[security-announce] openSUSE-SU-2012:0507-1: critical: update for samba

news · April 16, 2012

openSUSE Security Update: update for samba

______________________________________________________________________________

Announcement ID: openSUSE-SU-2012:0507-1

Rating: critical

References: #741854 #746825 #747934 #751454 #752797

Cross-References: CVE-2012-0870 CVE-2012-1182

Affected Products:

openSUSE 12.1

______________________________________________________________________________

An update that solves two vulnerabilities and has three

fixes is now available.

Description:

- Add the ldapsmb sources as else patches against them have

no chance to apply.

- Samba pre-3.6.4 are affected by a vulnerability that

allows remote code exe- cution as the "root" user; PIDL

based autogenerated code allows overwriting beyond of

allocated array; CVE-2012-1182; (bso#8815); (bnc#752797).

- s3-winbindd: Only use SamLogonEx when we can get

unencrypted session keys; (bso#8599).

- Correctly handle DENY ACEs when privileges apply;

(bso#8797).

- s3:smb2_server: fix a logic error, we should sign non

guest sessions; (bso8749).

- Allow vfs_aio_pthread to build as a static module;

(bso#8723).

- s3:dbwrap_ctdb: return the number of records in

db_ctdb_traverse() for persistent dbs; (#bso8527).

- s3: segfault in dom_sid_compare(bso#8567).

- Honor SeTakeOwnershiPrivilege when client asks for

SEC_STD_WRITE_OWNER; (bso#8768).

- s3-winbindd: Close netlogon connection if the status

returned by the NetrSamLogonEx call is timeout in the

pam_auth_crap path; (bso#8771).

- s3-winbindd: set the can_do_validation6 also for trusted

domain; (bso#8599).

- Fix problem when calculating the share security mask,

take priviliges into account for the connecting user;

(bso#8784).

- Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over

1000 groups; (bso#8807); (bnc#751454).

- Remove obsoleted Authors lines from spec file for

post-11.2 systems.

- Make ldapsmb build with Fedora 15 and 16; (bso#8783).

- BuildRequire libuuid-devel for post-11.0 and other

systems.

- Define missing python macros for non SUSE systems.

- PreReq to fillup_prereq and insserv_prereq only on SUSE

systems.

- Always use cifstab instead of smbfstab on non SUSE

systems.

- Ensure AndX offsets are increasing strictly monotonically

in pre-3.4 versions; CVE-2012-0870; (bnc#747934).

- Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760);

(bnc#741854).

- s3-printing: fix crash in printer_list_set_printer();

(bso#8762); (bnc#746825).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.1:

zypper in -t patch openSUSE-2012-223

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 12.1 (i586 x86_64):

ldapsmb-1.34b-34.11.1

libldb-devel-1.0.2-34.11.1

libldb1-1.0.2-34.11.1

libldb1-debuginfo-1.0.2-34.11.1

libnetapi-devel-3.6.3-34.11.1

libnetapi0-3.6.3-34.11.1

libnetapi0-debuginfo-3.6.3-34.11.1

libsmbclient-devel-3.6.3-34.11.1

libsmbclient0-3.6.3-34.11.1

libsmbclient0-debuginfo-3.6.3-34.11.1

libsmbsharemodes-devel-3.6.3-34.11.1

libsmbsharemodes0-3.6.3-34.11.1

libsmbsharemodes0-debuginfo-3.6.3-34.11.1

libtalloc-devel-2.0.5-34.11.1

libtalloc2-2.0.5-34.11.1

libtalloc2-debuginfo-2.0.5-34.11.1

libtdb-devel-1.2.9-34.11.1

libtdb1-1.2.9-34.11.1

libtdb1-debuginfo-1.2.9-34.11.1

libtevent-devel-0.9.11-34.11.1

libtevent0-0.9.11-34.11.1

libtevent0-debuginfo-0.9.11-34.11.1

libwbclient-devel-3.6.3-34.11.1

libwbclient0-3.6.3-34.11.1

libwbclient0-debuginfo-3.6.3-34.11.1

samba-3.6.3-34.11.1

samba-client-3.6.3-34.11.1

samba-client-debuginfo-3.6.3-34.11.1

samba-debuginfo-3.6.3-34.11.1

samba-debugsource-3.6.3-34.11.1

samba-devel-3.6.3-34.11.1

samba-krb-printing-3.6.3-34.11.1

samba-krb-printing-debuginfo-3.6.3-34.11.1

samba-winbind-3.6.3-34.11.1

samba-winbind-debuginfo-3.6.3-34.11.1

- openSUSE 12.1 (x86_64):

libldb1-32bit-1.0.2-34.11.1

libldb1-debuginfo-32bit-1.0.2-34.11.1

libsmbclient0-32bit-3.6.3-34.11.1

libsmbclient0-debuginfo-32bit-3.6.3-34.11.1

libtalloc2-32bit-2.0.5-34.11.1

libtalloc2-debuginfo-32bit-2.0.5-34.11.1

libtdb1-32bit-1.2.9-34.11.1

libtdb1-debuginfo-32bit-1.2.9-34.11.1

libtevent0-32bit-0.9.11-34.11.1

libtevent0-debuginfo-32bit-0.9.11-34.11.1

libwbclient0-32bit-3.6.3-34.11.1

libwbclient0-debuginfo-32bit-3.6.3-34.11.1

samba-32bit-3.6.3-34.11.1

samba-client-32bit-3.6.3-34.11.1

samba-client-debuginfo-32bit-3.6.3-34.11.1

samba-debuginfo-32bit-3.6.3-34.11.1

samba-winbind-32bit-3.6.3-34.11.1

samba-winbind-debuginfo-32bit-3.6.3-34.11.1

- openSUSE 12.1 (noarch):

samba-doc-3.6.3-34.11.1

- openSUSE 12.1 (ia64):

libldb1-debuginfo-x86-1.0.2-34.11.1

libldb1-x86-1.0.2-34.11.1

libsmbclient0-debuginfo-x86-3.6.3-34.11.1

libsmbclient0-x86-3.6.3-34.11.1

libtalloc2-debuginfo-x86-2.0.5-34.11.1

libtalloc2-x86-2.0.5-34.11.1

libtdb1-debuginfo-x86-1.2.9-34.11.1

libtdb1-x86-1.2.9-34.11.1

libtevent0-debuginfo-x86-0.9.11-34.11.1

libtevent0-x86-0.9.11-34.11.1

libwbclient0-debuginfo-x86-3.6.3-34.11.1

libwbclient0-x86-3.6.3-34.11.1

samba-client-debuginfo-x86-3.6.3-34.11.1

samba-client-x86-3.6.3-34.11.1

samba-debuginfo-x86-3.6.3-34.11.1

samba-winbind-debuginfo-x86-3.6.3-34.11.1

samba-winbind-x86-3.6.3-34.11.1

samba-x86-3.6.3-34.11.1

References:

http://support.novell.com/security/cve/CVE-2012-0870.html

http://support.novell.com/security/cve/CVE-2012-1182.html

https://bugzilla.novell.com/741854

https://bugzilla.novell.com/746825

https://bugzilla.novell.com/747934

https://bugzilla.novell.com/751454

https://bugzilla.novell.com/752797

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

Sign In

[security-announce] openSUSE-SU-2012:0507-1: critical: update for samba

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity