Security Advisory Critical: samba security update

Advisory: RHSA-2007:1034-2
Type: Security Advisory
Severity: Critical
Issued on: 2007-11-15
Last updated on: 2007-11-15
Affected Products: Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux ES (v. 4.5.z)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2007-5398

Details

Updated samba packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.5 Extended Update Support.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Samba is a suite of programs used by machines to share files, printers, and
other information.

A buffer overflow flaw was found in the way Samba creates NetBIOS replies.
If a Samba server is configured to run as a WINS server, a remote
unauthenticated user could cause the Samba server to crash, or execute
arbitrary code. (CVE-2007-5398)

Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing this issue.

Users of Samba should upgrade to these updated packages, which contain a
backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux AS (v. 4.5.z)
SRPMS:
samba-3.0.10-2.el4_5.1.src.rpm
File outdated by:  RHSA-2008:0289		     cbb9d1560763f0b774e28dd815ef1a4c
 
IA-32:
samba-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289		     392db2d46fa8bb0ee763b1bfc91616f0
samba-client-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289		     bd9e338dedaf28cad8956387020e032b
samba-common-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289		     805d3fab0d4994b17d2d5caf778d9011
samba-swat-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289		     470985c7c6e7fe54d173a0f55f9b778c
 
IA-64:
samba-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289		     084f259ad003c35a9a35d354a86ebb82
samba-client-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289		     3a3776d12663fb26c7c51cc6070d3849
samba-common-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289		     805d3fab0d4994b17d2d5caf778d9011
samba-common-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289		     0f92b8aaab51704621d8098877fb69f5
samba-swat-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289		     536ff70d101ac80744f2dece8aaf7502
 
PPC:
samba-3.0.10-2.el4_5.1.ppc.rpm
File outdated by:  RHSA-2008:0289		     bd6b23b6bfacb4c65e5b935b5a3cbfa9
samba-client-3.0.10-2.el4_5.1.ppc.rpm
File outdated by:  RHSA-2008:0289		     2d8865cab085a6243b8c7cf0d8b4890b
samba-common-3.0.10-2.el4_5.1.ppc.rpm
File outdated by:  RHSA-2008:0289		     a14b5a3c592d721dc8e9748a88ef5056
samba-common-3.0.10-2.el4_5.1.ppc64.rpm
File outdated by:  RHSA-2008:0289		     2f19d12b1f6b776f6c294409c03519e6
samba-swat-3.0.10-2.el4_5.1.ppc.rpm
File outdated by:  RHSA-2008:0289		     1d9ddecfa4be50f41fb63aa576bfa8b7
 
s390:
samba-3.0.10-2.el4_5.1.s390.rpm
File outdated by:  RHSA-2008:0289		     a1b0ac998048bfb187b655720a3e03f9
samba-client-3.0.10-2.el4_5.1.s390.rpm
File outdated by:  RHSA-2008:0289		     91e00cf1f3fa3ca3dbecb2d4a8bb4e26
samba-common-3.0.10-2.el4_5.1.s390.rpm
File outdated by:  RHSA-2008:0289		     5d323fd8b0c0596bda98059080296387
samba-swat-3.0.10-2.el4_5.1.s390.rpm
File outdated by:  RHSA-2008:0289		     5a9b798d261572a75ac6a7bae6300a82
 
s390x:
samba-3.0.10-2.el4_5.1.s390x.rpm
File outdated by:  RHSA-2008:0289		     1f10cff63fe9d8425297c2d65e2a18d9
samba-client-3.0.10-2.el4_5.1.s390x.rpm
File outdated by:  RHSA-2008:0289		     123a72fdadab559fd16bcf4ca392f543
samba-common-3.0.10-2.el4_5.1.s390.rpm
File outdated by:  RHSA-2008:0289		     5d323fd8b0c0596bda98059080296387
samba-common-3.0.10-2.el4_5.1.s390x.rpm
File outdated by:  RHSA-2008:0289		     9e1fe58e6d925b9b83ade03b225170d1
samba-swat-3.0.10-2.el4_5.1.s390x.rpm
File outdated by:  RHSA-2008:0289		     c444168ae5eca9bf5ab30b413c074965
 
x86_64:
samba-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289		     4e02f7b7abeb1c330e6dcc3ee483d746
samba-client-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289		     086158235de9b5258a6878d9322afc8f
samba-common-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289		     805d3fab0d4994b17d2d5caf778d9011
samba-common-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289		     292a06a7a1e70e64acf664a7270758ad
samba-swat-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289		     c4271ff36377f8d79a9b17bf7c7633f2
 
Red Hat Enterprise Linux ES (v. 4.5.z)
SRPMS:
samba-3.0.10-2.el4_5.1.src.rpm
File outdated by:  RHSA-2008:0289		     cbb9d1560763f0b774e28dd815ef1a4c
 
IA-32:
samba-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289		     392db2d46fa8bb0ee763b1bfc91616f0
samba-client-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289		     bd9e338dedaf28cad8956387020e032b
samba-common-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289		     805d3fab0d4994b17d2d5caf778d9011
samba-swat-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289		     470985c7c6e7fe54d173a0f55f9b778c
 
IA-64:
samba-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289		     084f259ad003c35a9a35d354a86ebb82
samba-client-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289		     3a3776d12663fb26c7c51cc6070d3849
samba-common-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289		     805d3fab0d4994b17d2d5caf778d9011
samba-common-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289		     0f92b8aaab51704621d8098877fb69f5
samba-swat-3.0.10-2.el4_5.1.ia64.rpm
File outdated by:  RHSA-2008:0289		     536ff70d101ac80744f2dece8aaf7502
 
x86_64:
samba-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289		     4e02f7b7abeb1c330e6dcc3ee483d746
samba-client-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289		     086158235de9b5258a6878d9322afc8f
samba-common-3.0.10-2.el4_5.1.i386.rpm
File outdated by:  RHSA-2008:0289		     805d3fab0d4994b17d2d5caf778d9011
samba-common-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289		     292a06a7a1e70e64acf664a7270758ad
samba-swat-3.0.10-2.el4_5.1.x86_64.rpm
File outdated by:  RHSA-2008:0289		     c4271ff36377f8d79a9b17bf7c7633f2
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

358831 - CVE-2007-5398 Samba "reply_netbios_packet()" Buffer Overflow Vulnerability


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/