Synopsis: Critical: samba security and bug fix update Issue date: 2008-05-28 CVE Names: CVE-2008-1105 A heap-based buffer overflow flaw was found in the way Samba clients handle over-sized packets. If a client connected to a malicious Samba server, it was possible to execute arbitrary code as the Samba client user. It was also possible for a remote user to send a specially crafted print request to a Samba server that could result in the server executing the vulnerable client code, resulting in arbitrary code execution with the permissions of the Samba server. (CVE-2008-1105) This update also addresses two issues which prevented Samba from joining certain Windows domains with tightened security policies, and prevented certain signed SMB content from working as expected: * when some Windows® 2000-based domain controllers were set to use mandatory signing, Samba clients would drop the connection because of an error when generating signatures. This presented as a "Server packet had invalid SMB signature" error to the Samba client. This update corrects the signature generation error. * Samba servers using the "net ads join" command to connect to a Windows Server® 2003-based domain would fail with "failed to get schannel session key from server" and "NT_STATUS_ACCESS_DENIED" errors. This update correctly binds to the NETLOGON share, allowing Samba servers to connect to the domain properly. SL 5.x SRPMS: samba-3.0.28-1.el5_2.1.src.rpm i386: samba-3.0.28-1.el5_2.1.i386.rpm samba-client-3.0.28-1.el5_2.1.i386.rpm samba-common-3.0.28-1.el5_2.1.i386.rpm samba-swat-3.0.28-1.el5_2.1.i386.rpm x86_64: samba-3.0.28-1.el5_2.1.x86_64.rpm samba-client-3.0.28-1.el5_2.1.x86_64.rpm samba-common-3.0.28-1.el5_2.1.i386.rpm samba-common-3.0.28-1.el5_2.1.x86_64.rpm samba-swat-3.0.28-1.el5_2.1.x86_64.rpm -Connie Sieh -Troy Dawson