samba4 security update

CentOS Errata and Security Advisory CESA-2013:1543

Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.

An integer overflow flaw was found in the way Samba handled an Extended
Attribute (EA) list provided by a client. A malicious client could send a
specially crafted EA list that triggered an overflow, causing the server to
loop and reprocess the list using an excessive amount of memory.
(CVE-2013-4124)

Note: This issue did not affect the default configuration of the
Samba server.

This update fixes the following bugs:

• When Samba was installed in the build root directory, the RPM target
  might not have existed. Consequently, the find-debuginfo.sh script did not
  create symbolic links for the libwbclient.so.debug module associated with
  the target. With this update, the paths to the symbolic links are relative
  so that the symbolic links are now created correctly. (BZ#882338)

• Previously, the samba4 packages were missing a dependency for the
  libreplace.so module which could lead to installation failures. With this
  update, the missing dependency has been added to the dependency list of the
  samba4 packages and installation now proceeds as expected. (BZ#911264)

All samba4 users are advised to upgrade to these updated packages, which
contain a backported patch to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027347.html

Affected packages:
samba4
samba4-client
samba4-common
samba4-dc
samba4-dc-libs
samba4-devel
samba4-libs
samba4-pidl
samba4-python
samba4-swat
samba4-test
samba4-winbind
samba4-winbind-clients
samba4-winbind-krb5-locator

Upstream details at:
https://access.redhat.com/errata/RHSA-2013:1543