Security update for Samba
SUSE Security Update: Security update for Samba
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 4.0.1 was affected by a cross-site request
forgery; CVE-2013-0214; (bnc#799641).
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 4.0.1 could possibly be used in clickjacking
attacks; CVE-2013-0213; (bnc#800982).
Also the following bugs have been fixed:
* Don't clutter the spec file diff view; (bnc#783384).
* s3: Fix uninitialized memory read in talloc_free();
(bnc#764577).
* Attempt to use samlogon validation level 6;
(bso#7945); (bnc#741623).
* Add PreReq /etc/init.d/nscd to the winbind package;
(bnc#759731).
* Recover from ncacn_ip_tcp ACCESS_DENIED/SEC_PKG_ERROR
lsa errors; (bso#7944); (bnc#755663).
* Fix lsa_LookupSids3 and lsa_LookupNames4 arguments.
Security Issue references:
* CVE-2013-0213
>
* CVE-2013-0214
>
Announcement ID: | SUSE-SU-2013:0519-1 |
Rating: | important |
References: | #499233 #741623 #755663 #759731 #764577 #783384 #799641 #800982 |
Affected Products: |
An update that solves two vulnerabilities and has 6 fixes is now available.
Description:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 4.0.1 was affected by a cross-site request
forgery; CVE-2013-0214; (bnc#799641).
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 4.0.1 could possibly be used in clickjacking
attacks; CVE-2013-0213; (bnc#800982).
Also the following bugs have been fixed:
* Don't clutter the spec file diff view; (bnc#783384).
* s3: Fix uninitialized memory read in talloc_free();
(bnc#764577).
* Attempt to use samlogon validation level 6;
(bso#7945); (bnc#741623).
* Add PreReq /etc/init.d/nscd to the winbind package;
(bnc#759731).
* Recover from ncacn_ip_tcp ACCESS_DENIED/SEC_PKG_ERROR
lsa errors; (bso#7944); (bnc#755663).
* Fix lsa_LookupSids3 and lsa_LookupNames4 arguments.
Security Issue references:
* CVE-2013-0213
* CVE-2013-0214
Package List:
- SUSE Linux Enterprise Server 10 GPLv3 Extras (i586 ia64 ppc s390x x86_64):
- libnetapi-devel-3.4.3-0.47.3
- libnetapi0-3.4.3-0.47.3
- libtalloc-devel-3.4.3-0.47.3
- libtalloc1-3.4.3-0.47.3
- libtdb-devel-3.4.3-0.47.3
- libtdb1-3.4.3-0.47.3
- libwbclient-devel-3.4.3-0.47.3
- libwbclient0-3.4.3-0.47.3
- samba-gplv3-3.4.3-0.47.3
- samba-gplv3-client-3.4.3-0.47.3
- samba-gplv3-krb-printing-3.4.3-0.47.3
- samba-gplv3-winbind-3.4.3-0.47.3
- SUSE Linux Enterprise Server 10 GPLv3 Extras (noarch):
- samba-gplv3-doc-3.4.3-0.47.3
References:
- http://support.novell.com/security/cve/CVE-2013-0213.html
- http://support.novell.com/security/cve/CVE-2013-0214.html
- https://bugzilla.novell.com/499233
- https://bugzilla.novell.com/741623
- https://bugzilla.novell.com/755663
- https://bugzilla.novell.com/759731
- https://bugzilla.novell.com/764577
- https://bugzilla.novell.com/783384
- https://bugzilla.novell.com/799641
- https://bugzilla.novell.com/800982
- http://download.suse.com/patch/finder/?keywords=2420a6d522645b2b55c7b8e17af958f1