SCIENTIFIC-LINUX-ERRATA Archives

December 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: samba4 on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Tue, 3 Dec 2013 20:07:17 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (65 lines) 
Synopsis:          Moderate: samba4 security and bug fix update
Advisory ID:       SLSA-2013:1543-2
Issue Date:        2013-11-21
CVE Numbers:       CVE-2013-4124
--

An integer overflow flaw was found in the way Samba handled an Extended
Attribute (EA) list provided by a client. A malicious client could send a
specially crafted EA list that triggered an overflow, causing the server
to loop and reprocess the list using an excessive amount of memory.
(CVE-2013-4124)

Note: This issue did not affect the default configuration of the Samba
server.

This update fixes the following bugs:

* When Samba was installed in the build root directory, the RPM target
might not have existed. Consequently, the find-debuginfo.sh script did not
create symbolic links for the libwbclient.so.debug module associated with
the target. With this update, the paths to the symbolic links are relative
so that the symbolic links are now created correctly.

* Previously, the samba4 packages were missing a dependency for the
libreplace.so module which could lead to installation failures. With this
update, the missing dependency has been added to the dependency list of
the samba4 packages and installation now proceeds as expected.
--

SL6
  x86_64
    samba4-4.0.0-58.el6.rc4.x86_64.rpm
    samba4-client-4.0.0-58.el6.rc4.x86_64.rpm
    samba4-common-4.0.0-58.el6.rc4.x86_64.rpm
    samba4-dc-4.0.0-58.el6.rc4.x86_64.rpm
    samba4-dc-libs-4.0.0-58.el6.rc4.x86_64.rpm
    samba4-debuginfo-4.0.0-58.el6.rc4.x86_64.rpm
    samba4-devel-4.0.0-58.el6.rc4.x86_64.rpm
    samba4-libs-4.0.0-58.el6.rc4.x86_64.rpm
    samba4-pidl-4.0.0-58.el6.rc4.x86_64.rpm
    samba4-python-4.0.0-58.el6.rc4.x86_64.rpm
    samba4-swat-4.0.0-58.el6.rc4.x86_64.rpm
    samba4-test-4.0.0-58.el6.rc4.x86_64.rpm
    samba4-winbind-4.0.0-58.el6.rc4.x86_64.rpm
    samba4-winbind-clients-4.0.0-58.el6.rc4.x86_64.rpm
    samba4-winbind-krb5-locator-4.0.0-58.el6.rc4.x86_64.rpm
  i386
    samba4-4.0.0-58.el6.rc4.i686.rpm
    samba4-client-4.0.0-58.el6.rc4.i686.rpm
    samba4-common-4.0.0-58.el6.rc4.i686.rpm
    samba4-dc-4.0.0-58.el6.rc4.i686.rpm
    samba4-dc-libs-4.0.0-58.el6.rc4.i686.rpm
    samba4-debuginfo-4.0.0-58.el6.rc4.i686.rpm
    samba4-devel-4.0.0-58.el6.rc4.i686.rpm
    samba4-libs-4.0.0-58.el6.rc4.i686.rpm
    samba4-pidl-4.0.0-58.el6.rc4.i686.rpm
    samba4-python-4.0.0-58.el6.rc4.i686.rpm
    samba4-swat-4.0.0-58.el6.rc4.i686.rpm
    samba4-test-4.0.0-58.el6.rc4.i686.rpm
    samba4-winbind-4.0.0-58.el6.rc4.i686.rpm
    samba4-winbind-clients-4.0.0-58.el6.rc4.i686.rpm
    samba4-winbind-krb5-locator-4.0.0-58.el6.rc4.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2