[security-announce] openSUSE-SU-2012:0507-1: critical: update for samba

[security-announce] openSUSE-SU-2012:0507-1: critical: update for samba
16-Apr-2012 07:08

openSUSE Security Update: update for samba ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0507-1 Rating: critical References: #741854 #746825 #747934 #751454 #752797 Cross-References: CVE-2…

More…

https://hermes.opensuse.org/messages/14253796
equals
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00011.html
equals

-------- Original Message --------
Subject: [security-announce] openSUSE-SU-2012:0507-1: critical: update for samba
Date: Mon, 16 Apr 2012 15:08:16 +0200 (CEST)
From: opensuse-security@opensuse.org
To: opensuse-security-announce@opensuse.org

openSUSE Security Update: update for samba


Announcement ID: openSUSE-SU-2012:0507-1
Rating: critical
References: #741854 #746825 #747934 #751454 #752797
Cross-References: CVE-2012-0870 CVE-2012-1182
Affected Products:
openSUSE 12.1


An update that solves two vulnerabilities and has three
fixes is now available.

Description:

  • Add the ldapsmb sources as else patches against them have
    no chance to apply.

  • Samba pre-3.6.4 are affected by a vulnerability that
    allows remote code exe- cution as the “root” user; PIDL
    based autogenerated code allows overwriting beyond of
    allocated array; CVE-2012-1182; (bso#8815); (bnc#752797).

  • s3-winbindd: Only use SamLogonEx when we can get
    unencrypted session keys; (bso#8599).

  • Correctly handle DENY ACEs when privileges apply;
    (bso#8797).

  • s3:smb2_server: fix a logic error, we should sign non
    guest sessions; (bso8749).

  • Allow vfs_aio_pthread to build as a static module;
    (bso#8723).

  • s3:dbwrap_ctdb: return the number of records in
    db_ctdb_traverse() for persistent dbs; (#bso8527).

  • s3: segfault in dom_sid_compare(bso#8567).

  • Honor SeTakeOwnershiPrivilege when client asks for
    SEC_STD_WRITE_OWNER; (bso#8768).

  • s3-winbindd: Close netlogon connection if the status
    returned by the NetrSamLogonEx call is timeout in the
    pam_auth_**** path; (bso#8771).

  • s3-winbindd: set the can_do_validation6 also for trusted
    domain; (bso#8599).

  • Fix problem when calculating the share security mask,
    take priviliges into account for the connecting user;
    (bso#8784).

  • Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over
    1000 groups; (bso#8807); (bnc#751454).

  • Remove obsoleted Authors lines from spec file for
    post-11.2 systems.

  • Make ldapsmb build with Fedora 15 and 16; (bso#8783).

  • BuildRequire libuuid-devel for post-11.0 and other
    systems.

  • Define missing python macros for non SUSE systems.

  • PreReq to fillup_prereq and insserv_prereq only on SUSE
    systems.

  • Always use cifstab instead of smbfstab on non SUSE
    systems.

  • Ensure AndX offsets are increasing strictly monotonically
    in pre-3.4 versions; CVE-2012-0870; (bnc#747934).

  • Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760);
    (bnc#741854).

  • s3-printing: fix crash in printer_list_set_printer();
    (bso#8762); (bnc#746825).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

  • openSUSE 12.1:

    zypper in -t patch openSUSE-2012-223

To bring your system up-to-date, use “zypper patch”.

Package List:

  • openSUSE 12.1 (i586 x86_64):

    ldapsmb-1.34b-34.11.1
    libldb-devel-1.0.2-34.11.1
    libldb1-1.0.2-34.11.1
    libldb1-debuginfo-1.0.2-34.11.1
    libnetapi-devel-3.6.3-34.11.1
    libnetapi0-3.6.3-34.11.1
    libnetapi0-debuginfo-3.6.3-34.11.1
    libsmbclient-devel-3.6.3-34.11.1
    libsmbclient0-3.6.3-34.11.1
    libsmbclient0-debuginfo-3.6.3-34.11.1
    libsmbsharemodes-devel-3.6.3-34.11.1
    libsmbsharemodes0-3.6.3-34.11.1
    libsmbsharemodes0-debuginfo-3.6.3-34.11.1
    libtalloc-devel-2.0.5-34.11.1
    libtalloc2-2.0.5-34.11.1
    libtalloc2-debuginfo-2.0.5-34.11.1
    libtdb-devel-1.2.9-34.11.1
    libtdb1-1.2.9-34.11.1
    libtdb1-debuginfo-1.2.9-34.11.1
    libtevent-devel-0.9.11-34.11.1
    libtevent0-0.9.11-34.11.1
    libtevent0-debuginfo-0.9.11-34.11.1
    libwbclient-devel-3.6.3-34.11.1
    libwbclient0-3.6.3-34.11.1
    libwbclient0-debuginfo-3.6.3-34.11.1
    samba-3.6.3-34.11.1
    samba-client-3.6.3-34.11.1
    samba-client-debuginfo-3.6.3-34.11.1
    samba-debuginfo-3.6.3-34.11.1
    samba-debugsource-3.6.3-34.11.1
    samba-devel-3.6.3-34.11.1
    samba-krb-printing-3.6.3-34.11.1
    samba-krb-printing-debuginfo-3.6.3-34.11.1
    samba-winbind-3.6.3-34.11.1
    samba-winbind-debuginfo-3.6.3-34.11.1

  • openSUSE 12.1 (x86_64):

    libldb1-32bit-1.0.2-34.11.1
    libldb1-debuginfo-32bit-1.0.2-34.11.1
    libsmbclient0-32bit-3.6.3-34.11.1
    libsmbclient0-debuginfo-32bit-3.6.3-34.11.1
    libtalloc2-32bit-2.0.5-34.11.1
    libtalloc2-debuginfo-32bit-2.0.5-34.11.1
    libtdb1-32bit-1.2.9-34.11.1
    libtdb1-debuginfo-32bit-1.2.9-34.11.1
    libtevent0-32bit-0.9.11-34.11.1
    libtevent0-debuginfo-32bit-0.9.11-34.11.1
    libwbclient0-32bit-3.6.3-34.11.1
    libwbclient0-debuginfo-32bit-3.6.3-34.11.1
    samba-32bit-3.6.3-34.11.1
    samba-client-32bit-3.6.3-34.11.1
    samba-client-debuginfo-32bit-3.6.3-34.11.1
    samba-debuginfo-32bit-3.6.3-34.11.1
    samba-winbind-32bit-3.6.3-34.11.1
    samba-winbind-debuginfo-32bit-3.6.3-34.11.1

  • openSUSE 12.1 (noarch):

    samba-doc-3.6.3-34.11.1

  • openSUSE 12.1 (ia64):

    libldb1-debuginfo-x86-1.0.2-34.11.1
    libldb1-x86-1.0.2-34.11.1
    libsmbclient0-debuginfo-x86-3.6.3-34.11.1
    libsmbclient0-x86-3.6.3-34.11.1
    libtalloc2-debuginfo-x86-2.0.5-34.11.1
    libtalloc2-x86-2.0.5-34.11.1
    libtdb1-debuginfo-x86-1.2.9-34.11.1
    libtdb1-x86-1.2.9-34.11.1
    libtevent0-debuginfo-x86-0.9.11-34.11.1
    libtevent0-x86-0.9.11-34.11.1
    libwbclient0-debuginfo-x86-3.6.3-34.11.1
    libwbclient0-x86-3.6.3-34.11.1
    samba-client-debuginfo-x86-3.6.3-34.11.1
    samba-client-x86-3.6.3-34.11.1
    samba-debuginfo-x86-3.6.3-34.11.1
    samba-winbind-debuginfo-x86-3.6.3-34.11.1
    samba-winbind-x86-3.6.3-34.11.1
    samba-x86-3.6.3-34.11.1

References:

CVE-2012-0870 Common Vulnerabilities and Exposures | SUSE
CVE-2012-1182 Common Vulnerabilities and Exposures | SUSE
Access Denied
Access Denied
Access Denied
Access Denied
Access Denied


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

see also

http://www.samba.org/samba/security/CVE-2012-1182