Security update for Samba

SUSE Security Update: Security update for Samba
Announcement ID: SUSE-SU-2013:0519-1
Rating: important
References: #499233 #741623 #755663 #759731 #764577 #783384 #799641 #800982
Affected Products:
  • SUSE Linux Enterprise Server 10 GPLv3 Extras

  • An update that solves two vulnerabilities and has 6 fixes is now available.

    Description:


    The Samba Web Administration Tool (SWAT) in Samba versions
    3.0.x to 4.0.1 was affected by a cross-site request
    forgery; CVE-2013-0214; (bnc#799641).

    The Samba Web Administration Tool (SWAT) in Samba versions
    3.0.x to 4.0.1 could possibly be used in clickjacking
    attacks; CVE-2013-0213; (bnc#800982).

    Also the following bugs have been fixed:

    * Don't clutter the spec file diff view; (bnc#783384).
    * s3: Fix uninitialized memory read in talloc_free();
    (bnc#764577).
    * Attempt to use samlogon validation level 6;
    (bso#7945); (bnc#741623).
    * Add PreReq /etc/init.d/nscd to the winbind package;
    (bnc#759731).
    * Recover from ncacn_ip_tcp ACCESS_DENIED/SEC_PKG_ERROR
    lsa errors; (bso#7944); (bnc#755663).
    * Fix lsa_LookupSids3 and lsa_LookupNames4 arguments.

    Security Issue references:

    * CVE-2013-0213
    >
    * CVE-2013-0214
    >

    Package List:

    • SUSE Linux Enterprise Server 10 GPLv3 Extras (i586 ia64 ppc s390x x86_64):
    • libnetapi-devel-3.4.3-0.47.3
    • libnetapi0-3.4.3-0.47.3
    • libtalloc-devel-3.4.3-0.47.3
    • libtalloc1-3.4.3-0.47.3
    • libtdb-devel-3.4.3-0.47.3
    • libtdb1-3.4.3-0.47.3
    • libwbclient-devel-3.4.3-0.47.3
    • libwbclient0-3.4.3-0.47.3
    • samba-gplv3-3.4.3-0.47.3
    • samba-gplv3-client-3.4.3-0.47.3
    • samba-gplv3-krb-printing-3.4.3-0.47.3
    • samba-gplv3-winbind-3.4.3-0.47.3
    • SUSE Linux Enterprise Server 10 GPLv3 Extras (noarch):
    • samba-gplv3-doc-3.4.3-0.47.3

    References:

    • http://support.novell.com/security/cve/CVE-2013-0213.html
    • http://support.novell.com/security/cve/CVE-2013-0214.html
    • https://bugzilla.novell.com/499233
    • https://bugzilla.novell.com/741623
    • https://bugzilla.novell.com/755663
    • https://bugzilla.novell.com/759731
    • https://bugzilla.novell.com/764577
    • https://bugzilla.novell.com/783384
    • https://bugzilla.novell.com/799641
    • https://bugzilla.novell.com/800982
    • http://download.suse.com/patch/finder/?keywords=2420a6d522645b2b55c7b8e17af958f1