[RHSA-2007:1117-01] Critical: samba security update

bugzilla at redhat.com bugzilla at redhat.com
Mon Dec 10 18:30:17 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: samba security update
Advisory ID:       RHSA-2007:1117-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-1117.html
Issue date:        2007-12-10
Updated on:        2007-12-10
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-6015 
- ---------------------------------------------------------------------

1. Summary:

Updated samba packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.5 Extended Update Support.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4.5.z - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 4.5.z - i386, ia64, x86_64

3. Problem description:

Samba is a suite of programs used by machines to share files, printers, and
other information.

A stack buffer overflow flaw was found in the way Samba authenticates
remote users. A remote unauthenticated user could trigger this flaw to
cause the Samba server to crash, or execute arbitrary code with the
permissions of the Samba server. (CVE-2007-6015)

Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing this issue.

Users of Samba are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

396401 - CVE-2007-6015 samba: send_mailslot() buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4.5.z:

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4AS-4.5.z/en/os/SRPMS/samba-3.0.10-2.el4_5.2.src.rpm
bd444386c67ac7144c57d1bf8e0df4db  samba-3.0.10-2.el4_5.2.src.rpm

i386:
68bd0ed7ea0a3eda6ba31054bd05df15  samba-3.0.10-2.el4_5.2.i386.rpm
ab4f817962e1423511fd73bcf9d0291d  samba-client-3.0.10-2.el4_5.2.i386.rpm
176b8d500ac0e0b32ec91815d5d48387  samba-common-3.0.10-2.el4_5.2.i386.rpm
ce7814f3a1ba6acf678021834fb7cc3d  samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm
21ade3a16594b54b5e22f1571fc7bd1e  samba-swat-3.0.10-2.el4_5.2.i386.rpm

ia64:
95cf0f3a3b84329cbbdd627e4016139c  samba-3.0.10-2.el4_5.2.ia64.rpm
498bdd8d0f4b8ef55062bb8ccb5bce67  samba-client-3.0.10-2.el4_5.2.ia64.rpm
176b8d500ac0e0b32ec91815d5d48387  samba-common-3.0.10-2.el4_5.2.i386.rpm
9e86c189a5a05e8d6d4ffd0d5d680039  samba-common-3.0.10-2.el4_5.2.ia64.rpm
ce7814f3a1ba6acf678021834fb7cc3d  samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm
b95f0ae908d1a0f7e68dac8b26e253a6  samba-debuginfo-3.0.10-2.el4_5.2.ia64.rpm
300a2404564f207f005cc44cc0605bbf  samba-swat-3.0.10-2.el4_5.2.ia64.rpm

ppc:
7427942413c4a5429dbf5178187f5d40  samba-3.0.10-2.el4_5.2.ppc.rpm
913df2994bf1738000eb39035ccd88f7  samba-client-3.0.10-2.el4_5.2.ppc.rpm
8b9d23e2e7930cb76350f0bcef823fa1  samba-common-3.0.10-2.el4_5.2.ppc.rpm
afe0aafde8f9101f5f5be33a209d00b3  samba-common-3.0.10-2.el4_5.2.ppc64.rpm
cc42be07f948c45985930fcc2e43bb6e  samba-debuginfo-3.0.10-2.el4_5.2.ppc.rpm
b3cbafb998f0102f1ca6cfb30dbdc6e7  samba-debuginfo-3.0.10-2.el4_5.2.ppc64.rpm
dfdd54785f0811c48aa5d2d72c1c50d2  samba-swat-3.0.10-2.el4_5.2.ppc.rpm

s390:
75d3cf814daf7c92e7fec4ef5ba9e41a  samba-3.0.10-2.el4_5.2.s390.rpm
cb0f98695b6d5f8dc79b7d2b58cf0fbe  samba-client-3.0.10-2.el4_5.2.s390.rpm
591d86cb399119291ded94edbfc4ecc2  samba-common-3.0.10-2.el4_5.2.s390.rpm
0ec7186626901945f82409ea425c40d5  samba-debuginfo-3.0.10-2.el4_5.2.s390.rpm
3fd1c77586c071209ff102b5d4b27d78  samba-swat-3.0.10-2.el4_5.2.s390.rpm

s390x:
c5294a17056d22515d9f07be5cacd9d5  samba-3.0.10-2.el4_5.2.s390x.rpm
74c59956ebf28a5b03bd002e8e4a7a63  samba-client-3.0.10-2.el4_5.2.s390x.rpm
591d86cb399119291ded94edbfc4ecc2  samba-common-3.0.10-2.el4_5.2.s390.rpm
13fe64f043730e952d7fe657dfaf94f1  samba-common-3.0.10-2.el4_5.2.s390x.rpm
0ec7186626901945f82409ea425c40d5  samba-debuginfo-3.0.10-2.el4_5.2.s390.rpm
14ebe4be341686377690b47969beb7e1  samba-debuginfo-3.0.10-2.el4_5.2.s390x.rpm
bb08947066e3e91bba9ae40de81b5945  samba-swat-3.0.10-2.el4_5.2.s390x.rpm

x86_64:
e30f7eeb3b1f81bd8f4455c91b54a82a  samba-3.0.10-2.el4_5.2.x86_64.rpm
c7deff56c3bf23848565e3bd001f0f5d  samba-client-3.0.10-2.el4_5.2.x86_64.rpm
176b8d500ac0e0b32ec91815d5d48387  samba-common-3.0.10-2.el4_5.2.i386.rpm
e2d28bd3b89b7206204071672fd732e4  samba-common-3.0.10-2.el4_5.2.x86_64.rpm
ce7814f3a1ba6acf678021834fb7cc3d  samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm
77eb0ea631192bd50bff5cec29f4c53a  samba-debuginfo-3.0.10-2.el4_5.2.x86_64.rpm
df5f78c25b3e3ff0274ca059bf2a97da  samba-swat-3.0.10-2.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4.5.z:

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4ES-4.5.z/en/os/SRPMS/samba-3.0.10-2.el4_5.2.src.rpm
bd444386c67ac7144c57d1bf8e0df4db  samba-3.0.10-2.el4_5.2.src.rpm

i386:
68bd0ed7ea0a3eda6ba31054bd05df15  samba-3.0.10-2.el4_5.2.i386.rpm
ab4f817962e1423511fd73bcf9d0291d  samba-client-3.0.10-2.el4_5.2.i386.rpm
176b8d500ac0e0b32ec91815d5d48387  samba-common-3.0.10-2.el4_5.2.i386.rpm
ce7814f3a1ba6acf678021834fb7cc3d  samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm
21ade3a16594b54b5e22f1571fc7bd1e  samba-swat-3.0.10-2.el4_5.2.i386.rpm

ia64:
95cf0f3a3b84329cbbdd627e4016139c  samba-3.0.10-2.el4_5.2.ia64.rpm
498bdd8d0f4b8ef55062bb8ccb5bce67  samba-client-3.0.10-2.el4_5.2.ia64.rpm
176b8d500ac0e0b32ec91815d5d48387  samba-common-3.0.10-2.el4_5.2.i386.rpm
9e86c189a5a05e8d6d4ffd0d5d680039  samba-common-3.0.10-2.el4_5.2.ia64.rpm
ce7814f3a1ba6acf678021834fb7cc3d  samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm
b95f0ae908d1a0f7e68dac8b26e253a6  samba-debuginfo-3.0.10-2.el4_5.2.ia64.rpm
300a2404564f207f005cc44cc0605bbf  samba-swat-3.0.10-2.el4_5.2.ia64.rpm

x86_64:
e30f7eeb3b1f81bd8f4455c91b54a82a  samba-3.0.10-2.el4_5.2.x86_64.rpm
c7deff56c3bf23848565e3bd001f0f5d  samba-client-3.0.10-2.el4_5.2.x86_64.rpm
176b8d500ac0e0b32ec91815d5d48387  samba-common-3.0.10-2.el4_5.2.i386.rpm
e2d28bd3b89b7206204071672fd732e4  samba-common-3.0.10-2.el4_5.2.x86_64.rpm
ce7814f3a1ba6acf678021834fb7cc3d  samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm
77eb0ea631192bd50bff5cec29f4c53a  samba-debuginfo-3.0.10-2.el4_5.2.x86_64.rpm
df5f78c25b3e3ff0274ca059bf2a97da  samba-swat-3.0.10-2.el4_5.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHXYWvXlSAg2UNWIIRAi41AKC7DCxTI52D9+k7GwwfhcVA1ojT9gCfYAy9
RRIy+IkmVtNUb6Z90j/N9xY=
=TLBL
-----END PGP SIGNATURE-----

More information about the RHSA-announce mailing list