Red Hat Product Errata RHSA-2014:0009 - Security Advisory

Issued:: 2014-01-06
Updated:: 2014-01-06

RHSA-2014:0009 - Security Advisory

Overview
Updated Packages

Synopsis

Important: samba security update

Type/Severity

Security Advisory: Important

Topic

Updated samba packages that fix two security issues are now available for
Red Hat Storage.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Description

Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.

A heap-based buffer overflow flaw was found in the DCE-RPC client code in
Samba. A specially crafted DCE-RPC packet could cause various Samba
programs to crash or, possibly, execute arbitrary code when parsed.
A malicious or compromised Active Directory Domain Controller could use
this flaw to compromise the winbindd daemon running with root privileges.
(CVE-2013-4408)

A flaw was found in the way Samba performed ACL checks on alternate file
and directory data streams. An attacker able to access a CIFS share with
alternate stream support enabled could access alternate data streams
regardless of the underlying file or directory ACL permissions.
(CVE-2013-4475)

Red Hat would like to thank the Samba project for reporting CVE-2013-4408.
Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the
original reporters of this issue.

All users of Red Hat Storage are advised to upgrade to these updated
packages, which contain backported patches to correct these issues. After
installing this update, the smb service will be restarted automatically.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

Red Hat Gluster Storage Server for On-premise 2.1 x86_64
Red Hat Storage for Public Cloud (via RHUI) 2.1 x86_64

Fixes

BZ - 1018032 - CVE-2013-4408 samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check
BZ - 1024542 - CVE-2013-4475 samba: no access check verification on stream files

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Gluster Storage Server for On-premise 2.1

SRPM
samba-3.6.9-167.5.1.el6rhs.src.rpm	SHA-256: 695e8586c655b1694319ba75e27bf5c44e5cd3163959c067933d882fa1a69258
x86_64
libsmbclient-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 816231c16fea1e9cdaa3f1cda5b0c715ce01309609c33b9ba879d57760a80217
libsmbclient-devel-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 8e288623aa56a9979036dc9b549a52bd0e732afcdaf7ee75fa516f4ea9ee9eaf
samba-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: c54c95a90a9ccbfc60ee9c0175401b2c02afdac3304ca6e271937a25f4f3d81c
samba-client-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: d18cc58a9ca10651ccf426eb45ea181fa18608a2f283a425348fcadd67c700ee
samba-common-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 9aab90571005f9159c08d5edb8a773895dda57b74b3ce4e705387195a07bd677
samba-debuginfo-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 8d1fa5f04a76086f9cbd4bfc5b7002e4a7b12d4e28a74e3bf38d76368a1b31aa
samba-doc-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 58569a2b8b370b000f0d234fe426c2a88fa397733385b5cf47daf49b6890f40f
samba-domainjoin-gui-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 3487458c4347dea1301758b30739d8473650a60383f3735631eec8b637c7baed
samba-glusterfs-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 1484f83f678b95a1df826583138cc0d03bbe6c8b0214888e46adaa036d9136a2
samba-swat-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 3677b87875dd0b11b8bf09f3ea3a1d979988c1e9a83a3d7f9b7384186b33ca94
samba-winbind-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: aa6af3476b32b76f7b08a79d293a8acea839a9aea718cfcf6ae3061cdc118b28
samba-winbind-clients-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: b89f7a49c6606f4b330cd9b022c03be4ba30a0599ca886e6508c9c828b1911f8
samba-winbind-devel-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 624fb5bd5e8135e19cfdc2cb6c8a8937a4fe5f91bdfe638aebbc7337c4eb06ef
samba-winbind-krb5-locator-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 71fca0efd60271c99198172ed80172e8c8367d372dcb61ff695e6043898d01f4

Red Hat Storage for Public Cloud (via RHUI) 2.1

SRPM
samba-3.6.9-167.5.1.el6rhs.src.rpm	SHA-256: 695e8586c655b1694319ba75e27bf5c44e5cd3163959c067933d882fa1a69258
x86_64
libsmbclient-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 816231c16fea1e9cdaa3f1cda5b0c715ce01309609c33b9ba879d57760a80217
libsmbclient-devel-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 8e288623aa56a9979036dc9b549a52bd0e732afcdaf7ee75fa516f4ea9ee9eaf
samba-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: c54c95a90a9ccbfc60ee9c0175401b2c02afdac3304ca6e271937a25f4f3d81c
samba-client-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: d18cc58a9ca10651ccf426eb45ea181fa18608a2f283a425348fcadd67c700ee
samba-common-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 9aab90571005f9159c08d5edb8a773895dda57b74b3ce4e705387195a07bd677
samba-debuginfo-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 8d1fa5f04a76086f9cbd4bfc5b7002e4a7b12d4e28a74e3bf38d76368a1b31aa
samba-doc-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 58569a2b8b370b000f0d234fe426c2a88fa397733385b5cf47daf49b6890f40f
samba-domainjoin-gui-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 3487458c4347dea1301758b30739d8473650a60383f3735631eec8b637c7baed
samba-glusterfs-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 1484f83f678b95a1df826583138cc0d03bbe6c8b0214888e46adaa036d9136a2
samba-swat-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 3677b87875dd0b11b8bf09f3ea3a1d979988c1e9a83a3d7f9b7384186b33ca94
samba-winbind-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: aa6af3476b32b76f7b08a79d293a8acea839a9aea718cfcf6ae3061cdc118b28
samba-winbind-clients-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: b89f7a49c6606f4b330cd9b022c03be4ba30a0599ca886e6508c9c828b1911f8
samba-winbind-devel-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 624fb5bd5e8135e19cfdc2cb6c8a8937a4fe5f91bdfe638aebbc7337c4eb06ef
samba-winbind-krb5-locator-3.6.9-167.5.1.el6rhs.x86_64.rpm	SHA-256: 71fca0efd60271c99198172ed80172e8c8367d372dcb61ff695e6043898d01f4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories