Skip to navigation

Bug Fix Advisory samba bug fix and enhancement update

Advisory: RHBA-2009:0180-8
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2009-01-20
Last updated on: 2009-01-20
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

Updated samba packages that fix several bugs and add an enhancement are
now available.

Samba is a suite of programs used by machines to share files, printers, and
other utilities. With this release, Samba is now re-based on upstream
version 3.0.33.

These updated packages apply the following bug fixes:

* When a Samba client attempted to join a domain that used a Windows-based
nameserver, the attempt would fail in some cases. This was because some
attempts did not return required netlogon negotiation flags, causing an
incorrect authentication failure. With this release, the required netlogon
negotiation flags are always returned to avoid any incorrect authentication
failures.

* CIFS support in this release has been improved. This release fixes a bug
in the mount.cifs utility that prevented proper autoconverting of prepath
delimiters (which caused attempts to mount shares with path prefixes to fail).

* This release also adds support for kernel upcalls from the CIFS driver.
The new cifs.upcall binary can now be used to mount shares using kerberos
authentication. To use this feature, the Red Hat Enterprise Linux 5.3
kernel is required.

* Users with correct SMB credentials could sometimes encounter a signing
issue when attempting to log onto Windows 2000 servers. When this occurred,
a message stating "Server packet had invalid SMB signature" would appear.
This issue is now fixed.

* Changing your domain password using "net rpc changetrustpw" would break
your domain membership, requiring you to log on again. This occurred
because the NetLogon service did not use the correct function in
negotiating password authentication. To resolve this issue, the NetLogon
service is now configured to use the ServerPasswordSet2 function when the
NETLOGON_NEG_PASSWORD_SET2 has been properly negotiated.

* A Winbind bug incorrectly prevented some domain members from accessing
other domains in a network environment that used transitive trust. This is
now resolved; as such, domain members can now properly use transitive trust
authentication to access other parent and child domains within the same
circle of trust.

The re-base to version 3.0.33 also fixes the following security flaws:


* An incorrect buffer size in Samba's SMB parsing process could allow
specifically crafted SMB responses to cause a buffer overflow in the Samba
client code. This could lead to the execution of arbitrary code in some
cases. With this release, this issue is now fixed. For more information
about this fix, refer to
http://www.samba.org/samba/security/CVE-2008-1105.html.

* A security flaw in the way Samba transferred memory between clients and
servers could potentially leak memory content to unauthorized users. This
was made possible by an unsecure offset in the transfer process, which was
now made secure in this release. For more information about this fix, refer
to http://www.samba.org/samba/security/CVE-2008-4314.html.

Samba users are advised to upgrade to this version, in order to apply these
fixes and enhancements.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
samba-3.0.33-3.7.el5.src.rpm
File outdated by:  RHSA-2014:0305
    MD5: 1bdef5437a1bdf0102f5b81735dc95d7
 
IA-32:
samba-3.0.33-3.7.el5.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: d23ab592b01a3909c99b90cd8e8a73ed
samba-client-3.0.33-3.7.el5.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: fb01210d2905b8ea4969a81896e6349e
samba-common-3.0.33-3.7.el5.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: 3a3f9356e99a82dec42180880097a3fd
samba-swat-3.0.33-3.7.el5.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: 82a0ae1fd666c788a694fd44033f915a
 
IA-64:
samba-3.0.33-3.7.el5.ia64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 9ccb9f2bf2f6377a4596e88b35a92dd0
samba-client-3.0.33-3.7.el5.ia64.rpm
File outdated by:  RHSA-2014:0305
    MD5: df5ea93dc80d4c9d3fdca6fcf6f881ad
samba-common-3.0.33-3.7.el5.ia64.rpm
File outdated by:  RHSA-2014:0305
    MD5: f79f489e1430f70e62de8c945fce4986
samba-swat-3.0.33-3.7.el5.ia64.rpm
File outdated by:  RHSA-2014:0305
    MD5: f97d63b9dbf422cdfcc4607452edbe4e
 
PPC:
samba-3.0.33-3.7.el5.ppc.rpm
File outdated by:  RHSA-2014:0305
    MD5: a52ed9812c74dc9910c94da8d2373268
samba-client-3.0.33-3.7.el5.ppc.rpm
File outdated by:  RHSA-2014:0305
    MD5: 5181f30d7796ad352bae924f3acc027a
samba-common-3.0.33-3.7.el5.ppc.rpm
File outdated by:  RHSA-2014:0305
    MD5: 3ecf5f7ab7ae6e63516da4b65ec17160
samba-common-3.0.33-3.7.el5.ppc64.rpm
File outdated by:  RHSA-2014:0305
    MD5: dd2474538a3f56be487eba8f843c0f9d
samba-swat-3.0.33-3.7.el5.ppc.rpm
File outdated by:  RHSA-2014:0305
    MD5: d0f26e970b5c57eca12c863f3fc19a74
 
s390x:
samba-3.0.33-3.7.el5.s390x.rpm
File outdated by:  RHSA-2014:0305
    MD5: bd3aaa9ba66ffcc8c84b6200bd2855e7
samba-client-3.0.33-3.7.el5.s390x.rpm
File outdated by:  RHSA-2014:0305
    MD5: 9022b4d902b279fa918c169b1ffdeddf
samba-common-3.0.33-3.7.el5.s390.rpm
File outdated by:  RHSA-2014:0305
    MD5: 093a11969d5700b37f7a6b8b712af30c
samba-common-3.0.33-3.7.el5.s390x.rpm
File outdated by:  RHSA-2014:0305
    MD5: ddd4f700091f04514acd867bcb29597b
samba-swat-3.0.33-3.7.el5.s390x.rpm
File outdated by:  RHSA-2014:0305
    MD5: 528041273ffbe3eaa85a14f6ade53f67
 
x86_64:
samba-3.0.33-3.7.el5.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 8959775e31f63987b115da04375e3f29
samba-client-3.0.33-3.7.el5.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 6642637a30fcd7a03fdbb347cdf014a1
samba-common-3.0.33-3.7.el5.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: 3a3f9356e99a82dec42180880097a3fd
samba-common-3.0.33-3.7.el5.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 3f2d262fb520a4b6f08aa1fc30528f11
samba-swat-3.0.33-3.7.el5.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: f0faf56fdd9c0a209089e84f069921bb
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
samba-3.0.33-3.7.el5.src.rpm
File outdated by:  RHSA-2014:0305
    MD5: 1bdef5437a1bdf0102f5b81735dc95d7
 
IA-32:
samba-3.0.33-3.7.el5.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: d23ab592b01a3909c99b90cd8e8a73ed
samba-client-3.0.33-3.7.el5.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: fb01210d2905b8ea4969a81896e6349e
samba-common-3.0.33-3.7.el5.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: 3a3f9356e99a82dec42180880097a3fd
samba-swat-3.0.33-3.7.el5.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: 82a0ae1fd666c788a694fd44033f915a
 
x86_64:
samba-3.0.33-3.7.el5.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 8959775e31f63987b115da04375e3f29
samba-client-3.0.33-3.7.el5.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 6642637a30fcd7a03fdbb347cdf014a1
samba-common-3.0.33-3.7.el5.i386.rpm
File outdated by:  RHSA-2014:0305
    MD5: 3a3f9356e99a82dec42180880097a3fd
samba-common-3.0.33-3.7.el5.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: 3f2d262fb520a4b6f08aa1fc30528f11
samba-swat-3.0.33-3.7.el5.x86_64.rpm
File outdated by:  RHSA-2014:0305
    MD5: f0faf56fdd9c0a209089e84f069921bb
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

370501 - mounting CIFS subshare doesn't autoconvert prepath delimiters
447575 - Join fails with stricter w2k3 security options set
447577 - Signing issue: "Server packet had invalid SMB signature" with some Win2K servers
447598 - RFE: Update to 3.0.32 to bring in latest upstream bugfixes
449000 - Samba server can't authenticate to NT domain after 2008-05-28 update
450533 - samba cannot join windows 2000 domains
459718 - Cannot join Windows 2003 domain
461744 - samba domain membership breaks after machine account password change
471605 - [RHEL5.3] Unable to remove inherited ACLs in Samba 3.0.32



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/