Bug Fix Advisory samba bug fix update

Advisory: RHBA-2009:0251-3
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2009-02-16
Last updated on: 2009-02-16
Affected Products: Red Hat Enterprise Linux EUS (v. 5.2.z server)
OVAL: N/A

Details

Updated samba packages that fix three bugs are now available.

Samba is a suite of programs used by machines to share files, printers, and
other information.

* when NT_STATUS is set to NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT,
NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT, or
NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT, attempts to open an
authenticated connection in a Windows 2000 Active Directory environment
will fail automatically. Previously, Samba did not allow for this, and
would attempt to open authenticated sessions in such environments. Now,
when faced with any of these NT_STATUS conditions in an Active Directory
environment, Samba will open an anonymous connection instead.

* when establishing connections with NETLOGON, Samba uses the Active
Directory netlogon negotiate flags even outside of Active Directory
environments. This avoids machines running Windows Server 2008 from
incorrectly identifying the connection attempt as a downgrade attack.
However, these same flags prevent a successful connection with machines
running Windows NT. Therefore, if attempts to make a connection fail while
the Active Directory netlogon negotiate flags are set, Samba will try again
without the flags in place so that successful connections with machines
running Windows NT are possible.

* net is a tool for the administration of Samba and remote CIFS servers. A
previous addition to net contained a built-in assumption that when a user
ran a net subcommand (for example, net join) a the command line, the user
would always provide not only their username, but the corresponding
password too. Therefore, the subcommand would fail when this password was
not provided. In this updated version of Samba, the user is prompted for a
password if one is required.

Users of samba are advised to upgrade to these updated packages, which
resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux EUS (v. 5.2.z server)
SRPMS:
samba-3.0.28-1.el5_2.3.src.rpm     799215a23b44c296b41aaa3611c9d4b4
 
IA-32:
samba-3.0.28-1.el5_2.3.i386.rpm     5f4b654663b08f7b78c980d412146b0d
samba-client-3.0.28-1.el5_2.3.i386.rpm     edd3d5f5466d19492b494b47bdbefb78
samba-common-3.0.28-1.el5_2.3.i386.rpm     47c3e45a3d4279d1b4108b1c9967049c
samba-swat-3.0.28-1.el5_2.3.i386.rpm     538204fd3820b265ab19ffa7d7d3993c
 
IA-64:
samba-3.0.28-1.el5_2.3.ia64.rpm     e8ba8a96876e3fae8983ee4b03e421b4
samba-client-3.0.28-1.el5_2.3.ia64.rpm     edb14c9518858fb2a6ffd7edfcd7ad16
samba-common-3.0.28-1.el5_2.3.ia64.rpm     1c06721da939c93cb6425e8c8d6958d2
samba-swat-3.0.28-1.el5_2.3.ia64.rpm     9c3da776fe51c2e48548fb1dc5f58d31
 
PPC:
samba-3.0.28-1.el5_2.3.ppc.rpm     d51881cfe8afb9bd596978e2af73b99f
samba-client-3.0.28-1.el5_2.3.ppc.rpm     4d6ef75c254e41d10a99a95b517b5e61
samba-common-3.0.28-1.el5_2.3.ppc.rpm     c9ce468ffd1796901ef6e13d9115f10d
samba-common-3.0.28-1.el5_2.3.ppc64.rpm     e350678bb6a329b6efa109e0e73ddacc
samba-swat-3.0.28-1.el5_2.3.ppc.rpm     e9a39ecd551543801d4845fa2992a308
 
s390x:
samba-3.0.28-1.el5_2.3.s390x.rpm     5259dad1c7b5228692cea27e05bbb496
samba-client-3.0.28-1.el5_2.3.s390x.rpm     5a995dc28b5fce0aedaa0cc2c1539a7e
samba-common-3.0.28-1.el5_2.3.s390.rpm     4728784763eaf5ec259db5b8eb0ce4e9
samba-common-3.0.28-1.el5_2.3.s390x.rpm     7a853ccac8fded3447a414ed7d7ec035
samba-swat-3.0.28-1.el5_2.3.s390x.rpm     3e94b464d62bdf3421beb81cd07f0a8e
 
x86_64:
samba-3.0.28-1.el5_2.3.x86_64.rpm     7e518f21762d194d0c57ed35ce11b639
samba-client-3.0.28-1.el5_2.3.x86_64.rpm     91f99f646a83362a7538fd0e5d699456
samba-common-3.0.28-1.el5_2.3.i386.rpm     47c3e45a3d4279d1b4108b1c9967049c
samba-common-3.0.28-1.el5_2.3.x86_64.rpm     68c060f3386eeba0962845ecdef5d533
samba-swat-3.0.28-1.el5_2.3.x86_64.rpm     a77450b08a988ef71bb8a7d6284f3740
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

455417 - samba cannot join windows 2000 domains
455418 - Samba server can't authenticate to NT domain after 2008-05-28 update
480926 - Cannot join Windows 2003 domain


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/