Security update for Samba

SUSE Security Update: Security update for Samba
Announcement ID: SUSE-SU-2014:0723-1
Rating: moderate
References: #783384 #799641 #800982 #829969 #844720 #849224 #853021 #853347
Affected Products:
  • SUSE Linux Enterprise Server 11 SP1 LTSS

  • An update that solves 6 vulnerabilities and has two fixes is now available.

    Description:


    This is a LTSS roll-up update for the Samba Server suite fixing multiple
    security issues and bugs.

    Security issues fixed:

    * CVE-2013-4496: Password lockout was not enforced for SAMR password
    changes, leading to brute force possibility.
    * CVE-2013-4408: DCE-RPC fragment length field is incorrectly checked.
    * CVE-2013-4124: Samba was affected by a denial of service attack on
    authenticated or guest connections.
    * CVE-2013-0214: The SWAT webadministration was affected by a cross
    site scripting attack (XSS).
    * CVE-2013-0213: The SWAT webadministration could possibly be used in
    clickjacking attacks.

    Security Issue references:

    * CVE-2012-6150

    * CVE-2013-0213

    * CVE-2013-0214

    * CVE-2013-4124

    * CVE-2013-4408

    * CVE-2013-4496

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 11 SP1 LTSS:
      zypper in -t patch slessp1-cifs-mount-9117

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64):
      • cifs-mount-3.4.3-1.52.3
      • ldapsmb-1.34b-11.28.52.3
      • libsmbclient0-3.4.3-1.52.3
      • libtalloc1-3.4.3-1.52.3
      • libtdb1-3.4.3-1.52.3
      • libwbclient0-3.4.3-1.52.3
      • samba-3.4.3-1.52.3
      • samba-client-3.4.3-1.52.3
      • samba-krb-printing-3.4.3-1.52.3
      • samba-winbind-3.4.3-1.52.3
    • SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64):
      • libsmbclient0-32bit-3.4.3-1.52.3
      • libtalloc1-32bit-3.4.3-1.52.3
      • libtdb1-32bit-3.4.3-1.52.3
      • libwbclient0-32bit-3.4.3-1.52.3
      • samba-32bit-3.4.3-1.52.3
      • samba-client-32bit-3.4.3-1.52.3
      • samba-winbind-32bit-3.4.3-1.52.3
    • SUSE Linux Enterprise Server 11 SP1 LTSS (noarch):
      • samba-doc-3.4.3-1.52.3

    References:

    • http://support.novell.com/security/cve/CVE-2012-6150.html
    • http://support.novell.com/security/cve/CVE-2013-0213.html
    • http://support.novell.com/security/cve/CVE-2013-0214.html
    • http://support.novell.com/security/cve/CVE-2013-4124.html
    • http://support.novell.com/security/cve/CVE-2013-4408.html
    • http://support.novell.com/security/cve/CVE-2013-4496.html
    • https://bugzilla.novell.com/783384
    • https://bugzilla.novell.com/799641
    • https://bugzilla.novell.com/800982
    • https://bugzilla.novell.com/829969
    • https://bugzilla.novell.com/844720
    • https://bugzilla.novell.com/849224
    • https://bugzilla.novell.com/853021
    • https://bugzilla.novell.com/853347
    • http://download.suse.com/patch/finder/?keywords=20647ef4a682db1b2ce9c1aec3368f57