SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2015:0353-1)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

samba was updated to fix one security issue.

This security issue was fixed :

- CVE-2015-0240: Don't call talloc_free on an
uninitialized pointer (bnc#917376).

These non-security issues were fixed :

- Fix vfs_snapper DBus string handling (bso#11055,
bnc#913238).

- Fix libsmbclient DFS referral handling.

- Reuse connections derived from DFS referrals
(bso#10123).

- Set domain/workgroup based on authentication callback
value (bso#11059).

- pam_winbind: Fix warn_pwd_expire implementation
(bso#9056).

- nsswitch: Fix soname of linux nss_*.so.2 modules
(bso#9299).

- Fix profiles tool (bso#9629).

- s3-lib: Do not require a password with --use-ccache
(bso#10279).

- s4:dsdb/rootdse: Expand extended dn values with the
AS_SYSTEM control (bso#10949).

- s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6
addresses (bso#10952).

- s3:smb2_server: Allow reauthentication without signing
(bso#10958).

- s3-smbclient: Return success if we listed the shares
(bso#10960).

- s3-smbstatus: Fix exit code of profile output
(bso#10961).

- libcli: SMB2: Pure SMB2-only negprot fix to make us
behave as a Windows client does (bso#10966).

- s3: smbd/modules: Fix *allocate* calls to follow POSIX
error return convention (bso#10982).

- Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack'
attribute 'supported_extensions' (bso#11006).

- idl:drsuapi: Manage all possible lengths of
drsuapi_DsBindInfo (bso#11006).

- winbind: Retry LogonControl RPC in ping-dc after session
expiration (bso#11034).

- yast2-samba-client should be able to specify osName and
osVer on AD domain join (bnc#873922).

- Lookup FSRVP share snums at runtime rather than storing
them persistently (bnc#908627).

- Specify soft dependency for network-online.target in
Winbind systemd service file (bnc#889175).

- Fix spoolss error response marshalling; (bso#10984).

- pidl/wscript: Remove --with-perl-* options; revert
buildtools/wafadmin/ Tools/perl.py back to upstream
state (bso#10472).

- s4-dns: Add support for BIND 9.10 (bso#10620).

- nmbd fails to accept '--piddir' option; (bso#10711).

- S3: source3/smbd/process.c::srv_send_smb() returns true
on the error path (bso#10880).

- vfs_glusterfs: Remove 'integer fd' code and store the
glfs pointers (bso#10889).

- s3-nmbd: Fix netbios name truncation (bso#10896).

- spoolss: Fix handling of bad EnumJobs levels
(bso#10898).

- spoolss: Fix jobid in level 3 EnumJobs response;
(bso#10905).

- s3: nmbd: Ensure NetBIOS names are only 15 characters
stored; (bso#10920).

- s3:smbd: Fix file corruption using 'write cache size !=
0'; (bso#10921).

- pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).

- s3-keytab: Fix keytab array NULL termination;
(bso#10933).

- Cleanup add_string_to_array and usage; (bso#10942).

- Remove and cleanup shares and registry state associated
with externally deleted snaphots exposed as shadow
copies; (bnc#876312).

- Use the upstream tar ball, as signature verification is
now able to handle compressed archives.

- Fix leak when closing file descriptor returned from
dirfd; (bso#10918).

- Fix spoolss EnumJobs and GetJob responses; (bso#10905);
(bnc#898031).

- Fix handling of bad EnumJobs levels; (bso#10898).

- Remove dependency on gpg-offline as signature checking
is implemented in the source validator.

- s3-libnet: Add libnet_join_get_machine_spns();
(bso#9984).

- s3-libnet: Make sure we do not overwrite precreated
SPNs; (bso#9984).

- s3-libads: Add all machine account principals to the
keytab; (bso#9985).

- s3: winbindd: Old NT Domain code sets struct
winbind_domain->alt_name to be NULL. Ensure this is safe
with modern AD-DCs; (bso#10717).

- Fix unstrcpy; (bso#10735).

- pthreadpool: Slightly serialize jobs; (bso#10779).

- s3: smbd: streams - Ensure share mode validation ignores
internal opens (op_mid == 0); (bso#10797).

- s3: smbd:open_file: Open logic fix; Use a more natural
check; (bso#10809).

- vfs_media_harmony: Fix a crash bug; (bso#10813).

- docs: Mention incompatibility between kernel oplocks and
streams_xattr; (bso#10814).

- nmbd: Send waiting status to systemd; (bso#10816).

- libcli: Fix a segfault calling smbXcli_req_set_pending()
on NULL; (bso#10817).

- nsswitch: Skip groups we were not able to map;
(bso#10824).

- s3-winbindd: Use correct realm for trusted domains in
idmap child; (bso#10826).

- s3: nmbd: Ensure the main nmbd process doesn't create
zombies; (bso#10830).

- s3: lib: Signal handling - ensure smbrun and change
password code save and restore existing SIGCHLD
handlers; (bso#10831).

- idmap_rfc2307: Fix a crash after connection problem to
DC; (bso#10837).

- s3-winbindd: Do not use domain SID from LookupSids for
Sids2UnixIDs call; (bso#10838).

- s3: smb2cli: Query info return length check was
reversed; (bso#10848).

- registry: Don't leave dangling transactions;
(bso#10860).

- Prune idle or hung connections older than 'winbind
request timeout'; (bso#3204); (bnc#872912).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://support.novell.com/security/cve/CVE-2015-0240.html
https://bugzilla.suse.com/872912
https://bugzilla.suse.com/873922
https://bugzilla.suse.com/876312
https://bugzilla.suse.com/889175
https://bugzilla.suse.com/898031
https://bugzilla.suse.com/908627
https://bugzilla.suse.com/913238
https://bugzilla.suse.com/917376
http://www.nessus.org/u?e3122dc9

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2015-91=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-91=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-91=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 83687 ()

Bugtraq ID: 72711

CVE ID: CVE-2015-0240

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now