openSUSE Security Update : samba (openSUSE-SU-2014:0404-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Samba was updated to 4.1.6, fixing bugs and security issues :

- Password lockout not enforced for SAMR password changes,
this allowed brute forcing of passwords; CVE-2013-4496;
(bnc#849224).

- smbcacls can remove a file or directory ACL by mistake;
CVE-2013-6442; (bnc#855866).

Also the following bugs were fixed :

- Call update-apparmor-samba-profile via ExecStartPre too;
(bnc#867665).

- Retry named pipe open requests on
STATUS_PIPE_NOT_AVAILABLE; (bso#10484); (bnc#865095).

- Propagate snapshot enumeration permissions errors to SMB
clients; (bnc#865641).

- Properly handle empty 'requires_membership_of' entries
in /etc/security/pam_winbind.conf; (bnc#865771).

- Fix problem with server taking too long to respond to a
MSG_PRINTER_DRVUPGRADE message; (bso#9942);
(bnc#863748).

- Fix memory leak in printer_list_get_printer();
(bso#9993); (bnc#865561).

- Fix stream_depot VFS module on Btrfs; (bso#10467);
(bnc#865397).

- Use libarchive to provide improved smbclient tarmode
functionality; (bso#9667); (bnc#861135).

- Depend on %version-%release with all manual Provides and
Requires; (bnc#844307).

- Update to 4.1.5.

+ Fix 100% CPU utilization in winbindd when trying to free
memory in winbindd_reinit_after_fork; (bso#10358);
(bnc#786677).

+ smbd: Fix memory overwrites; (bso#10415).

+ s3-winbind: Improve performance of
wb_fill_pwent_sid2uid_done(); (bso#2191).

+ ntlm_auth sometimes returns the wrong username to
mod_ntlm_auth_winbind; (bso#10087).

+ s3: smbpasswd: Fix crashes on invalid input;
(bso#10320).

+ s3: vfs_dirsort module: Allow dirsort to work when
multiple simultaneous directories are open; (bso#10406).

+ Add support for Heimdal's unified krb5 and hdb plugin
system, cope with first element in hdb_method having a
different name in different heimdal versions and fix
INTERNAL ERROR: Signal 11 in the kdc pid; (bso#10418).

+ vfs_btrfs: Fix incorrect zero length server-side copy
request handling; (bso#10424).

+ s3: modules: streaminfo: As we have no VFS function
SMB_VFS_LLISTXATTR we can't cope with a symlink when
lp_posix_pathnames() is true; (bso#10429).

+ smbd: Fix an ancient oplock bug; (bso#10436).

+ Fix crash bug in smb2_notify code; (bso#10442).

- Remove superfluous obsoletes *-64bit in the ifarch ppc64
case; (bnc#437293).

- Migrate @GMT token parsing functionality into
vfs_snapper; (bnc#863079).

+ Improve vfs_snapper documentation.

- Fix Winbind 100% CPU utilization caused by domain list
corruption; (bso#10358); (bnc#786677).

- Fix memory overwrite in FSCTL_VALIDATE_NEGOTIATE_INFO
handler; (bso#10415); (bnc#862370).

- Streamline the vendor suffix handling and add support
for SLE 12.

- Fix zero length server-side copy request handling;
(bso#10424); (bnc#862558).

- Set the PID directory to /run/samba on post-12.2
systems.

- Make use of the tmpfilesdir macro while calling
systemd-tmpfiles.

- Make winbindd print the interface version when it gets
an INTERFACE_VERSION request; (bnc#726937).

- Fix vfs_btrfs build on older platforms with duplicate
WRITE_FLUSH definitions; (bnc#860832).

- Check for NULL gensec_security in
gensec_security_by_auth_type(); (bnc#860809).

- Ensure ndr table initialization; (bnc#860648).

- Add File Server Remote VSS Protocol (FSRVP) server for
SMB share shadow-copies; (fate#313346).

- s3-dir: Fix the DOS clients against 64-bit smbd's;
(bso#2662).

- shadow_copy2: module 'Previous Version' not working in
Windows 7; (bso#10259).

- s3-passdb: Fix string duplication to pointers;
(bso#10367).

- vfs/glusterfs: in case atime is not passed, set it to
the current atime; (bso#10384)

- s3: winbindd: Move calling setup_domain_child() into
add_trusted_domain(); (bso#10358); (bnc#786677).

- Default sysconfig daemon options to -D; (bso#10388);
(bnc#857454).

- Add /var/cache/samba to the client file list;
(bnc#846586).

- Really add the WINBINDDOPTIONS sysconfig variable on
install; (bnc#857454).

- Correct sysconfig variable names by adding the missing D
char; (bnc#857454).

- Update to 4.1.4.

+ Fix segfault in smbd; (bso#10284).

+ Fix SMB2 server panic when a smb2 brlock times out;
(bso#10311).

- Call stop_on_removal from preun and restart_on_update
and insserv_cleanup from postun on pre-12.3 systems
only; (bnc#857454).

- BuildRequire gamin-devel instead of unmaintained
fam-devel package on post-12.1 systems.

- smbd: allow updates on directory write times on open
handles; (bso#9870).

- lib/util: use proper include for struct stat;
(bso#10276).

- s3:winbindd fix use of uninitialized variables;
(bso#10280).

- s3-winbindd: Fix DEBUG statement in
winbind_msg_offline(); (bso#10285).

- s3-lib: Fix %G substitution for domain users in smbd;
(bso#10286).

- smbd: Always use UCF_PREP_CREATEFILE for
filename_convert calls to resolve a path for open;
(bso#10297).

- smb2_server processing overhead; (bso#10298).

- ldb: bad if test in ldb_comparison_fold(); (bso#10305).

- Fix AIO with SMB2 and locks; (bso#10310).

- smbd: Fix a panic when a smb2 brlock times out;
(bso#10311).

- vfs_glusterfs: Enable per client log file; (bso#10337).

- Add /etc/sysconfig/samba to the main and winbind
package; (bnc#857454).

- Create /var/run/samba with systemd-tmpfiles on post-12.2
systems; (bnc#856759).

- Fix broken rc{nmb,smb,winbind} sym links which should
point to the service binary on post-12.2 systems;
(bnc#856759).

- Add Snapper VFS module for snapshot manipulation;
(fate#313347).

+ dbus-1-devel required at build time.

- Add File Server Remote VSS Protocol (FSRVP) client for
SMB share shadow-copies; (fate#313345).

- Do not BuildRequire perl ExtUtils::MakeMaker and
Parse::Yapp as they're part of the minimum build
environment.

- Allow smbcacls to take a '--propagate-inheritance' flag
to indicate that the add, delete, modify and set
operations now support automatic propagation of
inheritable ACE(s); (FATE#316474).

See also :

http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html
https://bugzilla.novell.com/show_bug.cgi?id=437293
https://bugzilla.novell.com/show_bug.cgi?id=726937
https://bugzilla.novell.com/show_bug.cgi?id=786677
https://bugzilla.novell.com/show_bug.cgi?id=844307
https://bugzilla.novell.com/show_bug.cgi?id=846586
https://bugzilla.novell.com/show_bug.cgi?id=849224
https://bugzilla.novell.com/show_bug.cgi?id=855866
https://bugzilla.novell.com/show_bug.cgi?id=856759
https://bugzilla.novell.com/show_bug.cgi?id=857454
https://bugzilla.novell.com/show_bug.cgi?id=860648
https://bugzilla.novell.com/show_bug.cgi?id=860809
https://bugzilla.novell.com/show_bug.cgi?id=860832
https://bugzilla.novell.com/show_bug.cgi?id=861135
https://bugzilla.novell.com/show_bug.cgi?id=862370
https://bugzilla.novell.com/show_bug.cgi?id=862558
https://bugzilla.novell.com/show_bug.cgi?id=863079
https://bugzilla.novell.com/show_bug.cgi?id=863748
https://bugzilla.novell.com/show_bug.cgi?id=865095
https://bugzilla.novell.com/show_bug.cgi?id=865397
https://bugzilla.novell.com/show_bug.cgi?id=865561
https://bugzilla.novell.com/show_bug.cgi?id=865641
https://bugzilla.novell.com/show_bug.cgi?id=865771
https://bugzilla.novell.com/show_bug.cgi?id=867665

Solution :

Update the affected samba packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 75301 ()

Bugtraq ID:

CVE ID: CVE-2013-4496
CVE-2013-6442

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now