LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

[Security Announce] [ MDKA-2006:021 ] - Updated samba packages fix bugs

[Posted March 8, 2006 by ris]

From:  security-AT-mandriva.com
To:  security-announce-AT-mandrivalinux.org
Subject:  [Security Announce] [ MDKA-2006:021 ] - Updated samba packages fix bugs
Date:  Tue, 7 Mar 2006 16:47:00 -0700


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Advisory                                   MDKA-2006:021
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : samba
 Date    : March 7, 2006
 Affected: Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Samba provides SMB/CIFS services (such as file and printer sharing)
 used by clients compatible with Microsoft Windows(TM).
 
 This update introduces a new version of Samba for CS3.0 users. Main
 changes include:
 
 - fix for password change when using the LDAP backend problem
   introduced in the last update (3.0.10);
 - update to version 3.0.14a
 - update of the vscan layer to version 0.3.6
 - update of smbldap-tools to version 0.8.7
 - removal of sql authentication modules
 
 Details
 =======
 
 a) Outdated samba.schema file in the openldap-servers package
 
 The samba.schema file from the previous openldap-servers package did
 not include support for the password history feature samba uses. When
 using the LDAP backend, this would cause password changes to fail. To
 fix this, a new openldap-servers package is being provided with the
 correct samba.schema file.
 
 b) Default ACLs in openldap-servers
 
 The /etc/openldap/slapd.access.conf file from the openldap-servers
 package has been updated to deal with the new samba password history
 attribute. The post-installation procedure of the package will
 automatically make the necessary adjustments to that file.
 
 c) Samba 3.0.14a highlights include:
 
 - new privilege model which allows assignment of certain privileges to
   users and groups so that the administrator account is no longer
   needed for certain operations. Please see the Samba-HOWTO-Collection
   for details.
 - large directory support: samba now can handle large directories with
   many thousand of files much better. See the Samba-HOWTO-Collection
   for details.
 - fixes for compatibility issues between winbind and w2k3-sp1 domain
   controllers
 
 For more detailed changes, please refer to the WHATSNEW.txt file in the
 samba-doc package.
 
 d) smbldap-tools details
 
 A missing dependency on perl-IO-Socket-SSL has been added which affects
 sites using SSL/TLS between smbldap-tools and the LDAP server.
 Additionally, a new dependency had to be added: perl-Crypt-SmbHash,
 which is being supplied with this update.
 
 Finally, smbldap-tools has been moved into its own package. The upgrade
 should pull in this new package automatically.
 
 e) mount-cifs
 
 The mount.cifs utility has been moved to a package of its own called
 "mount-cifs". Upgrades should automatically pull in this new package if
 it was being used before.
 
 f) SQL modules are deprecated
 
 The sql authentication modules (pgsql and mysql) have been removed due
 to lack of maintenance and several serious issues. Please see
 https://bugzilla.samba.org/show_bug.cgi?id=3375 for an overview of the
 problems and the reasons for why its support has been dropped for the
 time being.
 
 Upgrade issues
 ==============
 
 a) smbldap-tools
 
 smbldap-tools has been updated to version 0.8.7, which is the version
 that comes with samba-3.0.14a.  This new version has a different
 configuration layout: now all configuration files are stored under the
 /etc/smbldap-tools directory.
 
 The upgrade process will try to convert any existing configuration
 to this new format, but at least the following parameters will have to
 be reviewed in the /etc/smbldap-tools/smbldap.conf file:
 
 - ldapTLS may be set to 1 regardless of how ldapSSL was set in the
   previous configuration;
 - sambaUnixIdPooldn may still be using the default "example" domain
   in it
 
 After reviewing the /etc/smbldap-tools/smbldap.conf configuration file
 for any remaining issues, the "smbldap-populate" script has to be
 rerun in order to add new attributes to the directory server. This will
 complete the smbldap-tools migration process.
 
 If the smbldap-tools configuration file is not converted automatically,
 please run the script /usr/share/samba/scripts/migrate-smbldap manually
 and then proceed to the review of the /etc/smbldap-tools-foo
 configuration file.
 
 Known issues
 ============
 Some smbldap-tools configuration directives can not be left empty, even
 though the configuration file says so. These are:
 
 - _userSmbHome
 - _userHomeDrive
 - _userProfile
 
 This may be fixed in a future update.
 _______________________________________________________________________

 References:
 
 https://bugzilla.samba.org/show_bug.cgi?id=3375
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 95752408b1ff0fd2ade9e0bf7a1f7cc1  corporate/3.0/RPMS/libldap2-2.1.25-7.1.C30mdk.i586.rpm
 e8eb0de1776805fb729e6d84727fff8a  corporate/3.0/RPMS/libldap2-devel-2.1.25-7.1.C30mdk.i586.rpm
 3c282acc2fc01e3a1a64514e772ee5e3
corporate/3.0/RPMS/libldap2-devel-static-2.1.25-7.1.C30mdk.i586.rpm
 036af3acd4b0fc29114926ebb02eb2c3  corporate/3.0/RPMS/libsmbclient0-3.0.14a-6.1.C30mdk.i586.rpm
 2be8e39234490589211dae0e81d998a2
corporate/3.0/RPMS/libsmbclient0-devel-3.0.14a-6.1.C30mdk.i586.rpm
 540989844922cf6b208ee56c20d1ab3f
corporate/3.0/RPMS/libsmbclient0-static-devel-3.0.14a-6.1.C30mdk.i586.rpm
 6cf926aa25cf9ab8314ed63347caff7e  corporate/3.0/RPMS/mount-cifs-3.0.14a-6.1.C30mdk.i586.rpm
 234db2ab29addc30107d2ea18a88497d  corporate/3.0/RPMS/nss_wins-3.0.14a-6.1.C30mdk.i586.rpm
 0de78da2dc2402dd4a513424819546aa  corporate/3.0/RPMS/openldap-2.1.25-7.1.C30mdk.i586.rpm
 ac7f34c53b88f3ef18d37965d14e593b
corporate/3.0/RPMS/openldap-back_dnssrv-2.1.25-7.1.C30mdk.i586.rpm
 d2905e8ebb09f9f75b31f8395a7b229d
corporate/3.0/RPMS/openldap-back_ldap-2.1.25-7.1.C30mdk.i586.rpm
 fc589ab85146f76f4042e065ef046054
corporate/3.0/RPMS/openldap-back_passwd-2.1.25-7.1.C30mdk.i586.rpm
 2b25e76548c13c53545689b8dc2b1f71  corporate/3.0/RPMS/openldap-back_sql-2.1.25-7.1.C30mdk.i586.rpm
 09b3c550e4e983c6bf45a0b0f94a2ea4  corporate/3.0/RPMS/openldap-clients-2.1.25-7.1.C30mdk.i586.rpm
 e4acac13951d50e9cbbc5583c352598d  corporate/3.0/RPMS/openldap-doc-2.1.25-7.1.C30mdk.i586.rpm
 812af514a8a998bb43274e30bb437c50
corporate/3.0/RPMS/openldap-migration-2.1.25-7.1.C30mdk.i586.rpm
 2b497013df4333deca2c4837061841a6  corporate/3.0/RPMS/openldap-servers-2.1.25-7.1.C30mdk.i586.rpm
 9d3f67ddf0bdfe9e26a5470d5e83d707
corporate/3.0/RPMS/perl-Crypt-SmbHash-0.12-1.1.C30mdk.noarch.rpm
 bdd6f8b1a41be20aea3144b941cd6d6a  corporate/3.0/RPMS/samba-client-3.0.14a-6.1.C30mdk.i586.rpm
 41add1cd095021d7f811a32c95f1d118  corporate/3.0/RPMS/samba-common-3.0.14a-6.1.C30mdk.i586.rpm
 fed60f8e393c66679a2a2f9d2fd62f17  corporate/3.0/RPMS/samba-doc-3.0.14a-6.1.C30mdk.i586.rpm
 475f9006ae6431b3cf84da9893e4af82  corporate/3.0/RPMS/samba-passdb-xml-3.0.14a-6.1.C30mdk.i586.rpm
 a088e3ab01fcd74b06d65a0e9e469785  corporate/3.0/RPMS/samba-server-3.0.14a-6.1.C30mdk.i586.rpm
 8361fb6ba137a0b9f143c718f06a1aa4
corporate/3.0/RPMS/samba-smbldap-tools-3.0.14a-6.1.C30mdk.i586.rpm
 80700382f8c69195b03868993d3a2550  corporate/3.0/RPMS/samba-swat-3.0.14a-6.1.C30mdk.i586.rpm
 e4a4ce532aca1d05724b8cd71953156c
corporate/3.0/RPMS/samba-vscan-antivir-3.0.14a-6.1.C30mdk.i586.rpm
 0fb863d8ddfd096de5448801ba62baa3
corporate/3.0/RPMS/samba-vscan-clamav-3.0.14a-6.1.C30mdk.i586.rpm
 716f7a9c292af9f231108d48bb80bb43  corporate/3.0/RPMS/samba-vscan-icap-3.0.14a-6.1.C30mdk.i586.rpm
 e83eecdf0ac62647c077bdbc6c0fb0f3  corporate/3.0/RPMS/samba-winbind-3.0.14a-6.1.C30mdk.i586.rpm
 7df8c79c03ff1272d54be4f0a467bf0a  corporate/3.0/SRPMS/openldap-2.1.25-7.1.C30mdk.src.rpm
 cb1bd83c7bf6a6439cf084186c8895b3  corporate/3.0/SRPMS/perl-Crypt-SmbHash-0.12-1.1.C30mdk.src.rpm
 76a7f3a0be31546c4b6afd65b5f51298  corporate/3.0/SRPMS/samba-3.0.14a-6.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 63397062d218a4785723bcd95a115091
x86_64/corporate/3.0/RPMS/lib64ldap2-2.1.25-7.1.C30mdk.x86_64.rpm
 e8614a07bfb7f254161372d0c610b987
x86_64/corporate/3.0/RPMS/lib64ldap2-devel-2.1.25-7.1.C30mdk.x86_64.rpm
 fe7916f50f7e654cd3445ff910181ee7
x86_64/corporate/3.0/RPMS/lib64ldap2-devel-static-2.1.25-7.1.C30mdk.x86_64.rpm
 aaef3d9aa9d82b206a538eceecb26e95
x86_64/corporate/3.0/RPMS/lib64smbclient0-3.0.14a-6.1.C30mdk.x86_64.rpm
 9a492299564c2ce5d4eb3b252e3b6c21
x86_64/corporate/3.0/RPMS/lib64smbclient0-devel-3.0.14a-6.1.C30mdk.x86_64.rpm
 493c675c00c9c89daf6c3394adee05d7
x86_64/corporate/3.0/RPMS/lib64smbclient0-static-devel-3.0.14a-6.1.C30mdk.x86_64.rpm
 2b7791224e33b633aceafac85c2d75e2
x86_64/corporate/3.0/RPMS/mount-cifs-3.0.14a-6.1.C30mdk.x86_64.rpm
 0566af5398d7b2ffdcf44ca9b73d0a63
x86_64/corporate/3.0/RPMS/nss_wins-3.0.14a-6.1.C30mdk.x86_64.rpm
 f5b2ca2d3009560947e5929343891255  x86_64/corporate/3.0/RPMS/openldap-2.1.25-7.1.C30mdk.x86_64.rpm
 ed6e572f6927bd0c5e5bb2281181d952
x86_64/corporate/3.0/RPMS/openldap-back_dnssrv-2.1.25-7.1.C30mdk.x86_64.rpm
 bda649c6c584abe51ada2c7ae9ac8602
x86_64/corporate/3.0/RPMS/openldap-back_ldap-2.1.25-7.1.C30mdk.x86_64.rpm
 95ac71672bd07c52f438dc7cbcc6bd1c
x86_64/corporate/3.0/RPMS/openldap-back_passwd-2.1.25-7.1.C30mdk.x86_64.rpm
 73a604d917f571e2c228bcfe88e3ae51
x86_64/corporate/3.0/RPMS/openldap-back_sql-2.1.25-7.1.C30mdk.x86_64.rpm
 416231d0985e1f90d662ccfed8fd0fc0
x86_64/corporate/3.0/RPMS/openldap-clients-2.1.25-7.1.C30mdk.x86_64.rpm
 7ee6d694e1523afaa5479319cf227d9c
x86_64/corporate/3.0/RPMS/openldap-doc-2.1.25-7.1.C30mdk.x86_64.rpm
 9e8c52d66207129180687698adfd5be3
x86_64/corporate/3.0/RPMS/openldap-migration-2.1.25-7.1.C30mdk.x86_64.rpm
 e7297f6bf798239b183349cee3b03e31
x86_64/corporate/3.0/RPMS/openldap-servers-2.1.25-7.1.C30mdk.x86_64.rpm
 4221f2798e5123c85ff07881de6d6ee1
x86_64/corporate/3.0/RPMS/perl-Crypt-SmbHash-0.12-1.1.C30mdk.noarch.rpm
 b7bf9f73496e18b4b52432f136d79e4d
x86_64/corporate/3.0/RPMS/samba-client-3.0.14a-6.1.C30mdk.x86_64.rpm
 6c52f24fef7faf872113019ccdf52039
x86_64/corporate/3.0/RPMS/samba-common-3.0.14a-6.1.C30mdk.x86_64.rpm
 9b7d4c0743b4e563bdaf31a708fcacc5
x86_64/corporate/3.0/RPMS/samba-doc-3.0.14a-6.1.C30mdk.x86_64.rpm
 98f2e466fc987eabfb8cbb6c7c89e69e
x86_64/corporate/3.0/RPMS/samba-passdb-xml-3.0.14a-6.1.C30mdk.x86_64.rpm
 879a72ee5682a65db5e7f4a3c96b0a90
x86_64/corporate/3.0/RPMS/samba-server-3.0.14a-6.1.C30mdk.x86_64.rpm
 fe07a029c8aae4a37616b861462362e0
x86_64/corporate/3.0/RPMS/samba-smbldap-tools-3.0.14a-6.1.C30mdk.x86_64.rpm
 09305ac8ad2489d8acdbccad34073bb7
x86_64/corporate/3.0/RPMS/samba-swat-3.0.14a-6.1.C30mdk.x86_64.rpm
 f68978bca7b9b7e56c6aa2568176e7fa
x86_64/corporate/3.0/RPMS/samba-vscan-antivir-3.0.14a-6.1.C30mdk.x86_64.rpm
 dbee2768279c57ee9d39b0a426bfa94e
x86_64/corporate/3.0/RPMS/samba-vscan-clamav-3.0.14a-6.1.C30mdk.x86_64.rpm
 6c4e440bbbcf3e6f93a0a3101def2812
x86_64/corporate/3.0/RPMS/samba-vscan-icap-3.0.14a-6.1.C30mdk.x86_64.rpm
 5cf049ab3a8ad9230109b3d71473d56f
x86_64/corporate/3.0/RPMS/samba-winbind-3.0.14a-6.1.C30mdk.x86_64.rpm
 7df8c79c03ff1272d54be4f0a467bf0a  x86_64/corporate/3.0/SRPMS/openldap-2.1.25-7.1.C30mdk.src.rpm
 cb1bd83c7bf6a6439cf084186c8895b3
x86_64/corporate/3.0/SRPMS/perl-Crypt-SmbHash-0.12-1.1.C30mdk.src.rpm
 76a7f3a0be31546c4b6afd65b5f51298  x86_64/corporate/3.0/SRPMS/samba-3.0.14a-6.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFEDfAzmqjQ0CJFipgRAu2lAJ9my8aBkl10nJOfnrW38S/nvE4QegCg2auB
37u0BFsMn6XeTkohUUTHwkw=
=teXI
-----END PGP SIGNATURE-----


To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________
(Log in to post comments)

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds