Overview

File _patchinfo of Package patchinfo.2643

<patchinfo>
  <issue id="755663" tracker="bnc">winbind fails initially</issue>
  <issue id="854520" tracker="bnc">upstream fixes tracker bug for Dec 2013 update</issue>
  <issue id="853021" tracker="bnc">libsmbclient0 package description contains comments</issue>
  <issue id="844720" tracker="bnc">VUL-0: CVE-2013-4408: samba: DCERPC frag_len not checked</issue>
  <issue id="786677" tracker="bnc">winbindd 100% CPU</issue>
  <issue id="853347" tracker="bnc">VUL-0: CVE-2012-6150: samba: winbind pam security problem</issue>
  <issue id="865561" tracker="bnc">memory leak in printer_list_get_printer()</issue>
  <issue id="863748" tracker="bnc">unable to export printer when server is under heavy load</issue>
  <issue id="437293" tracker="bnc">obsolete -XXbit packages during system upgrade</issue>
  <issue id="741623" tracker="bnc">Samba fileshare not working with server signing =auto</issue>
  <issue id="849224" tracker="bnc">VUL-0: CVE-2013-4496: samba: Password lockout not enforced for SAMR password changes</issue>
  <issue id="844307" tracker="bnc">zypper up does not pull needed updates</issue>
  <issue id="CVE-2013-4496" tracker="cve" />
  <issue id="CVE-2012-6150" tracker="cve" />
  <issue id="CVE-2013-4408" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>lmuelle</packager>
  <description>
Samba was updated to fix security issues and bugs:

Security issues fixed:
- Password lockout was not enforced for SAMR password changes, this allowed brute force attacks on passwords.
  CVE-2013-4496; (bnc#849224).

- The DCE-RPC fragment length field is incorrectly checked, which could expose samba clients to
  buffer overflow exploits caused by malicious servers; CVE-2013-4408; (bnc#844720).

- The pam_winbind login without require_membership_of restrictions could allow fallbacks to local
  users even if they were not intended to be allowed; CVE-2012-6150; (bnc#853347).

Also non security bugs were fixed:
- Fix problem with server taking too long to respond to a
  MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748).

- Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561).

- Depend on %version-%release with all manual Provides and Requires;
  (bnc#844307).

- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).

- Fix Winbind 100% CPU utilization caused by domain list corruption;
  (bso#10358); (bnc#786677).

- Samba is chatty about being unable to open a printer; (bso#10118).
- nsswitch: Fix short writes in winbind_write_sock; (bso#10195).
- xattr: fix listing EAs on *BSD for non-root users; (bso#10247).
- spoolss: accept XPS_PASS datatype used by Windows 8; (bso#10267).
- The preceding bugs are tracked by (bnc#854520) too.


- Make use of the full gpg pub key file name including the key ID.

- Remove bogus libsmbclient0 package description and cleanup the libsmbclient
  line from baselibs.conf; (bnc#853021).

- Allow smbcacls to take a '--propagate-inheritance' flag to indicate that
  the add, delete, modify and set operations now support automatic
  propagation of inheritable ACE(s); (FATE#316474).

- Attempt to use samlogon validation level 6; (bso#7945); (bnc#741623).

- Recover from ncacn_ip_tcp ACCESS_DENIED/SEC_PKG_ERROR lsa errors;
  (bso#7944); (bnc#755663).
- Fix lsa_LookupSids3 and lsa_LookupNames4 arguments.


- Use simplified smb signing infrastructure; (bnc#741623).</description>
  <summary>samba: security and bugfix update</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places