Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > March 2006 > Two Mandriva Linux Security Advisories: 1. MDKSA-2006:053 - Updated freeciv packages fix DoS vulnerabilities 2. MDKA-2006:021 - Updated samba packages fix bugs

March 2006

Two Mandriva Linux Security Advisories: 1. MDKSA-2006:053 - Updated freeciv packages fix DoS vulnerabilities 2. MDKA-2006:021 - Updated samba packages fix bugs

ID: 00188
Ref: 188/2006
Date: 08 March 2006:14:07:19
Version: 1
Title: Two Mandriva Linux Security Advisories: 1. MDKSA-2006:053 - Updated freeciv packages fix DoS vulnerabilities 2. MDKA-2006:021 - Updated samba packages fix bugs
Abstract:
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva
Title
=====

Two Mandriva Linux Security Advisories:

1. MDKSA-2006:053 - Updated freeciv packages fix DoS vulnerabilities

2. MDKA-2006:021 - Updated samba packages fix bugs

Detail
======

1. A Denial of Service vulnerability was discovered in the civserver
component of the freeciv game on certain incoming packets.

2. Samba provides SMB/CIFS services (such as file and printer sharing)
used by clients compatible with Microsoft Windows(TM).



1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:053
http://www.mandriva.com/security/
_______________________________________________________________________

Package : freeciv
Date : March 7, 2006
Affected: 2006.0
_______________________________________________________________________

Problem Description:

A Denial of Service vulnerability was discovered in the civserver
component of the freeciv game on certain incoming packets.

The updated packages have been patched to fix this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0047
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
5ece42ce68f081e778b3a102bccf5e1e 2006.0/RPMS/freeciv-client-2.0.4-2.1.20060mdk.i586.rpm
e5d33682e9b3068e314164839f02f5d2 2006.0/RPMS/freeciv-data-2.0.4-2.1.20060mdk.i586.rpm
1d264e091e3c04cae8a0a47a72c290ba 2006.0/RPMS/freeciv-server-2.0.4-2.1.20060mdk.i586.rpm
c7c255e3aba2960c99837a74bd3716d1 2006.0/SRPMS/freeciv-2.0.4-2.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
eb3e1e5746478a279a8641b123c30c44 x86_64/2006.0/RPMS/freeciv-client-2.0.4-2.1.20060mdk.x86_64.rpm
02ecd1ff1f7e66766dbe9fe93f352097 x86_64/2006.0/RPMS/freeciv-data-2.0.4-2.1.20060mdk.x86_64.rpm
c27b2c17fddc7a182eb1e9c9a525b55e x86_64/2006.0/RPMS/freeciv-server-2.0.4-2.1.20060mdk.x86_64.rpm
c7c255e3aba2960c99837a74bd3716d1 x86_64/2006.0/SRPMS/freeciv-2.0.4-2.1.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFEDhBxmqjQ0CJFipgRAkTVAKC4zViWupj3kEWOGT/zkrraldueKwCgyLWb
KzSK0kqB0+tM9lDu33X0hbo=
=Q7/q
- -----END PGP SIGNATURE-----



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Advisory MDKA-2006:021
http://www.mandriva.com/security/
_______________________________________________________________________

Package : samba
Date : March 7, 2006
Affected: Corporate 3.0
_______________________________________________________________________

Problem Description:

Samba provides SMB/CIFS services (such as file and printer sharing)
used by clients compatible with Microsoft Windows(TM).

This update introduces a new version of Samba for CS3.0 users. Main
changes include:

- fix for password change when using the LDAP backend problem
introduced in the last update (3.0.10);
- update to version 3.0.14a
- update of the vscan layer to version 0.3.6
- update of smbldap-tools to version 0.8.7
- removal of sql authentication modules

Details
=======

a) Outdated samba.schema file in the openldap-servers package

The samba.schema file from the previous openldap-servers package did
not include support for the password history feature samba uses. When
using the LDAP backend, this would cause password changes to fail. To
fix this, a new openldap-servers package is being provided with the
correct samba.schema file.

b) Default ACLs in openldap-servers

The /etc/openldap/slapd.access.conf file from the openldap-servers
package has been updated to deal with the new samba password history
attribute. The post-installation procedure of the package will
automatically make the necessary adjustments to that file.

c) Samba 3.0.14a highlights include:

- new privilege model which allows assignment of certain privileges to
users and groups so that the administrator account is no longer
needed for certain operations. Please see the Samba-HOWTO-Collection
for details.
- large directory support: samba now can handle large directories with
many thousand of files much better. See the Samba-HOWTO-Collection
for details.
- fixes for compatibility issues between winbind and w2k3-sp1 domain
controllers

For more detailed changes, please refer to the WHATSNEW.txt file in the
samba-doc package.

d) smbldap-tools details

A missing dependency on perl-IO-Socket-SSL has been added which affects
sites using SSL/TLS between smbldap-tools and the LDAP server.
Additionally, a new dependency had to be added: perl-Crypt-SmbHash,
which is being supplied with this update.

Finally, smbldap-tools has been moved into its own package. The upgrade
should pull in this new package automatically.

e) mount-cifs

The mount.cifs utility has been moved to a package of its own called
"mount-cifs". Upgrades should automatically pull in this new package if
it was being used before.

f) SQL modules are deprecated

The sql authentication modules (pgsql and mysql) have been removed due
to lack of maintenance and several serious issues. Please see
https://bugzilla.samba.org/show_bug.cgi?id=3375 for an overview of the
problems and the reasons for why its support has been dropped for the
time being.

Upgrade issues
==============

a) smbldap-tools

smbldap-tools has been updated to version 0.8.7, which is the version
that comes with samba-3.0.14a. This new version has a different
configuration layout: now all configuration files are stored under the
/etc/smbldap-tools directory.

The upgrade process will try to convert any existing configuration
to this new format, but at least the following parameters will have to
be reviewed in the /etc/smbldap-tools/smbldap.conf file:

- ldapTLS may be set to 1 regardless of how ldapSSL was set in the
previous configuration;
- sambaUnixIdPooldn may still be using the default "example" domain
in it

After reviewing the /etc/smbldap-tools/smbldap.conf configuration file
for any remaining issues, the "smbldap-populate" script has to be
rerun in order to add new attributes to the directory server. This will
complete the smbldap-tools migration process.

If the smbldap-tools configuration file is not converted automatically,
please run the script /usr/share/samba/scripts/migrate-smbldap manually
and then proceed to the review of the /etc/smbldap-tools-foo
configuration file.

Known issues
============
Some smbldap-tools configuration directives can not be left empty, even
though the configuration file says so. These are:

- _userSmbHome
- _userHomeDrive
- _userProfile

This may be fixed in a future update.
_______________________________________________________________________

References:

https://bugzilla.samba.org/show_bug.cgi?id=3375
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
95752408b1ff0fd2ade9e0bf7a1f7cc1 corporate/3.0/RPMS/libldap2-2.1.25-7.1.C30mdk.i586.rpm
e8eb0de1776805fb729e6d84727fff8a corporate/3.0/RPMS/libldap2-devel-2.1.25-7.1.C30mdk.i586.rpm
3c282acc2fc01e3a1a64514e772ee5e3 corporate/3.0/RPMS/libldap2-devel-static-2.1.25-7.1.C30mdk.i586.rpm
036af3acd4b0fc29114926ebb02eb2c3 corporate/3.0/RPMS/libsmbclient0-3.0.14a-6.1.C30mdk.i586.rpm
2be8e39234490589211dae0e81d998a2 corporate/3.0/RPMS/libsmbclient0-devel-3.0.14a-6.1.C30mdk.i586.rpm
540989844922cf6b208ee56c20d1ab3f corporate/3.0/RPMS/libsmbclient0-static-devel-3.0.14a-6.1.C30mdk.i586.rpm
6cf926aa25cf9ab8314ed63347caff7e corporate/3.0/RPMS/mount-cifs-3.0.14a-6.1.C30mdk.i586.rpm
234db2ab29addc30107d2ea18a88497d corporate/3.0/RPMS/nss_wins-3.0.14a-6.1.C30mdk.i586.rpm
0de78da2dc2402dd4a513424819546aa corporate/3.0/RPMS/openldap-2.1.25-7.1.C30mdk.i586.rpm
ac7f34c53b88f3ef18d37965d14e593b corporate/3.0/RPMS/openldap-back_dnssrv-2.1.25-7.1.C30mdk.i586.rpm
d2905e8ebb09f9f75b31f8395a7b229d corporate/3.0/RPMS/openldap-back_ldap-2.1.25-7.1.C30mdk.i586.rpm
fc589ab85146f76f4042e065ef046054 corporate/3.0/RPMS/openldap-back_passwd-2.1.25-7.1.C30mdk.i586.rpm
2b25e76548c13c53545689b8dc2b1f71 corporate/3.0/RPMS/openldap-back_sql-2.1.25-7.1.C30mdk.i586.rpm
09b3c550e4e983c6bf45a0b0f94a2ea4 corporate/3.0/RPMS/openldap-clients-2.1.25-7.1.C30mdk.i586.rpm
e4acac13951d50e9cbbc5583c352598d corporate/3.0/RPMS/openldap-doc-2.1.25-7.1.C30mdk.i586.rpm
812af514a8a998bb43274e30bb437c50 corporate/3.0/RPMS/openldap-migration-2.1.25-7.1.C30mdk.i586.rpm
2b497013df4333deca2c4837061841a6 corporate/3.0/RPMS/openldap-servers-2.1.25-7.1.C30mdk.i586.rpm
9d3f67ddf0bdfe9e26a5470d5e83d707 corporate/3.0/RPMS/perl-Crypt-SmbHash-0.12-1.1.C30mdk.noarch.rpm
bdd6f8b1a41be20aea3144b941cd6d6a corporate/3.0/RPMS/samba-client-3.0.14a-6.1.C30mdk.i586.rpm
41add1cd095021d7f811a32c95f1d118 corporate/3.0/RPMS/samba-common-3.0.14a-6.1.C30mdk.i586.rpm
fed60f8e393c66679a2a2f9d2fd62f17 corporate/3.0/RPMS/samba-doc-3.0.14a-6.1.C30mdk.i586.rpm
475f9006ae6431b3cf84da9893e4af82 corporate/3.0/RPMS/samba-passdb-xml-3.0.14a-6.1.C30mdk.i586.rpm
a088e3ab01fcd74b06d65a0e9e469785 corporate/3.0/RPMS/samba-server-3.0.14a-6.1.C30mdk.i586.rpm
8361fb6ba137a0b9f143c718f06a1aa4 corporate/3.0/RPMS/samba-smbldap-tools-3.0.14a-6.1.C30mdk.i586.rpm
80700382f8c69195b03868993d3a2550 corporate/3.0/RPMS/samba-swat-3.0.14a-6.1.C30mdk.i586.rpm
e4a4ce532aca1d05724b8cd71953156c corporate/3.0/RPMS/samba-vscan-antivir-3.0.14a-6.1.C30mdk.i586.rpm
0fb863d8ddfd096de5448801ba62baa3 corporate/3.0/RPMS/samba-vscan-clamav-3.0.14a-6.1.C30mdk.i586.rpm
716f7a9c292af9f231108d48bb80bb43 corporate/3.0/RPMS/samba-vscan-icap-3.0.14a-6.1.C30mdk.i586.rpm
e83eecdf0ac62647c077bdbc6c0fb0f3 corporate/3.0/RPMS/samba-winbind-3.0.14a-6.1.C30mdk.i586.rpm
7df8c79c03ff1272d54be4f0a467bf0a corporate/3.0/SRPMS/openldap-2.1.25-7.1.C30mdk.src.rpm
cb1bd83c7bf6a6439cf084186c8895b3 corporate/3.0/SRPMS/perl-Crypt-SmbHash-0.12-1.1.C30mdk.src.rpm
76a7f3a0be31546c4b6afd65b5f51298 corporate/3.0/SRPMS/samba-3.0.14a-6.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
63397062d218a4785723bcd95a115091 x86_64/corporate/3.0/RPMS/lib64ldap2-2.1.25-7.1.C30mdk.x86_64.rpm
e8614a07bfb7f254161372d0c610b987 x86_64/corporate/3.0/RPMS/lib64ldap2-devel-2.1.25-7.1.C30mdk.x86_64.rpm
fe7916f50f7e654cd3445ff910181ee7 x86_64/corporate/3.0/RPMS/lib64ldap2-devel-static-2.1.25-7.1.C30mdk.x86_64.rpm
aaef3d9aa9d82b206a538eceecb26e95 x86_64/corporate/3.0/RPMS/lib64smbclient0-3.0.14a-6.1.C30mdk.x86_64.rpm
9a492299564c2ce5d4eb3b252e3b6c21 x86_64/corporate/3.0/RPMS/lib64smbclient0-devel-3.0.14a-6.1.C30mdk.x86_64.rpm
493c675c00c9c89daf6c3394adee05d7 x86_64/corporate/3.0/RPMS/lib64smbclient0-static-devel-3.0.14a-6.1.C30mdk.x86_64.rpm
2b7791224e33b633aceafac85c2d75e2 x86_64/corporate/3.0/RPMS/mount-cifs-3.0.14a-6.1.C30mdk.x86_64.rpm
0566af5398d7b2ffdcf44ca9b73d0a63 x86_64/corporate/3.0/RPMS/nss_wins-3.0.14a-6.1.C30mdk.x86_64.rpm
f5b2ca2d3009560947e5929343891255 x86_64/corporate/3.0/RPMS/openldap-2.1.25-7.1.C30mdk.x86_64.rpm
ed6e572f6927bd0c5e5bb2281181d952 x86_64/corporate/3.0/RPMS/openldap-back_dnssrv-2.1.25-7.1.C30mdk.x86_64.rpm
bda649c6c584abe51ada2c7ae9ac8602 x86_64/corporate/3.0/RPMS/openldap-back_ldap-2.1.25-7.1.C30mdk.x86_64.rpm
95ac71672bd07c52f438dc7cbcc6bd1c x86_64/corporate/3.0/RPMS/openldap-back_passwd-2.1.25-7.1.C30mdk.x86_64.rpm
73a604d917f571e2c228bcfe88e3ae51 x86_64/corporate/3.0/RPMS/openldap-back_sql-2.1.25-7.1.C30mdk.x86_64.rpm
416231d0985e1f90d662ccfed8fd0fc0 x86_64/corporate/3.0/RPMS/openldap-clients-2.1.25-7.1.C30mdk.x86_64.rpm
7ee6d694e1523afaa5479319cf227d9c x86_64/corporate/3.0/RPMS/openldap-doc-2.1.25-7.1.C30mdk.x86_64.rpm
9e8c52d66207129180687698adfd5be3 x86_64/corporate/3.0/RPMS/openldap-migration-2.1.25-7.1.C30mdk.x86_64.rpm
e7297f6bf798239b183349cee3b03e31 x86_64/corporate/3.0/RPMS/openldap-servers-2.1.25-7.1.C30mdk.x86_64.rpm
4221f2798e5123c85ff07881de6d6ee1 x86_64/corporate/3.0/RPMS/perl-Crypt-SmbHash-0.12-1.1.C30mdk.noarch.rpm
b7bf9f73496e18b4b52432f136d79e4d x86_64/corporate/3.0/RPMS/samba-client-3.0.14a-6.1.C30mdk.x86_64.rpm
6c52f24fef7faf872113019ccdf52039 x86_64/corporate/3.0/RPMS/samba-common-3.0.14a-6.1.C30mdk.x86_64.rpm
9b7d4c0743b4e563bdaf31a708fcacc5 x86_64/corporate/3.0/RPMS/samba-doc-3.0.14a-6.1.C30mdk.x86_64.rpm
98f2e466fc987eabfb8cbb6c7c89e69e x86_64/corporate/3.0/RPMS/samba-passdb-xml-3.0.14a-6.1.C30mdk.x86_64.rpm
879a72ee5682a65db5e7f4a3c96b0a90 x86_64/corporate/3.0/RPMS/samba-server-3.0.14a-6.1.C30mdk.x86_64.rpm
fe07a029c8aae4a37616b861462362e0 x86_64/corporate/3.0/RPMS/samba-smbldap-tools-3.0.14a-6.1.C30mdk.x86_64.rpm
09305ac8ad2489d8acdbccad34073bb7 x86_64/corporate/3.0/RPMS/samba-swat-3.0.14a-6.1.C30mdk.x86_64.rpm
f68978bca7b9b7e56c6aa2568176e7fa x86_64/corporate/3.0/RPMS/samba-vscan-antivir-3.0.14a-6.1.C30mdk.x86_64.rpm
dbee2768279c57ee9d39b0a426bfa94e x86_64/corporate/3.0/RPMS/samba-vscan-clamav-3.0.14a-6.1.C30mdk.x86_64.rpm
6c4e440bbbcf3e6f93a0a3101def2812 x86_64/corporate/3.0/RPMS/samba-vscan-icap-3.0.14a-6.1.C30mdk.x86_64.rpm
5cf049ab3a8ad9230109b3d71473d56f x86_64/corporate/3.0/RPMS/samba-winbind-3.0.14a-6.1.C30mdk.x86_64.rpm
7df8c79c03ff1272d54be4f0a467bf0a x86_64/corporate/3.0/SRPMS/openldap-2.1.25-7.1.C30mdk.src.rpm
cb1bd83c7bf6a6439cf084186c8895b3 x86_64/corporate/3.0/SRPMS/perl-Crypt-SmbHash-0.12-1.1.C30mdk.src.rpm
76a7f3a0be31546c4b6afd65b5f51298 x86_64/corporate/3.0/SRPMS/samba-3.0.14a-6.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFEDfAzmqjQ0CJFipgRAu2lAJ9my8aBkl10nJOfnrW38S/nvE4QegCg2auB
37u0BFsMn6XeTkohUUTHwkw=
=teXI
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |