SUSE-SU-2014:0723-1: moderate: Security update for Samba

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed May 28 12:04:11 MDT 2014


   SUSE Security Update: Security update for Samba
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0723-1
Rating:             moderate
References:         #783384 #799641 #800982 #829969 #844720 #849224 
                    #853021 #853347 
Cross-References:   CVE-2012-6150 CVE-2013-0213 CVE-2013-0214
                    CVE-2013-4124 CVE-2013-4408 CVE-2013-4496
                   
Affected Products:
                    SUSE Linux Enterprise Server 11 SP1 LTSS
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has two fixes
   is now available.

Description:


   This is a LTSS roll-up update for the Samba Server suite fixing multiple
   security issues and bugs.

   Security issues fixed:

       * CVE-2013-4496: Password lockout was not enforced for SAMR password
         changes, leading to brute force possibility.
       * CVE-2013-4408: DCE-RPC fragment length field is incorrectly checked.
       * CVE-2013-4124: Samba was affected by a denial of service attack on
         authenticated or guest connections.
       * CVE-2013-0214: The SWAT webadministration was affected by a cross
         site scripting attack (XSS).
       * CVE-2013-0213: The SWAT webadministration could possibly be used in
         clickjacking attacks.

   Security Issue references:

       * CVE-2012-6150
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150>
       * CVE-2013-0213
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213>
       * CVE-2013-0214
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214>
       * CVE-2013-4124
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124>
       * CVE-2013-4408
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408>
       * CVE-2013-4496
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496>


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP1 LTSS:

      zypper in -t patch slessp1-cifs-mount-9117

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64):

      cifs-mount-3.4.3-1.52.3
      ldapsmb-1.34b-11.28.52.3
      libsmbclient0-3.4.3-1.52.3
      libtalloc1-3.4.3-1.52.3
      libtdb1-3.4.3-1.52.3
      libwbclient0-3.4.3-1.52.3
      samba-3.4.3-1.52.3
      samba-client-3.4.3-1.52.3
      samba-krb-printing-3.4.3-1.52.3
      samba-winbind-3.4.3-1.52.3

   - SUSE Linux Enterprise Server 11 SP1 LTSS (s390x x86_64):

      libsmbclient0-32bit-3.4.3-1.52.3
      libtalloc1-32bit-3.4.3-1.52.3
      libtdb1-32bit-3.4.3-1.52.3
      libwbclient0-32bit-3.4.3-1.52.3
      samba-32bit-3.4.3-1.52.3
      samba-client-32bit-3.4.3-1.52.3
      samba-winbind-32bit-3.4.3-1.52.3

   - SUSE Linux Enterprise Server 11 SP1 LTSS (noarch):

      samba-doc-3.4.3-1.52.3


References:

   http://support.novell.com/security/cve/CVE-2012-6150.html
   http://support.novell.com/security/cve/CVE-2013-0213.html
   http://support.novell.com/security/cve/CVE-2013-0214.html
   http://support.novell.com/security/cve/CVE-2013-4124.html
   http://support.novell.com/security/cve/CVE-2013-4408.html
   http://support.novell.com/security/cve/CVE-2013-4496.html
   https://bugzilla.novell.com/783384
   https://bugzilla.novell.com/799641
   https://bugzilla.novell.com/800982
   https://bugzilla.novell.com/829969
   https://bugzilla.novell.com/844720
   https://bugzilla.novell.com/849224
   https://bugzilla.novell.com/853021
   https://bugzilla.novell.com/853347
   http://download.suse.com/patch/finder/?keywords=20647ef4a682db1b2ce9c1aec3368f57



More information about the sle-security-updates mailing list