update for samba (critical)

2012-04-16T15:08:16
ID OPENSUSE-SU-2012:0507-1
Type suse
Reporter Suse
Modified 2012-04-16T15:08:16

Description

  • Add the ldapsmb sources as else patches against them have no chance to apply.

  • Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the "root" user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; (bso#8815); (bnc#752797).

  • s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599).

  • Correctly handle DENY ACEs when privileges apply; (bso#8797).

  • s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749).

  • Allow vfs_aio_pthread to build as a static module; (bso#8723).
  • s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527).
  • s3: segfault in dom_sid_compare(bso#8567).
  • Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768).
  • s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771).
  • s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599).
  • Fix problem when calculating the share security mask, take priviliges into account for the connecting user; (bso#8784).

  • Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807); (bnc#751454).

  • Remove obsoleted Authors lines from spec file for post-11.2 systems.

  • Make ldapsmb build with Fedora 15 and 16; (bso#8783).

  • BuildRequire libuuid-devel for post-11.0 and other systems.
  • Define missing python macros for non SUSE systems.
  • PreReq to fillup_prereq and insserv_prereq only on SUSE systems.
  • Always use cifstab instead of smbfstab on non SUSE systems.

  • Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions; CVE-2012-0870; (bnc#747934).

  • Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760); (bnc#741854).

  • s3-printing: fix crash in printer_list_set_printer(); (bso#8762); (bnc#746825).