SUSE Security Update: Security update for Samba
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0515-1
Rating:             critical
References:         #732395 #732572 #741854 #743986 #746825 #747934 
                    #751454 #752797 #757080 
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP2
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:


   The following issues have been fixed in Samba:

   * CVE-2012-1182: PIDL based autogenerated code uses
   client supplied size values which allows attackers to write
   beyond the allocated array size
   * CVE-2012-0870: Ensure AndX offsets are increasing
   strictly monotonically in pre-3.4 versions
   * CVE-2012-0817: Fix memory leak in parent smbd on
   connection

   Also the following non-security bugs have been fixed:

   * s3-winbindd: Only use SamLogonEx when we can get
   unencrypted session keys; (bso#8599).
   * Correctly handle DENY ACEs when privileges apply;
   (bso#8797).
   * s3:smb2_server: fix a logic error, we should sign non
   guest sessions; (bso8749).
   * Allow vfs_aio_pthread to build as a static module;
   (bso#8723).
   * s3:dbwrap_ctdb: return the number of records in
   db_ctdb_traverse() for persistent dbs; (#bso8527).
   * s3: segfault in dom_sid_compare(bso#8567).
   * Honor SeTakeOwnershiPrivilege when client asks for
   SEC_STD_WRITE_OWNER; (bso#8768).
   * s3-winbindd: Close netlogon connection if the status
   returned by the NetrSamLogonEx call is timeout in the
   pam_auth_crap path; (bso#8771).
   * s3-winbindd: set the can_do_validation6 also for
   trusted domain; (bso#8599).
   * Fix problem when calculating the share security mask,
   take priviliges into account for the connecting user;
   (bso#8784).
   * Fix crash in dcerpc_lsa_lookup_sids_noalloc() with
   over 1000 groups; (bso#8807); (bnc#751454).
   * Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760);
   (bnc#741854).
   * s3-printing: fix crash in printer_list_set_printer();
   (bso#8762); (bnc#746825).
   * s3:winbindd fix a return code check; (bso#8406).
   * s3: Add rmdir operation to streams_depot; (bso#8733).
   * s3:smbd:smb2: fix an assignment-instead-of-check bug
   conn_snum_used(); (bso#8738).
   * s3:auth: fill the sids array of the info3 in
   wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739).
   * Do not map POSIX execute permission to Windows
   FILE_READ_ATTRIBUTES; (bso#8631); (bnc#732572).
   * Remove all precompiled idl output to ensure any pidl
   changes take effect; (bnc#757080).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-ldapsmb-6145

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-ldapsmb-6145

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-ldapsmb-6145

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-ldapsmb-6145

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      libldb-devel-3.6.3-0.22.1
      libnetapi-devel-3.6.3-0.22.1
      libnetapi0-3.6.3-0.22.1
      libsmbclient-devel-3.6.3-0.22.1
      libsmbsharemodes-devel-3.6.3-0.22.1
      libsmbsharemodes0-3.6.3-0.22.1
      libtalloc-devel-3.6.3-0.22.1
      libtdb-devel-3.6.3-0.22.1
      libtevent-devel-3.6.3-0.22.1
      libwbclient-devel-3.6.3-0.22.1
      samba-devel-3.6.3-0.22.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):

      ldapsmb-1.34b-12.22.1
      libldb1-3.6.3-0.22.1
      libsmbclient0-3.6.3-0.22.1
      libtalloc2-3.6.3-0.22.1
      libtdb1-3.6.3-0.22.1
      libtevent0-3.6.3-0.22.1
      libwbclient0-3.6.3-0.22.1
      samba-3.6.3-0.22.1
      samba-client-3.6.3-0.22.1
      samba-krb-printing-3.6.3-0.22.1
      samba-winbind-3.6.3-0.22.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64):

      libsmbclient0-32bit-3.6.3-0.22.1
      libtalloc2-32bit-3.6.3-0.22.1
      libtdb1-32bit-3.6.3-0.22.1
      libwbclient0-32bit-3.6.3-0.22.1
      samba-32bit-3.6.3-0.22.1
      samba-client-32bit-3.6.3-0.22.1
      samba-winbind-32bit-3.6.3-0.22.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch):

      samba-doc-3.6.3-0.22.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):

      ldapsmb-1.34b-12.22.1
      libldb1-3.6.3-0.22.1
      libsmbclient0-3.6.3-0.22.1
      libtalloc2-3.6.3-0.22.1
      libtdb1-3.6.3-0.22.1
      libtevent0-3.6.3-0.22.1
      libwbclient0-3.6.3-0.22.1
      samba-3.6.3-0.22.1
      samba-client-3.6.3-0.22.1
      samba-krb-printing-3.6.3-0.22.1
      samba-winbind-3.6.3-0.22.1

   - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64):

      libsmbclient0-32bit-3.6.3-0.22.1
      libtalloc2-32bit-3.6.3-0.22.1
      libtdb1-32bit-3.6.3-0.22.1
      libwbclient0-32bit-3.6.3-0.22.1
      samba-32bit-3.6.3-0.22.1
      samba-client-32bit-3.6.3-0.22.1
      samba-winbind-32bit-3.6.3-0.22.1

   - SUSE Linux Enterprise Server 11 SP2 (noarch):

      samba-doc-3.6.3-0.22.1

   - SUSE Linux Enterprise Server 11 SP2 (ia64):

      libsmbclient0-x86-3.6.3-0.22.1
      libtalloc2-x86-3.6.3-0.22.1
      libtdb1-x86-3.6.3-0.22.1
      libwbclient0-x86-3.6.3-0.22.1
      samba-client-x86-3.6.3-0.22.1
      samba-winbind-x86-3.6.3-0.22.1
      samba-x86-3.6.3-0.22.1

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

      libldb1-3.6.3-0.22.1
      libsmbclient0-3.6.3-0.22.1
      libtalloc2-3.6.3-0.22.1
      libtdb1-3.6.3-0.22.1
      libtevent0-3.6.3-0.22.1
      libwbclient0-3.6.3-0.22.1
      samba-3.6.3-0.22.1
      samba-client-3.6.3-0.22.1
      samba-krb-printing-3.6.3-0.22.1
      samba-winbind-3.6.3-0.22.1

   - SUSE Linux Enterprise Desktop 11 SP2 (x86_64):

      libldb1-32bit-3.6.3-0.22.1
      libsmbclient0-32bit-3.6.3-0.22.1
      libtalloc2-32bit-3.6.3-0.22.1
      libtdb1-32bit-3.6.3-0.22.1
      libtevent0-32bit-3.6.3-0.22.1
      libwbclient0-32bit-3.6.3-0.22.1
      samba-32bit-3.6.3-0.22.1
      samba-client-32bit-3.6.3-0.22.1
      samba-winbind-32bit-3.6.3-0.22.1

   - SUSE Linux Enterprise Desktop 11 SP2 (noarch):

      samba-doc-3.6.3-0.22.1


References:

   https://bugzilla.novell.com/732395
   https://bugzilla.novell.com/732572
   https://bugzilla.novell.com/741854
   https://bugzilla.novell.com/743986
   https://bugzilla.novell.com/746825
   https://bugzilla.novell.com/747934
   https://bugzilla.novell.com/751454
   https://bugzilla.novell.com/752797
   https://bugzilla.novell.com/757080
   https://login.microfocus.com/nidp/app/login

SuSE: 2012:0515-1: critical: Samba

April 17, 2012
An update that contains security fixes can now be installed

Summary

The following issues have been fixed in Samba: * CVE-2012-1182: PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size * CVE-2012-0870: Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions * CVE-2012-0817: Fix memory leak in parent smbd on connection Also the following non-security bugs have been fixed: * s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). * Correctly handle DENY ACEs when privileges apply; (bso#8797). * s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749). * Allow vfs_aio_pthread to build as a static module; (bso#8723). * s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527). * s3: segfault in dom_sid_compare(bso#8567). * Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768). * s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771). * s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599). * Fix problem when calculating the share security mask, take priviliges into account for the connecting user; (bso#8784). * Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807); (bnc#751454). * Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760); (bnc#741854). * s3-printing: fix crash in printer_list_set_printer(); (bso#8762); (bnc#746825). * s3:winbindd fix a return code check; (bso#8406). * s3: Add rmdir operation to streams_depot; (bso#8733). * s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used(); (bso#8738). * s3:auth: fill the sids array of the info3 in wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739). * Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES; (bso#8631); (bnc#732572). * Remove all precompiled idl output to ensure any pidl changes take effect; (bnc#757080). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-ldapsmb-6145 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-ldapsmb-6145 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-ldapsmb-6145 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-ldapsmb-6145 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.22.1 libnetapi-devel-3.6.3-0.22.1 libnetapi0-3.6.3-0.22.1 libsmbclient-devel-3.6.3-0.22.1 libsmbsharemodes-devel-3.6.3-0.22.1 libsmbsharemodes0-3.6.3-0.22.1 libtalloc-devel-3.6.3-0.22.1 libtdb-devel-3.6.3-0.22.1 libtevent-devel-3.6.3-0.22.1 libwbclient-devel-3.6.3-0.22.1 samba-devel-3.6.3-0.22.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): ldapsmb-1.34b-12.22.1 libldb1-3.6.3-0.22.1 libsmbclient0-3.6.3-0.22.1 libtalloc2-3.6.3-0.22.1 libtdb1-3.6.3-0.22.1 libtevent0-3.6.3-0.22.1 libwbclient0-3.6.3-0.22.1 samba-3.6.3-0.22.1 samba-client-3.6.3-0.22.1 samba-krb-printing-3.6.3-0.22.1 samba-winbind-3.6.3-0.22.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.22.1 libtalloc2-32bit-3.6.3-0.22.1 libtdb1-32bit-3.6.3-0.22.1 libwbclient0-32bit-3.6.3-0.22.1 samba-32bit-3.6.3-0.22.1 samba-client-32bit-3.6.3-0.22.1 samba-winbind-32bit-3.6.3-0.22.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch): samba-doc-3.6.3-0.22.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): ldapsmb-1.34b-12.22.1 libldb1-3.6.3-0.22.1 libsmbclient0-3.6.3-0.22.1 libtalloc2-3.6.3-0.22.1 libtdb1-3.6.3-0.22.1 libtevent0-3.6.3-0.22.1 libwbclient0-3.6.3-0.22.1 samba-3.6.3-0.22.1 samba-client-3.6.3-0.22.1 samba-krb-printing-3.6.3-0.22.1 samba-winbind-3.6.3-0.22.1 - SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.22.1 libtalloc2-32bit-3.6.3-0.22.1 libtdb1-32bit-3.6.3-0.22.1 libwbclient0-32bit-3.6.3-0.22.1 samba-32bit-3.6.3-0.22.1 samba-client-32bit-3.6.3-0.22.1 samba-winbind-32bit-3.6.3-0.22.1 - SUSE Linux Enterprise Server 11 SP2 (noarch): samba-doc-3.6.3-0.22.1 - SUSE Linux Enterprise Server 11 SP2 (ia64): libsmbclient0-x86-3.6.3-0.22.1 libtalloc2-x86-3.6.3-0.22.1 libtdb1-x86-3.6.3-0.22.1 libwbclient0-x86-3.6.3-0.22.1 samba-client-x86-3.6.3-0.22.1 samba-winbind-x86-3.6.3-0.22.1 samba-x86-3.6.3-0.22.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): libldb1-3.6.3-0.22.1 libsmbclient0-3.6.3-0.22.1 libtalloc2-3.6.3-0.22.1 libtdb1-3.6.3-0.22.1 libtevent0-3.6.3-0.22.1 libwbclient0-3.6.3-0.22.1 samba-3.6.3-0.22.1 samba-client-3.6.3-0.22.1 samba-krb-printing-3.6.3-0.22.1 samba-winbind-3.6.3-0.22.1 - SUSE Linux Enterprise Desktop 11 SP2 (x86_64): libldb1-32bit-3.6.3-0.22.1 libsmbclient0-32bit-3.6.3-0.22.1 libtalloc2-32bit-3.6.3-0.22.1 libtdb1-32bit-3.6.3-0.22.1 libtevent0-32bit-3.6.3-0.22.1 libwbclient0-32bit-3.6.3-0.22.1 samba-32bit-3.6.3-0.22.1 samba-client-32bit-3.6.3-0.22.1 samba-winbind-32bit-3.6.3-0.22.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch): samba-doc-3.6.3-0.22.1

References

#732395 #732572 #741854 #743986 #746825 #747934

#751454 #752797 #757080

Affected Products:

SUSE Linux Enterprise Software Development Kit 11 SP2

SUSE Linux Enterprise Server 11 SP2 for VMware

SUSE Linux Enterprise Server 11 SP2

SUSE Linux Enterprise Desktop 11 SP2

https://bugzilla.novell.com/732395

https://bugzilla.novell.com/732572

https://bugzilla.novell.com/741854

https://bugzilla.novell.com/743986

https://bugzilla.novell.com/746825

https://bugzilla.novell.com/747934

https://bugzilla.novell.com/751454

https://bugzilla.novell.com/752797

https://bugzilla.novell.com/757080

https://login.microfocus.com/nidp/app/login

Severity
Announcement ID: SUSE-SU-2012:0515-1
Rating: critical

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved