SUSE Security Update: Security update for Samba
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0515-1
Rating:             critical
References:         #732395 #732572 #741854 #743986 #746825 #747934 
                    #751454 #752797 #757080 
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP2
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:


   The following issues have been fixed in Samba:

   * CVE-2012-1182: PIDL based autogenerated code uses
   client supplied size values which allows attackers to write
   beyond the allocated array size
   * CVE-2012-0870: Ensure AndX offsets are increasing
   strictly monotonically in pre-3.4 versions
   * CVE-2012-0817: Fix memory leak in parent smbd on
   connection

   Also the following non-security bugs have been fixed:

   * s3-winbindd: Only use SamLogonEx when we can get
   unencrypted session keys; (bso#8599).
   * Correctly handle DENY ACEs when privileges apply;
   (bso#8797).
   * s3:smb2_server: fix a logic error, we should sign non
   guest sessions; (bso8749).
   * Allow vfs_aio_pthread to build as a static module;
   (bso#8723).
   * s3:dbwrap_ctdb: return the number of records in
   db_ctdb_traverse() for persistent dbs; (#bso8527).
   * s3: segfault in dom_sid_compare(bso#8567).
   * Honor SeTakeOwnershiPrivilege when client asks for
   SEC_STD_WRITE_OWNER; (bso#8768).
   * s3-winbindd: Close netlogon connection if the status
   returned by the NetrSamLogonEx call is timeout in the
   pam_auth_crap path; (bso#8771).
   * s3-winbindd: set the can_do_validation6 also for
   trusted domain; (bso#8599).
   * Fix problem when calculating the share security mask,
   take priviliges into account for the connecting user;
   (bso#8784).
   * Fix crash in dcerpc_lsa_lookup_sids_noalloc() with
   over 1000 groups; (bso#8807); (bnc#751454).
   * Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760);
   (bnc#741854).
   * s3-printing: fix crash in printer_list_set_printer();
   (bso#8762); (bnc#746825).
   * s3:winbindd fix a return code check; (bso#8406).
   * s3: Add rmdir operation to streams_depot; (bso#8733).
   * s3:smbd:smb2: fix an assignment-instead-of-check bug
   conn_snum_used(); (bso#8738).
   * s3:auth: fill the sids array of the info3 in
   wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739).
   * Do not map POSIX execute permission to Windows
   FILE_READ_ATTRIBUTES; (bso#8631); (bnc#732572).
   * Remove all precompiled idl output to ensure any pidl
   changes take effect; (bnc#757080).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-ldapsmb-6145

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-ldapsmb-6145

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-ldapsmb-6145

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-ldapsmb-6145

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      libldb-devel-3.6.3-0.22.1
      libnetapi-devel-3.6.3-0.22.1
      libnetapi0-3.6.3-0.22.1
      libsmbclient-devel-3.6.3-0.22.1
      libsmbsharemodes-devel-3.6.3-0.22.1
      libsmbsharemodes0-3.6.3-0.22.1
      libtalloc-devel-3.6.3-0.22.1
      libtdb-devel-3.6.3-0.22.1
      libtevent-devel-3.6.3-0.22.1
      libwbclient-devel-3.6.3-0.22.1
      samba-devel-3.6.3-0.22.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):

      ldapsmb-1.34b-12.22.1
      libldb1-3.6.3-0.22.1
      libsmbclient0-3.6.3-0.22.1
      libtalloc2-3.6.3-0.22.1
      libtdb1-3.6.3-0.22.1
      libtevent0-3.6.3-0.22.1
      libwbclient0-3.6.3-0.22.1
      samba-3.6.3-0.22.1
      samba-client-3.6.3-0.22.1
      samba-krb-printing-3.6.3-0.22.1
      samba-winbind-3.6.3-0.22.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64):

      libsmbclient0-32bit-3.6.3-0.22.1
      libtalloc2-32bit-3.6.3-0.22.1
      libtdb1-32bit-3.6.3-0.22.1
      libwbclient0-32bit-3.6.3-0.22.1
      samba-32bit-3.6.3-0.22.1
      samba-client-32bit-3.6.3-0.22.1
      samba-winbind-32bit-3.6.3-0.22.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch):

      samba-doc-3.6.3-0.22.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      ldapsmb-1.34b-12.22.1
      libldb1-3.6.3-0.22.1
      libsmbclient0-3.6.3-0.22.1
      libtalloc2-3.6.3-0.22.1
      libtdb1-3.6.3-0.22.1
      libtevent0-3.6.3-0.22.1
      libwbclient0-3.6.3-0.22.1
      samba-3.6.3-0.22.1
      samba-client-3.6.3-0.22.1
      samba-krb-printing-3.6.3-0.22.1
      samba-winbind-3.6.3-0.22.1

   - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64):

      libsmbclient0-32bit-3.6.3-0.22.1
      libtalloc2-32bit-3.6.3-0.22.1
      libtdb1-32bit-3.6.3-0.22.1
      libwbclient0-32bit-3.6.3-0.22.1
      samba-32bit-3.6.3-0.22.1
      samba-client-32bit-3.6.3-0.22.1
      samba-winbind-32bit-3.6.3-0.22.1

   - SUSE Linux Enterprise Server 11 SP2 (noarch):

      samba-doc-3.6.3-0.22.1

   - SUSE Linux Enterprise Server 11 SP2 (ia64):

      libsmbclient0-x86-3.6.3-0.22.1
      libtalloc2-x86-3.6.3-0.22.1
      libtdb1-x86-3.6.3-0.22.1
      libwbclient0-x86-3.6.3-0.22.1
      samba-client-x86-3.6.3-0.22.1
      samba-winbind-x86-3.6.3-0.22.1
      samba-x86-3.6.3-0.22.1

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

      libldb1-3.6.3-0.22.1
      libsmbclient0-3.6.3-0.22.1
      libtalloc2-3.6.3-0.22.1
      libtdb1-3.6.3-0.22.1
      libtevent0-3.6.3-0.22.1
      libwbclient0-3.6.3-0.22.1
      samba-3.6.3-0.22.1
      samba-client-3.6.3-0.22.1
      samba-krb-printing-3.6.3-0.22.1
      samba-winbind-3.6.3-0.22.1

   - SUSE Linux Enterprise Desktop 11 SP2 (x86_64):

      libldb1-32bit-3.6.3-0.22.1
      libsmbclient0-32bit-3.6.3-0.22.1
      libtalloc2-32bit-3.6.3-0.22.1
      libtdb1-32bit-3.6.3-0.22.1
      libtevent0-32bit-3.6.3-0.22.1
      libwbclient0-32bit-3.6.3-0.22.1
      samba-32bit-3.6.3-0.22.1
      samba-client-32bit-3.6.3-0.22.1
      samba-winbind-32bit-3.6.3-0.22.1

   - SUSE Linux Enterprise Desktop 11 SP2 (noarch):

      samba-doc-3.6.3-0.22.1


References:

   https://bugzilla.novell.com/732395
   https://bugzilla.novell.com/732572
   https://bugzilla.novell.com/741854
   https://bugzilla.novell.com/743986
   https://bugzilla.novell.com/746825
   https://bugzilla.novell.com/747934
   https://bugzilla.novell.com/751454
   https://bugzilla.novell.com/752797
   https://bugzilla.novell.com/757080
   https://login.microfocus.com/nidp/app/login

SuSE: 2012:0515-1: critical: Samba

April 17, 2012
An update that contains security fixes can now be installed

Summary

The following issues have been fixed in Samba: * CVE-2012-1182: PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size * CVE-2012-0870: Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions * CVE-2012-0817: Fix memory leak in parent smbd on connection Also the following non-security bugs have been fixed: * s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). * Correctly handle DENY ACEs when privileges apply; (bso#8797). * s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749). * Allow vfs_aio_pthread to build as a static module; (bso#8723). * s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527). * s3: segfault in dom_sid_compare(bso#8567). * Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (b...

Read the Full Advisory

References

#732395 #732572 #741854 #743986 #746825 #747934

#751454 #752797 #757080

Affected Products:

SUSE Linux Enterprise Software Development Kit 11 SP2

SUSE Linux Enterprise Server 11 SP2 for VMware

SUSE Linux Enterprise Server 11 SP2

SUSE Linux Enterprise Desktop 11 SP2

https://bugzilla.novell.com/732395

https://bugzilla.novell.com/732572

https://bugzilla.novell.com/741854

https://bugzilla.novell.com/743986

https://bugzilla.novell.com/746825

https://bugzilla.novell.com/747934

https://bugzilla.novell.com/751454

https://bugzilla.novell.com/752797

https://bugzilla.novell.com/757080

https://login.microfocus.com/nidp/app/login

Severity
Announcement ID: SUSE-SU-2012:0515-1
Rating: critical

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved