Red Hat Product Errata RHSA-2007:1034 - Security Advisory

Issued:: 2007-11-15
Updated:: 2007-11-15

RHSA-2007:1034 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: samba security update

Type/Severity

Security Advisory: Critical

Topic

Updated samba packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.5 Extended Update Support.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

Samba is a suite of programs used by machines to share files, printers, and
other information.

A buffer overflow flaw was found in the way Samba creates NetBIOS replies.
If a Samba server is configured to run as a WINS server, a remote
unauthenticated user could cause the Samba server to crash, or execute
arbitrary code. (CVE-2007-5398)

Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing this issue.

Users of Samba should upgrade to these updated packages, which contain a
backported patch to correct this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server - Extended Update Support 4.5 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.5 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.5 i386
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc

Fixes

BZ - 358831 - CVE-2007-5398 Samba "reply_netbios_packet()" Buffer Overflow Vulnerability

CVEs

CVE-2007-5398

References

http://www.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
ppc
samba-3.0.10-2.el4_5.1.ppc.rpm	SHA-256: ae8b6e37128939ef554147d6f456c58551e0bfb5bb868735f102c2c5938e96c8
samba-client-3.0.10-2.el4_5.1.ppc.rpm	SHA-256: 8186a67d61cf86840eace9155700847aa2e135a3e33b504324f69cf1efa20e1f
samba-common-3.0.10-2.el4_5.1.ppc.rpm	SHA-256: 0fc152abb16e01e937232ac6418adf4d210c7e3f45a21d1aa39fc063537d20d5
samba-common-3.0.10-2.el4_5.1.ppc64.rpm	SHA-256: 25d7bcb003c735c5c7669675e870888d3b2a814ccb566e6a60d44c6013c18da6
samba-swat-3.0.10-2.el4_5.1.ppc.rpm	SHA-256: 434d13aab7a2bdf96e372c63e25fbf55a23d4776b91390fe8991a93eaee1e3ef

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Support

Services

Knowledge

Ecosystem

Red Hat Customer Portal Labs

Additional Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Discussions

Blogs

Customer Events

Stories