Security update for Samba

SUSE Security Update: Security update for Samba

Announcement ID:	SUSE-SU-2012:0337-1
Rating:	critical
References:	#633729 #703655 #747934
Affected Products:	SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Server 10 SP3 LTSS SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4

An update that solves one vulnerability and has two fixes is now available.

Description:

This update of Samba fixes a heap-based buffer overflow
that could be exploited by remote, unauthenticated
attackers to crash the smbd daemon or potentially execute
arbitrary code via specially crafted SMB AndX request
packets (CVE-2012-0870).

Also fixed two non security bugs:

* Fix to handle domain join using NetBIOS name; (bnc
#633729).
* Fixed the DFS referral response for msdfs root;
(bnc#703655).

Security Issue reference:

* CVE-2012-0870
>

Package List:

SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

cifs-mount-3.0.36-0.13.18.1

ldapsmb-1.34b-25.13.18.1

libmsrpc-3.0.36-0.13.18.1

libmsrpc-devel-3.0.36-0.13.18.1

libsmbclient-3.0.36-0.13.18.1

libsmbclient-devel-3.0.36-0.13.18.1

samba-3.0.36-0.13.18.1

samba-client-3.0.36-0.13.18.1

samba-krb-printing-3.0.36-0.13.18.1

samba-python-3.0.36-0.13.18.1

samba-vscan-0.3.6b-43.13.18.1

samba-winbind-3.0.36-0.13.18.1
SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):

libsmbclient-32bit-3.0.36-0.13.18.1

samba-32bit-3.0.36-0.13.18.1

samba-client-32bit-3.0.36-0.13.18.1

samba-winbind-32bit-3.0.36-0.13.18.1
SUSE Linux Enterprise Server 10 SP4 (ia64):

libsmbclient-x86-3.0.36-0.13.18.1

samba-client-x86-3.0.36-0.13.18.1

samba-winbind-x86-3.0.36-0.13.18.1

samba-x86-3.0.36-0.13.18.1
SUSE Linux Enterprise Server 10 SP4 (ppc):

libsmbclient-64bit-3.0.36-0.13.18.1

samba-64bit-3.0.36-0.13.18.1

samba-client-64bit-3.0.36-0.13.18.1

samba-winbind-64bit-3.0.36-0.13.18.1
SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):

cifs-mount-3.0.36-0.13.18.1

ldapsmb-1.34b-25.13.18.1

libmsrpc-3.0.36-0.13.18.1

libmsrpc-devel-3.0.36-0.13.18.1

libsmbclient-3.0.36-0.13.18.1

libsmbclient-devel-3.0.36-0.13.18.1

samba-3.0.36-0.13.18.1

samba-client-3.0.36-0.13.18.1

samba-krb-printing-3.0.36-0.13.18.1

samba-python-3.0.36-0.13.18.1

samba-vscan-0.3.6b-43.13.18.1

samba-winbind-3.0.36-0.13.18.1
SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64):

libsmbclient-32bit-3.0.36-0.13.18.1

samba-32bit-3.0.36-0.13.18.1

samba-client-32bit-3.0.36-0.13.18.1

samba-winbind-32bit-3.0.36-0.13.18.1
SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

cifs-mount-3.0.36-0.13.18.1

ldapsmb-1.34b-25.13.18.1

libsmbclient-3.0.36-0.13.18.1

libsmbclient-devel-3.0.36-0.13.18.1

samba-3.0.36-0.13.18.1

samba-client-3.0.36-0.13.18.1

samba-krb-printing-3.0.36-0.13.18.1

samba-vscan-0.3.6b-43.13.18.1

samba-winbind-3.0.36-0.13.18.1
SUSE Linux Enterprise Desktop 10 SP4 (x86_64):

libsmbclient-32bit-3.0.36-0.13.18.1

samba-32bit-3.0.36-0.13.18.1

samba-client-32bit-3.0.36-0.13.18.1

samba-winbind-32bit-3.0.36-0.13.18.1
SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):

libmsrpc-3.0.36-0.13.18.1

libmsrpc-devel-3.0.36-0.13.18.1

libsmbclient-devel-3.0.36-0.13.18.1

libsmbsharemodes-3.0.36-0.13.18.1

libsmbsharemodes-devel-3.0.36-0.13.18.1

samba-python-3.0.36-0.13.18.1

References:

http://support.novell.com/security/cve/CVE-2012-0870.html
https://bugzilla.novell.com/633729
https://bugzilla.novell.com/703655
https://bugzilla.novell.com/747934
http://download.suse.com/patch/finder/?keywords=547e3b7057adb631e1439605662293be
http://download.suse.com/patch/finder/?keywords=7da8ca4f10f91e5bf4d12b67b2bd7522