openSUSE Security Update : samba (openSUSE-SU-2014:1040-1)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This samba update fixes the following security and non security
issues :

- Fix winbind service parameter usage; (bnc#890005).

- lib/param: change the default for 'winbind expand
groups' to '0'; (bnc#890008).

- Update to 4.1.11.

+ A malicious browser can send packets that may overwrite
the heap of the target nmbd NetBIOS name services
daemon; CVE-2014-3560; (bnc#889429).

- Fix 'net time' segfault; (bso#10728); (bnc#889539).

- Update to 4.1.10.

+ net/doc: Make clear that net vampire is for NT4 domains
only; (bso#3263).

+ dbcheck: Add check and test for various invalid
userParameters values; (bso#8077).

+ s4:dsdb/samldb: Don't allow 'userParameters' to be
modified over LDAP for now; (bso#8077).

+ Simple use case results in 'no talloc stackframe around,
leaking memory' error; (bso#8449).

+ s4:dsdb/repl_meta_data: Make sure objectGUID can't be
deleted; (bso#9763).

+ dsdb: Always store and return the userParameters as a
array of LE 16-bit values; (bso#10130).

+ s4:repl_meta_data: fix array assignment in
replmd_process_linked_attribute(); (bso#10294).

+ ldb-samba: fix a memory leak in
ldif_canonicalise_objectCategory(); (bso#10469).

+ dbchecker: Verify and fix broken dn values; (bso#10536).

+ dsdb: Rename private_data to rootdse_private_data in
rootdse; (bso#10582).

+ s3: libsmbclient: Work around bugs in SLES cifsd and
Apple smbx SMB1 servers; (bso#10587).

+ Fix 'PANIC: assert failed at
../source3/smbd/open.c(1582): ret'; (bso#10593).

+ rid_array used before status checked - segmentation
fault due to NULL pointer dereference; (bso#10627).

+ Samba won't start on a machine configured with only
IPv4; (bso#10653).

+ msg_channel: Fix a 100% CPU loop; (bso#10663).

+ s3: smbd: Prevent file truncation on an open that fails
with share mode violation; (bso#10671); (bnc#884056).

+ s3: SMB2: Fix leak of blocking lock records in the
database; (bso#10673).

+ samba-tool: Add --site parameter to provision command;
(bso#10674).

+ smbstatus: Fix an uninitialized variable; (bso#10680).

+ SMB1 blocking locks can fail notification on unlock,
causing client timeout; (bso#10684).

+ s3: smbd: Locking, fix off-by one calculation in
brl_pending_overlap(); (bso#10685).

+ 'RW2' smbtorture test fails when -N <numprocs> is set to
2 due to the invalid status check in the second client;
(bso#10687).

+ wbcCredentialCache fails if challenge_blob is not first;
(bso#10692).

+ Backport ldb-1.1.17 + changes from master; (bso#10693).

+ Fix SEGV from improperly formed SUBSTRING/PRESENCE
filter; (bso#10693).

+ ldb: Add a env variable to disable RTLD_DEEPBIND;
(bso#10693).

+ ldb: Do not build libldb-cmdline when using system ldb;
(bso#10693).

+ ldb: Fix 1138330 Dereference null return value, fix CIDs
241329, 240798, 1034791, 1034792 1034910, 1034910);
(bso#10693).

+ ldb: make the successful ldb_transaction_start() message
clearer; (bso#10693).

+ ldb:pyldb: Add some more helper functions for LdbDn;
(bso#10693).

+ ldb: Use of NULL pointer bugfix; (bso#10693).

+ lib/ldb: Fix compiler warnings; (bso#10693).

+ pyldb: Decrement ref counters on py_results and quiet
warnings; (bso#10693).

+ s4-openldap: Remove use of talloc_reference in
ldb_map_outbound.c; (bso#10693).

+ dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted
object; (bso#10694).

+ s4:dsdb/extended_dn_in: Don't force
DSDB_SEARCH_SHOW_RECYCLED; (bso#10694).

+ Backport autobuild/selftest fixes from master;
(bso#10696).

+ Backport drs-crackname fixes from master; (bso#10698).

+ smbd: Avoid double-free in get_print_db_byname;
(bso#10699).

+ Backport access check related fixes from master;
(bso#10700).

+ Backport provision fixes from master; (bso#10703).

+ s3:smb2_read: let smb2_sendfile_send_data() behave like
send_file_readX(); (bso#10706).

+ s3: Fix missing braces in nfs4_acls.c.

- Add missing newline to debug message in daemon_ready();
(bnc#865627).

- BuildRequire systemd-devel, configure --with-systemd,
and modify the service files accordingly on post-12.2
systems; (bso#10517); (bnc#865627).

- Prevent file truncation on an open that fails with share
mode violation; (bso#10671); (bnc#884056).

Dependend libraries were version updated :

libtdb was updated to version 1.3.0. (lots of bugfixes, some new
functionality) libtevent was updated to 0.9.21. (lots of bugfixes,
some new functionality) libldb was updated to to 1.1.17 (lots of
bugfixes, some new functionality) libtalloc was updated to 2.1.1.
(lots of bugfixes, some new functionality)

See also :

http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html
https://bugzilla.novell.com/show_bug.cgi?id=865627
https://bugzilla.novell.com/show_bug.cgi?id=884056
https://bugzilla.novell.com/show_bug.cgi?id=889429
https://bugzilla.novell.com/show_bug.cgi?id=889539
https://bugzilla.novell.com/show_bug.cgi?id=890005
https://bugzilla.novell.com/show_bug.cgi?id=890008

Solution :

Update the affected samba packages.

Risk factor :

High / CVSS Base Score : 7.9
(CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 77296 ()

Bugtraq ID:

CVE ID: CVE-2014-3560

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now