samba bug fix and enhancement update

Updated samba packages that fix several bugs and add an enhancement are
now available.

Samba is a suite of programs used by machines to share files, printers, and
other utilities. With this release, Samba is now re-based on upstream
version 3.0.33.

These updated packages apply the following bug fixes:

* When a Samba client attempted to join a domain that used a Windows-based
nameserver, the attempt would fail in some cases. This was because some
attempts did not return required netlogon negotiation flags, causing an
incorrect authentication failure. With this release, the required netlogon
negotiation flags are always returned to avoid any incorrect authentication
failures.

* CIFS support in this release has been improved. This release fixes a bug
in the mount.cifs utility that prevented proper autoconverting of prepath
delimiters (which caused attempts to mount shares with path prefixes to fail).

* This release also adds support for kernel upcalls from the CIFS driver.
The new cifs.upcall binary can now be used to mount shares using kerberos
authentication. To use this feature, the Red Hat Enterprise Linux 5.3
kernel is required.

* Users with correct SMB credentials could sometimes encounter a signing
issue when attempting to log onto Windows 2000 servers. When this occurred,
a message stating "Server packet had invalid SMB signature" would appear.
This issue is now fixed.

* Changing your domain password using "net rpc changetrustpw" would break
your domain membership, requiring you to log on again. This occurred
because the NetLogon service did not use the correct function in
negotiating password authentication. To resolve this issue, the NetLogon
service is now configured to use the ServerPasswordSet2 function when the
NETLOGON_NEG_PASSWORD_SET2 has been properly negotiated.

* A Winbind bug incorrectly prevented some domain members from accessing
other domains in a network environment that used transitive trust. This is
now resolved; as such, domain members can now properly use transitive trust
authentication to access other parent and child domains within the same
circle of trust.

The re-base to version 3.0.33 also fixes the following security flaws:


* An incorrect buffer size in Samba's SMB parsing process could allow
specifically crafted SMB responses to cause a buffer overflow in the Samba
client code. This could lead to the execution of arbitrary code in some
cases. With this release, this issue is now fixed. For more information
about this fix, refer to
http://www.samba.org/samba/security/CVE-2008-1105.html.

* A security flaw in the way Samba transferred memory between clients and
servers could potentially leak memory content to unauthorized users. This
was made possible by an unsecure offset in the transfer process, which was
now made secure in this release. For more information about this fix, refer
to http://www.samba.org/samba/security/CVE-2008-4314.html.

Samba users are advised to upgrade to this version, in order to apply these
fixes and enhancements.

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

370501 - mounting CIFS subshare doesn't autoconvert prepath delimiters
447575 - Join fails with stricter w2k3 security options set
447577 - Signing issue: "Server packet had invalid SMB signature" with some Win2K servers
447598 - RFE: Update to 3.0.32 to bring in latest upstream bugfixes
449000 - Samba server can't authenticate to NT domain after 2008-05-28 update
450533 - samba cannot join windows 2000 domains
459718 - Cannot join Windows 2003 domain
461744 - samba domain membership breaks after machine account password change
471605 - [RHEL5.3] Unable to remove inherited ACLs in Samba 3.0.32