Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] SUSE-SU-2012:0348-1: critical: Security update for Samba

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

SUSE Security Update: Security update for Samba

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2012:0348-1

Rating: critical

References: #550002 #561894 #577868 #592198 #599873 #605935

#611927 #613459 #637218 #652620 #670431 #705241

#708503 #747934

Cross-References: CVE-2012-0870

Affected Products:

SUSE Linux Enterprise Server 10 SP2

______________________________________________________________________________

 

An update that solves one vulnerability and has 13 fixes is

now available. It includes one version update.

 

Description:

 

 

This Samba file server update fixes various security issues:

 

* CVE-2012-0870: A heap-based buffer overflow that

could be exploited by remote, unauthenticated attackers to

crash the smbd daemon or potentially execute arbitrary code

via specially crafted SMB AndX request packets.

* CVE-2011-2694: A cross site scripting problem in SWAT

was fixed.

* CVE-2011-0719: Fixed a possible denial of service

caused by memory corruption.

* CVE-2010-3069: Fix buffer overflow in sid_parse() to

correctly check the input lengths when reading a binary

representation of a Windows Security ID (SID).

* CVE-2010-2063: Addressed possible buffer overrun in

chain_reply code of pre-3.4 versions.

* CVE-2010-1642: An uninitialized variable read could

have caused an smbd crash.

* CVE-2010-0787: Take extra care that a mount point of

mount.cifs isn't changed during mount;

 

Also the following bugs have been fixed:

 

* Add Provides samba-client-gplv2 and samba-doc-gplv2

to pre-3.2 versions; (bnc#652620).

* Initialize workgroup of nmblookup as empty string.

* Fix trusts with Windows 2008R2 DCs; (bnc#613459);

(bnc#599873); (bnc#592198); (bso#6697).

* Document "wide links" defaults to "no" in the

smb.conf man page for versions pre-3.4.6; (bnc#577868).

* Allow forced pw change even with min pw age;

(bnc#561894).

 

Security Issue reference:

 

* CVE-2012-0870

 

 

 

 

Package List:

 

- SUSE Linux Enterprise Server 10 SP2 (i586 s390x x86_64) [New Version: 3.0.32]:

 

cifs-mount-3.0.32-0.20.1

libmsrpc-3.0.32-0.20.1

libmsrpc-devel-3.0.32-0.20.1

libsmbclient-3.0.32-0.20.1

libsmbclient-devel-3.0.32-0.20.1

samba-3.0.32-0.20.1

samba-client-3.0.32-0.20.1

samba-krb-printing-3.0.32-0.20.1

samba-python-3.0.32-0.20.1

samba-vscan-0.3.6b-42.85.20.1

samba-winbind-3.0.32-0.20.1

 

- SUSE Linux Enterprise Server 10 SP2 (s390x x86_64) [New Version: 3.0.32]:

 

libsmbclient-32bit-3.0.32-0.20.1

samba-32bit-3.0.32-0.20.1

samba-client-32bit-3.0.32-0.20.1

samba-winbind-32bit-3.0.32-0.20.1

 

- SUSE Linux Enterprise Server 10 SP2 (noarch) [New Version: 3.0.32]:

 

samba-doc-3.0.32-0.20.1

 

 

References:

 

http://support.novell.com/security/cve/CVE-2012-0870.html

https://bugzilla.novell.com/550002

https://bugzilla.novell.com/561894

https://bugzilla.novell.com/577868

https://bugzilla.novell.com/592198

https://bugzilla.novell.com/599873

https://bugzilla.novell.com/605935

https://bugzilla.novell.com/611927

https://bugzilla.novell.com/613459

https://bugzilla.novell.com/637218

https://bugzilla.novell.com/652620

https://bugzilla.novell.com/670431

https://bugzilla.novell.com/705241

https://bugzilla.novell.com/708503

https://bugzilla.novell.com/747934

http://download.novell.com/patch/finder/?keywords=7647f10c23183441620c089dfae68cd9

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×