.11-3.26.1
samba-libs-4.1.11-3.26.1
samba-libs-debuginfo-4.1.11-3.26.1
samba-pidl-4.1.11-3.26.1
samba-python-4.1.11-3.26.1
samba-python-debuginfo-4.1.11-3.26.1
samba-test-4.1.11-3.26.1
samba-test-debuginfo-4.1.11-3.26.1
samba-test-devel-4.1.11-3.26.1
samba-winbind-4.1.11-3.26.1
samba-winbind-debuginfo-4.1.11-3.26.1
talloc-debugsource-2.1.1-7.4.1
tdb-debugsource-1.3.0-4.4.1
tdb-tools-1.3.0-4.4.1
tdb-tools-debuginfo-1.3.0-4.4.1
tevent-debugsource-0.9.21-4.4.1

- openSUSE 13.1 (x86_64):

libdcerpc-atsvc0-32bit-4.1.11-3.26.1
libdcerpc-atsvc0-debuginfo-32bit-4.1.11-3.26.1
libdcerpc-binding0-32bit-4.1.11-3.26.1
libdcerpc-binding0-debuginfo-32bit-4.1.11-3.26.1
libdcerpc-samr0-32bit-4.1.11-3.26.1
libdcerpc-samr0-debuginfo-32bit-4.1.11-3.26.1
libdcerpc0-32bit-4.1.11-3.26.1
libdcerpc0-debuginfo-32bit-4.1.11-3.26.1
libgensec0-32bit-4.1.11-3.26.1
libgensec0-debuginfo-32bit-4.1.11-3.26.1
libldb1-32bit-1.1.17-3.4.1
libldb1-debuginfo-32bit-1.1.17-3.4.1
libndr-krb5pac0-32bit-4.1.11-3.26.1
libndr-krb5pac0-debuginfo-32bit-4.1.11-3.26.1
libndr-nbt0-32bit-4.1.11-3.26.1
libndr-nbt0-debuginfo-32bit-4.1.11-3.26.1
libndr-standard0-32bit-4.1.11-3.26.1
libndr-standard0-debuginfo-32bit-4.1.11-3.26.1
libndr0-32bit-4.1.11-3.26.1
libndr0-debuginfo-32bit-4.1.11-3.26.1
libnetapi0-32bit-4.1.11-3.26.1
libnetapi0-debuginfo-32bit-4.1.11-3.26.1
libpdb0-32bit-4.1.11-3.26.1
libpdb0-debuginfo-32bit-4.1.11-3.26.1
libregistry0-32bit-4.1.11-3.26.1
libregistry0-debuginfo-32bit-4.1.11-3.26.1
libsamba-credentials0-32bit-4.1.11-3.26.1
libsamba-credentials0-debuginfo-32bit-4.1.11-3.26.1
libsamba-hostconfig0-32bit-4.1.11-3.26.1
libsamba-hostconfig0-debuginfo-32bit-4.1.11-3.26.1
libsamba-policy0-32bit-4.1.11-3.26.1
libsamba-policy0-debuginfo-32bit-4.1.11-3.26.1
libsamba-util0-32bit-4.1.11-3.26.1
libsamba-util0-debuginfo-32bit-4.1.11-3.26.1
libsamdb0-32bit-4.1.11-3.26.1
libsamdb0-debuginfo-32bit-4.1.11-3.26.1
libsmbclient-raw0-32bit-4.1.11-3.26.1
libsmbclient-raw0-debuginfo-32bit-4.1.11-3.26.1
libsmbclient0-32bit-4.1.11-3.26.1
libsmbclient0-debuginfo-32bit-4.1.11-3.26.1
libsmbconf0-32bit-4.1.11-3.26.1
libsmbconf0-debuginfo-32bit-4.1.11-3.26.1
libsmbldap0-32bit-4.1.11-3.26.1
libsmbldap0-debuginfo-32bit-4.1.11-3.26.1
libtalloc2-32bit-2.1.1-7.4.1
libtalloc2-debuginfo-32bit-2.1.1-7.4.1
libtdb1-32bit-1.3.0-4.4.1
libtdb1-debuginfo-32bit-1.3.0-4.4.1
libtevent-util0-32bit-4.1.11-3.26.1
libtevent-util0-debuginfo-32bit-4.1.11-3.26.1
libtevent0-32bit-0.9.21-4.4.1
libtevent0-debuginfo-32bit-0.9.21-4.4.1
libwbclient0-32bit-4.1.11-3.26.1
libwbclient0-debuginfo-32bit-4.1.11-3.26.1
pyldb-32bit-1.1.17-3.4.1
pyldb-debuginfo-32bit-1.1.17-3.4.1
pytalloc-32bit-2.1.1-7.4.1
pytalloc-debuginfo-32bit-2.1.1-7.4.1
python-tdb-32bit-1.3.0-4.4.1
python-tdb-debuginfo-32bit-1.3.0-4.4.1
python-tevent-32bit-0.9.21-4.4.1
python-tevent-debuginfo-32bit-0.9.21-4.4.1
samba-32bit-4.1.11-3.26.1
samba-client-32bit-4.1.11-3.26.1
samba-client-debuginfo-32bit-4.1.11-3.26.1
samba-debuginfo-32bit-4.1.11-3.26.1
samba-libs-32bit-4.1.11-3.26.1
samba-libs-debuginfo-32bit-4.1.11-3.26.1
samba-winbind-32bit-4.1.11-3.26.1
samba-winbind-debuginfo-32bit-4.1.11-3.26.1

- openSUSE 13.1 (noarch):

samba-doc-4.1.11-3.26.1


References:

http://support.novell.com/security/cve/CVE-2014-3560.html
https://bugzilla.novell.com/865627
https://bugzilla.novell.com/884056
https://bugzilla.novell.com/889429
https://bugzilla.novell.com/889539
https://bugzilla.novell.com/890005
https://bugzilla.novell.com/890008


< Previous Next >
This Thread
  • No further messages