(RHSA-2013:1543) Moderate: samba4 security and bug fix update

Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.

An integer overflow flaw was found in the way Samba handled an Extended
Attribute (EA) list provided by a client. A malicious client could send a
specially crafted EA list that triggered an overflow, causing the server to
loop and reprocess the list using an excessive amount of memory.
(CVE-2013-4124)

Note: This issue did not affect the default configuration of the
Samba server.

This update fixes the following bugs:

• When Samba was installed in the build root directory, the RPM target
  might not have existed. Consequently, the find-debuginfo.sh script did not
  create symbolic links for the libwbclient.so.debug module associated with
  the target. With this update, the paths to the symbolic links are relative
  so that the symbolic links are now created correctly. (BZ#882338)

• Previously, the samba4 packages were missing a dependency for the
  libreplace.so module which could lead to installation failures. With this
  update, the missing dependency has been added to the dependency list of the
  samba4 packages and installation now proceeds as expected. (BZ#911264)

All samba4 users are advised to upgrade to these updated packages, which
contain a backported patch to correct these issues.