- Issued:
- 2009-01-20
- Updated:
- 2009-01-20
RHBA-2009:0180 - Bug Fix Advisory
Synopsis
samba bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated samba packages that fix several bugs and add an enhancement are
now available.
Description
Samba is a suite of programs used by machines to share files, printers, and
other utilities. With this release, Samba is now re-based on upstream
version 3.0.33.
These updated packages apply the following bug fixes:
- When a Samba client attempted to join a domain that used a Windows-based
nameserver, the attempt would fail in some cases. This was because some
attempts did not return required netlogon negotiation flags, causing an
incorrect authentication failure. With this release, the required netlogon
negotiation flags are always returned to avoid any incorrect authentication
failures.
- CIFS support in this release has been improved. This release fixes a bug
in the mount.cifs utility that prevented proper autoconverting of prepath
delimiters (which caused attempts to mount shares with path prefixes to fail).
- This release also adds support for kernel upcalls from the CIFS driver.
The new cifs.upcall binary can now be used to mount shares using kerberos
authentication. To use this feature, the Red Hat Enterprise Linux 5.3
kernel is required.
- Users with correct SMB credentials could sometimes encounter a signing
issue when attempting to log onto Windows 2000 servers. When this occurred,
a message stating "Server packet had invalid SMB signature" would appear.
This issue is now fixed.
- Changing your domain password using "net rpc changetrustpw" would break
your domain membership, requiring you to log on again. This occurred
because the NetLogon service did not use the correct function in
negotiating password authentication. To resolve this issue, the NetLogon
service is now configured to use the ServerPasswordSet2 function when the
NETLOGON_NEG_PASSWORD_SET2 has been properly negotiated.
- A Winbind bug incorrectly prevented some domain members from accessing
other domains in a network environment that used transitive trust. This is
now resolved; as such, domain members can now properly use transitive trust
authentication to access other parent and child domains within the same
circle of trust.
The re-base to version 3.0.33 also fixes the following security flaws:
- An incorrect buffer size in Samba's SMB parsing process could allow
specifically crafted SMB responses to cause a buffer overflow in the Samba
client code. This could lead to the execution of arbitrary code in some
cases. With this release, this issue is now fixed. For more information
about this fix, refer to
http://www.samba.org/samba/security/CVE-2008-1105.html.
- A security flaw in the way Samba transferred memory between clients and
servers could potentially leak memory content to unauthorized users. This
was made possible by an unsecure offset in the transfer process, which was
now made secure in this release. For more information about this fix, refer
to http://www.samba.org/samba/security/CVE-2008-4314.html.
Samba users are advised to upgrade to this version, in order to apply these
fixes and enhancements.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 370501 - mounting CIFS subshare doesn't autoconvert prepath delimiters
- BZ - 447575 - Join fails with stricter w2k3 security options set
- BZ - 447577 - Signing issue: "Server packet had invalid SMB signature" with some Win2K servers
- BZ - 447598 - RFE: Update to 3.0.32 to bring in latest upstream bugfixes
- BZ - 449000 - Samba server can't authenticate to NT domain after 2008-05-28 update
- BZ - 450533 - samba cannot join windows 2000 domains
- BZ - 459718 - Cannot join Windows 2003 domain
- BZ - 461744 - samba domain membership breaks after machine account password change
- BZ - 471605 - [RHEL5.3] Unable to remove inherited ACLs in Samba 3.0.32
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
| SRPM | |
|---|---|
| samba-3.0.33-3.7.el5.src.rpm | SHA-256: 4d4885db8de84e4534e8ed358d04a651bb669c3f162459a0eb9ad9ee2f8b0b0f |
| x86_64 | |
| samba-3.0.33-3.7.el5.x86_64.rpm | SHA-256: 04685e2fce178d24ee4846543c048a22b3bc6775ed9a75ee541c9ac0b86d4825 |
| samba-client-3.0.33-3.7.el5.x86_64.rpm | SHA-256: a7fc4eec602aacf9dad79279ce613fd2027842c35ce61038762670c18145a0f4 |
| samba-common-3.0.33-3.7.el5.i386.rpm | SHA-256: e5f47c70a40e6683c1aab47adcfd44f18a999333cd404fe999e058c8b243b1b7 |
| samba-common-3.0.33-3.7.el5.x86_64.rpm | SHA-256: 953b957e00b2238525369d3c4e158d76b5891c708eb807039149117ad2c59160 |
| samba-swat-3.0.33-3.7.el5.x86_64.rpm | SHA-256: 8e340a7824e4c6cb27349ab48bcc300db527ca58b9b54078eca66201cac41e29 |
| ia64 | |
| samba-3.0.33-3.7.el5.ia64.rpm | SHA-256: b9aae25d65e7554440ca78d890fb745446c2e196a993abeca926f92c55407259 |
| samba-client-3.0.33-3.7.el5.ia64.rpm | SHA-256: ff36627e4d0f594376499581bb70439df5c7e22187e9c8aa552d19a40d31d1f1 |
| samba-common-3.0.33-3.7.el5.ia64.rpm | SHA-256: 41af180258e483e476d3bc08aef29a301b59d01041f65e9aac2b99e82ea885a8 |
| samba-swat-3.0.33-3.7.el5.ia64.rpm | SHA-256: e13288a908edf60ace1a60b3e90f4f125d66fd60b583d775b9ddc3504057435b |
| i386 | |
| samba-3.0.33-3.7.el5.i386.rpm | SHA-256: d3fc68d0e43db2ffa3f64cce02b58c268e52402c8b541b46e95e500e6db521d5 |
| samba-client-3.0.33-3.7.el5.i386.rpm | SHA-256: 36d653ad930de05e42b15bb74e83ed587166146ee85215b23f0176732a7e4b1c |
| samba-common-3.0.33-3.7.el5.i386.rpm | SHA-256: e5f47c70a40e6683c1aab47adcfd44f18a999333cd404fe999e058c8b243b1b7 |
| samba-swat-3.0.33-3.7.el5.i386.rpm | SHA-256: ae45e6b4104cc7c42c86ccb3cf2c1b6c5d82bfb3852076b4ab9de88bf71184b5 |
Red Hat Enterprise Linux Workstation 5
| SRPM | |
|---|---|
| samba-3.0.33-3.7.el5.src.rpm | SHA-256: 4d4885db8de84e4534e8ed358d04a651bb669c3f162459a0eb9ad9ee2f8b0b0f |
| x86_64 | |
| samba-3.0.33-3.7.el5.x86_64.rpm | SHA-256: 04685e2fce178d24ee4846543c048a22b3bc6775ed9a75ee541c9ac0b86d4825 |
| samba-client-3.0.33-3.7.el5.x86_64.rpm | SHA-256: a7fc4eec602aacf9dad79279ce613fd2027842c35ce61038762670c18145a0f4 |
| samba-common-3.0.33-3.7.el5.i386.rpm | SHA-256: e5f47c70a40e6683c1aab47adcfd44f18a999333cd404fe999e058c8b243b1b7 |
| samba-common-3.0.33-3.7.el5.x86_64.rpm | SHA-256: 953b957e00b2238525369d3c4e158d76b5891c708eb807039149117ad2c59160 |
| samba-swat-3.0.33-3.7.el5.x86_64.rpm | SHA-256: 8e340a7824e4c6cb27349ab48bcc300db527ca58b9b54078eca66201cac41e29 |
| i386 | |
| samba-3.0.33-3.7.el5.i386.rpm | SHA-256: d3fc68d0e43db2ffa3f64cce02b58c268e52402c8b541b46e95e500e6db521d5 |
| samba-client-3.0.33-3.7.el5.i386.rpm | SHA-256: 36d653ad930de05e42b15bb74e83ed587166146ee85215b23f0176732a7e4b1c |
| samba-common-3.0.33-3.7.el5.i386.rpm | SHA-256: e5f47c70a40e6683c1aab47adcfd44f18a999333cd404fe999e058c8b243b1b7 |
| samba-swat-3.0.33-3.7.el5.i386.rpm | SHA-256: ae45e6b4104cc7c42c86ccb3cf2c1b6c5d82bfb3852076b4ab9de88bf71184b5 |
Red Hat Enterprise Linux Desktop 5
| SRPM | |
|---|---|
| samba-3.0.33-3.7.el5.src.rpm | SHA-256: 4d4885db8de84e4534e8ed358d04a651bb669c3f162459a0eb9ad9ee2f8b0b0f |
| x86_64 | |
| samba-3.0.33-3.7.el5.x86_64.rpm | SHA-256: 04685e2fce178d24ee4846543c048a22b3bc6775ed9a75ee541c9ac0b86d4825 |
| samba-client-3.0.33-3.7.el5.x86_64.rpm | SHA-256: a7fc4eec602aacf9dad79279ce613fd2027842c35ce61038762670c18145a0f4 |
| samba-common-3.0.33-3.7.el5.i386.rpm | SHA-256: e5f47c70a40e6683c1aab47adcfd44f18a999333cd404fe999e058c8b243b1b7 |
| samba-common-3.0.33-3.7.el5.x86_64.rpm | SHA-256: 953b957e00b2238525369d3c4e158d76b5891c708eb807039149117ad2c59160 |
| samba-swat-3.0.33-3.7.el5.x86_64.rpm | SHA-256: 8e340a7824e4c6cb27349ab48bcc300db527ca58b9b54078eca66201cac41e29 |
| i386 | |
| samba-3.0.33-3.7.el5.i386.rpm | SHA-256: d3fc68d0e43db2ffa3f64cce02b58c268e52402c8b541b46e95e500e6db521d5 |
| samba-client-3.0.33-3.7.el5.i386.rpm | SHA-256: 36d653ad930de05e42b15bb74e83ed587166146ee85215b23f0176732a7e4b1c |
| samba-common-3.0.33-3.7.el5.i386.rpm | SHA-256: e5f47c70a40e6683c1aab47adcfd44f18a999333cd404fe999e058c8b243b1b7 |
| samba-swat-3.0.33-3.7.el5.i386.rpm | SHA-256: ae45e6b4104cc7c42c86ccb3cf2c1b6c5d82bfb3852076b4ab9de88bf71184b5 |
Red Hat Enterprise Linux for IBM z Systems 5
| SRPM | |
|---|---|
| samba-3.0.33-3.7.el5.src.rpm | SHA-256: 4d4885db8de84e4534e8ed358d04a651bb669c3f162459a0eb9ad9ee2f8b0b0f |
| s390x | |
| samba-3.0.33-3.7.el5.s390x.rpm | SHA-256: b3b66148c9b4f07852ac98f34047961226a94e16a6317a5f1d1a286a08fe6e1a |
| samba-client-3.0.33-3.7.el5.s390x.rpm | SHA-256: 0fc29a061c677a13737db968163274cabd59075d888122d7fe9d9d4c6de4b52e |
| samba-common-3.0.33-3.7.el5.s390.rpm | SHA-256: 2e66adafb5a3f5a62358aa25dba53f2355830be98ee8448d62c537c9c64a9135 |
| samba-common-3.0.33-3.7.el5.s390x.rpm | SHA-256: 62fcedbf466837daab838b3fcb9f1ca1025f14edb9403550626bb7a1f915aae7 |
| samba-swat-3.0.33-3.7.el5.s390x.rpm | SHA-256: bd3db42d981db65d7cb81b50405531e611e9617137aa89aac99b186c6b558b20 |
Red Hat Enterprise Linux for Power, big endian 5
| SRPM | |
|---|---|
| samba-3.0.33-3.7.el5.src.rpm | SHA-256: 4d4885db8de84e4534e8ed358d04a651bb669c3f162459a0eb9ad9ee2f8b0b0f |
| ppc | |
| samba-3.0.33-3.7.el5.ppc.rpm | SHA-256: 30ffa6f899b3492c0b4e7bd5f3ad682ce207f96cbda3955fc2bcecde043fffbc |
| samba-client-3.0.33-3.7.el5.ppc.rpm | SHA-256: f6b2a630a338ef2be42a389905d139ffae53b6c8c4b5d1f1d7464181db1f08cd |
| samba-common-3.0.33-3.7.el5.ppc.rpm | SHA-256: fc1cb5b66266107b232aba4e4e60f6325eb4c4a60cd6aa99bacb754ef25d1707 |
| samba-common-3.0.33-3.7.el5.ppc64.rpm | SHA-256: 9d11bc53b73c9f4189568bdbcc7f9fe801858301626deb41cdc699b8a0b7ca09 |
| samba-swat-3.0.33-3.7.el5.ppc.rpm | SHA-256: bf5c02fdbaccab8245e25066cac65fa3f8da52006bbc8942d37b51e6d6cc6b71 |
Red Hat Enterprise Linux Server from RHUI 5
| SRPM | |
|---|---|
| samba-3.0.33-3.7.el5.src.rpm | SHA-256: 4d4885db8de84e4534e8ed358d04a651bb669c3f162459a0eb9ad9ee2f8b0b0f |
| x86_64 | |
| samba-3.0.33-3.7.el5.x86_64.rpm | SHA-256: 04685e2fce178d24ee4846543c048a22b3bc6775ed9a75ee541c9ac0b86d4825 |
| samba-client-3.0.33-3.7.el5.x86_64.rpm | SHA-256: a7fc4eec602aacf9dad79279ce613fd2027842c35ce61038762670c18145a0f4 |
| samba-common-3.0.33-3.7.el5.i386.rpm | SHA-256: e5f47c70a40e6683c1aab47adcfd44f18a999333cd404fe999e058c8b243b1b7 |
| samba-common-3.0.33-3.7.el5.x86_64.rpm | SHA-256: 953b957e00b2238525369d3c4e158d76b5891c708eb807039149117ad2c59160 |
| samba-swat-3.0.33-3.7.el5.x86_64.rpm | SHA-256: 8e340a7824e4c6cb27349ab48bcc300db527ca58b9b54078eca66201cac41e29 |
| i386 | |
| samba-3.0.33-3.7.el5.i386.rpm | SHA-256: d3fc68d0e43db2ffa3f64cce02b58c268e52402c8b541b46e95e500e6db521d5 |
| samba-client-3.0.33-3.7.el5.i386.rpm | SHA-256: 36d653ad930de05e42b15bb74e83ed587166146ee85215b23f0176732a7e4b1c |
| samba-common-3.0.33-3.7.el5.i386.rpm | SHA-256: e5f47c70a40e6683c1aab47adcfd44f18a999333cd404fe999e058c8b243b1b7 |
| samba-swat-3.0.33-3.7.el5.i386.rpm | SHA-256: ae45e6b4104cc7c42c86ccb3cf2c1b6c5d82bfb3852076b4ab9de88bf71184b5 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.