Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] SUSE-SU-2013:0519-1: important: Security update for Samba

Recommended Posts

SUSE Security Update: Security update for Samba

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2013:0519-1

Rating: important

References: #499233 #741623 #755663 #759731 #764577 #783384

#799641 #800982

Cross-References: CVE-2013-0213 CVE-2013-0214

Affected Products:

SUSE Linux Enterprise Server 10 GPLv3 Extras

______________________________________________________________________________

 

An update that solves two vulnerabilities and has 6 fixes

is now available.

 

Description:

 

 

The Samba Web Administration Tool (SWAT) in Samba versions

3.0.x to 4.0.1 was affected by a cross-site request

forgery; CVE-2013-0214; (bnc#799641).

 

The Samba Web Administration Tool (SWAT) in Samba versions

3.0.x to 4.0.1 could possibly be used in clickjacking

attacks; CVE-2013-0213; (bnc#800982).

 

Also the following bugs have been fixed:

 

* Don't clutter the spec file diff view; (bnc#783384).

* s3: Fix uninitialized memory read in talloc_free();

(bnc#764577).

* Attempt to use samlogon validation level 6;

(bso#7945); (bnc#741623).

* Add PreReq /etc/init.d/nscd to the winbind package;

(bnc#759731).

* Recover from ncacn_ip_tcp ACCESS_DENIED/SEC_PKG_ERROR

lsa errors; (bso#7944); (bnc#755663).

* Fix lsa_LookupSids3 and lsa_LookupNames4 arguments.

 

Security Issue references:

 

* CVE-2013-0213

 

* CVE-2013-0214

 

 

 

 

Package List:

 

- SUSE Linux Enterprise Server 10 GPLv3 Extras (i586 ia64 ppc s390x x86_64):

 

libnetapi-devel-3.4.3-0.47.3

libnetapi0-3.4.3-0.47.3

libtalloc-devel-3.4.3-0.47.3

libtalloc1-3.4.3-0.47.3

libtdb-devel-3.4.3-0.47.3

libtdb1-3.4.3-0.47.3

libwbclient-devel-3.4.3-0.47.3

libwbclient0-3.4.3-0.47.3

samba-gplv3-3.4.3-0.47.3

samba-gplv3-client-3.4.3-0.47.3

samba-gplv3-krb-printing-3.4.3-0.47.3

samba-gplv3-winbind-3.4.3-0.47.3

 

- SUSE Linux Enterprise Server 10 GPLv3 Extras (noarch):

 

samba-gplv3-doc-3.4.3-0.47.3

 

 

References:

 

http://support.novell.com/security/cve/CVE-2013-0213.html

http://support.novell.com/security/cve/CVE-2013-0214.html

https://bugzilla.novell.com/499233

https://bugzilla.novell.com/741623

https://bugzilla.novell.com/755663

https://bugzilla.novell.com/759731

https://bugzilla.novell.com/764577

https://bugzilla.novell.com/783384

https://bugzilla.novell.com/799641

https://bugzilla.novell.com/800982

http://download.novell.com/patch/finder/?keywords=2420a6d522645b2b55c7b8e17af958f1

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×