Red Hat 9037 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Critical: samba security update
Advisory ID: RHSA-2007:1117-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1117.html
Issue date: 2007-12-10
Updated on: 2007-12-10
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-6015
- ---------------------------------------------------------------------

1. Summary:

Updated samba packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.5 Extended Update Support.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4.5.z - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 4.5.z - i386, ia64, x86_64

3. Problem description:

Samba is a suite of programs used by machines to share files, printers, and
other information.

A stack buffer overflow flaw was found in the way Samba authenticates
remote users. A remote unauthenticated user could trigger this flaw to
cause the Samba server to crash, or execute arbitrary code with the
permissions of the Samba server. (CVE-2007-6015)

Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing this issue.

Users of Samba are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

396401 - CVE-2007-6015 samba: send_mailslot() buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4.5.z:

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4AS-4.5.z/en/os/SRPMS/samba-3.0.10-2.el4_5.2.src.rpm
bd444386c67ac7144c57d1bf8e0df4db samba-3.0.10-2.el4_5.2.src.rpm

i386:
68bd0ed7ea0a3eda6ba31054bd05df15 samba-3.0.10-2.el4_5.2.i386.rpm
ab4f817962e1423511fd73bcf9d0291d samba-client-3.0.10-2.el4_5.2.i386.rpm
176b8d500ac0e0b32ec91815d5d48387 samba-common-3.0.10-2.el4_5.2.i386.rpm
ce7814f3a1ba6acf678021834fb7cc3d samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm
21ade3a16594b54b5e22f1571fc7bd1e samba-swat-3.0.10-2.el4_5.2.i386.rpm

ia64:
95cf0f3a3b84329cbbdd627e4016139c samba-3.0.10-2.el4_5.2.ia64.rpm
498bdd8d0f4b8ef55062bb8ccb5bce67 samba-client-3.0.10-2.el4_5.2.ia64.rpm
176b8d500ac0e0b32ec91815d5d48387 samba-common-3.0.10-2.el4_5.2.i386.rpm
9e86c189a5a05e8d6d4ffd0d5d680039 samba-common-3.0.10-2.el4_5.2.ia64.rpm
ce7814f3a1ba6acf678021834fb7cc3d samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm
b95f0ae908d1a0f7e68dac8b26e253a6 samba-debuginfo-3.0.10-2.el4_5.2.ia64.rpm
300a2404564f207f005cc44cc0605bbf samba-swat-3.0.10-2.el4_5.2.ia64.rpm

ppc:
7427942413c4a5429dbf5178187f5d40 samba-3.0.10-2.el4_5.2.ppc.rpm
913df2994bf1738000eb39035ccd88f7 samba-client-3.0.10-2.el4_5.2.ppc.rpm
8b9d23e2e7930cb76350f0bcef823fa1 samba-common-3.0.10-2.el4_5.2.ppc.rpm
afe0aafde8f9101f5f5be33a209d00b3 samba-common-3.0.10-2.el4_5.2.ppc64.rpm
cc42be07f948c45985930fcc2e43bb6e samba-debuginfo-3.0.10-2.el4_5.2.ppc.rpm
b3cbafb998f0102f1ca6cfb30dbdc6e7 samba-debuginfo-3.0.10-2.el4_5.2.ppc64.rpm
dfdd54785f0811c48aa5d2d72c1c50d2 samba-swat-3.0.10-2.el4_5.2.ppc.rpm

s390:
75d3cf814daf7c92e7fec4ef5ba9e41a samba-3.0.10-2.el4_5.2.s390.rpm
cb0f98695b6d5f8dc79b7d2b58cf0fbe samba-client-3.0.10-2.el4_5.2.s390.rpm
591d86cb399119291ded94edbfc4ecc2 samba-common-3.0.10-2.el4_5.2.s390.rpm
0ec7186626901945f82409ea425c40d5 samba-debuginfo-3.0.10-2.el4_5.2.s390.rpm
3fd1c77586c071209ff102b5d4b27d78 samba-swat-3.0.10-2.el4_5.2.s390.rpm

s390x:
c5294a17056d22515d9f07be5cacd9d5 samba-3.0.10-2.el4_5.2.s390x.rpm
74c59956ebf28a5b03bd002e8e4a7a63 samba-client-3.0.10-2.el4_5.2.s390x.rpm
591d86cb399119291ded94edbfc4ecc2 samba-common-3.0.10-2.el4_5.2.s390.rpm
13fe64f043730e952d7fe657dfaf94f1 samba-common-3.0.10-2.el4_5.2.s390x.rpm
0ec7186626901945f82409ea425c40d5 samba-debuginfo-3.0.10-2.el4_5.2.s390.rpm
14ebe4be341686377690b47969beb7e1 samba-debuginfo-3.0.10-2.el4_5.2.s390x.rpm
bb08947066e3e91bba9ae40de81b5945 samba-swat-3.0.10-2.el4_5.2.s390x.rpm

x86_64:
e30f7eeb3b1f81bd8f4455c91b54a82a samba-3.0.10-2.el4_5.2.x86_64.rpm
c7deff56c3bf23848565e3bd001f0f5d samba-client-3.0.10-2.el4_5.2.x86_64.rpm
176b8d500ac0e0b32ec91815d5d48387 samba-common-3.0.10-2.el4_5.2.i386.rpm
e2d28bd3b89b7206204071672fd732e4 samba-common-3.0.10-2.el4_5.2.x86_64.rpm
ce7814f3a1ba6acf678021834fb7cc3d samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm
77eb0ea631192bd50bff5cec29f4c53a samba-debuginfo-3.0.10-2.el4_5.2.x86_64.rpm
df5f78c25b3e3ff0274ca059bf2a97da samba-swat-3.0.10-2.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4.5.z:

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4ES-4.5.z/en/os/SRPMS/samba-3.0.10-2.el4_5.2.src.rpm
bd444386c67ac7144c57d1bf8e0df4db samba-3.0.10-2.el4_5.2.src.rpm

i386:
68bd0ed7ea0a3eda6ba31054bd05df15 samba-3.0.10-2.el4_5.2.i386.rpm
ab4f817962e1423511fd73bcf9d0291d samba-client-3.0.10-2.el4_5.2.i386.rpm
176b8d500ac0e0b32ec91815d5d48387 samba-common-3.0.10-2.el4_5.2.i386.rpm
ce7814f3a1ba6acf678021834fb7cc3d samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm
21ade3a16594b54b5e22f1571fc7bd1e samba-swat-3.0.10-2.el4_5.2.i386.rpm

ia64:
95cf0f3a3b84329cbbdd627e4016139c samba-3.0.10-2.el4_5.2.ia64.rpm
498bdd8d0f4b8ef55062bb8ccb5bce67 samba-client-3.0.10-2.el4_5.2.ia64.rpm
176b8d500ac0e0b32ec91815d5d48387 samba-common-3.0.10-2.el4_5.2.i386.rpm
9e86c189a5a05e8d6d4ffd0d5d680039 samba-common-3.0.10-2.el4_5.2.ia64.rpm
ce7814f3a1ba6acf678021834fb7cc3d samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm
b95f0ae908d1a0f7e68dac8b26e253a6 samba-debuginfo-3.0.10-2.el4_5.2.ia64.rpm
300a2404564f207f005cc44cc0605bbf samba-swat-3.0.10-2.el4_5.2.ia64.rpm

x86_64:
e30f7eeb3b1f81bd8f4455c91b54a82a samba-3.0.10-2.el4_5.2.x86_64.rpm
c7deff56c3bf23848565e3bd001f0f5d samba-client-3.0.10-2.el4_5.2.x86_64.rpm
176b8d500ac0e0b32ec91815d5d48387 samba-common-3.0.10-2.el4_5.2.i386.rpm
e2d28bd3b89b7206204071672fd732e4 samba-common-3.0.10-2.el4_5.2.x86_64.rpm
ce7814f3a1ba6acf678021834fb7cc3d samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm
77eb0ea631192bd50bff5cec29f4c53a samba-debuginfo-3.0.10-2.el4_5.2.x86_64.rpm
df5f78c25b3e3ff0274ca059bf2a97da samba-swat-3.0.10-2.el4_5.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHXYWvXlSAg2UNWIIRAi41AKC7DCxTI52D9+k7GwwfhcVA1ojT9gCfYAy9
RRIy+IkmVtNUb6Z90j/N9xY=
=TLBL
-----END PGP SIGNATURE-----