openSUSE Security Update : samba (openSUSE-SU-2013:1787-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

the following security issues were fixed in samba :

- ACLs are not checked on opening an alternate data stream
on a file or directory; CVE-2013-4475; (bso#10229);
(bnc#848101).

- Fix memleak in reload_printers_full(); (bso#9993).

- Valid utf8 filenames cause 'invalid conversion error'
messages; (bso#10139).

- s3: smb2 breaks 'smb encryption = mandatory';
(bso#10167).

- Missing talloc_free can leak stackframe in error path;
(bso#10187).

- Offline logon cache not updating for cross child domain
group membership; (bso#10194).

- The preceding bugs are tracked by (bnc#849226) too.

- Make Samba work on site with Read Only Domain
Controller; (bso#5917).

- Give machine password changes 10 minutes of time;
(bso#8955).

- NetrServerPasswordSet2 timeout is too short; (bso#8955).

- Fix fallback to ncacn_np in cm_connect_lsat();
(bso#9615); (bso#9899).

- s3-winbind: Do not delete an existing valid credential
cache; (bso#9994).

- 'net ads join': Fix segmentation fault in
create_local_private_krb5_conf_for_domain; (bso#10073).

- Fix variable list in man vfs_crossrename; (bso#10076).

- MacOSX 10.9 will not follow path-based DFS referrals
handed out by Samba; (bso#10097).

- Honour output buffer length set by the client for SMB2
GetInfo requests; (bso#10106).

- Handle Dropbox (write-only-directory) case correctly in
pathname lookup; (bso#10114).

- Fix 'smbstatus' as non-root user; (bso#10127).

- The preceding bugs are tracked by (bnc#849226) too.

- Windows 8 Roaming profiles fail; (bso#9678).

- Linux kernel oplock breaks can miss signals;
(bso#10064).

- The preceding bugs are tracked by (bnc#849226) too.

- Verify source tar ball gpg signature.

- Store and return the correct spoolss jobid in
notifications; (bnc#838472).

- Reload snums before processing the printer list.
(bnc#817880).

See also :

http://lists.opensuse.org/opensuse-updates/2013-11/msg00115.html
https://bugzilla.novell.com/show_bug.cgi?id=817880
https://bugzilla.novell.com/show_bug.cgi?id=838472
https://bugzilla.novell.com/show_bug.cgi?id=848101
https://bugzilla.novell.com/show_bug.cgi?id=849226

Solution :

Update the affected samba packages.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 3.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 75215 ()

Bugtraq ID: 63646

CVE ID: CVE-2013-4475

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now