[security-announce] SUSE-SU-2016:0032-1: important: Security update for samba

[news 28]

SUSE Security Update: Security update for samba

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2016:0032-1

Rating: important

References: #295284 #773464 #901813 #912457 #913304 #934299

#948244 #949022 #958582 #958583 #958584 #958586

 

Cross-References: CVE-2015-5252 CVE-2015-5296 CVE-2015-5299

CVE-2015-5330

Affected Products:

SUSE Linux Enterprise Server 11-SP2-LTSS

SUSE Linux Enterprise Debuginfo 11-SP2

______________________________________________________________________________

 

An update that solves four vulnerabilities and has 8 fixes

is now available.

 

Description:

 

This update for Samba fixes the following security issues:

 

- CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586).

- CVE-2015-5252: Insufficient symlink verification (file access outside

the share) (bnc#958582).

- CVE-2015-5296: No man in the middle protection when forcing smb

encryption on the client side (bnc#958584).

- CVE-2015-5299: Currently the snapshot browsing is not secure thru

windows previous version (shadow_copy2) (bnc#958583).

 

Non-security issues fixed:

 

- Prevent null pointer access in samlogon fallback when security

credentials are null (bnc#949022).

- Address unrecoverable winbind failure: "key length too large"

(bnc#934299).

- Take resource group sids into account when caching netsamlogon data

(bnc#912457).

- Use domain name if search by domain SID fails to send SIDHistory lookups

to correct idmap backend (bnc#773464).

- Remove deprecated base_rid example from idmap_rid manpage (bnc#913304).

- Purge printer name cache on spoolss SetPrinter change (bnc#901813).

- Fix lookup of groups with "Local Domain" scope from Active Directory

(bnc#948244).

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Server 11-SP2-LTSS:

 

zypper in -t patch slessp2-samba-12297=1

 

- SUSE Linux Enterprise Debuginfo 11-SP2:

 

zypper in -t patch dbgsp2-samba-12297=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64):

 

ldapsmb-1.34b-45.2

libldb1-3.6.3-45.2

libsmbclient0-3.6.3-45.2

libtalloc2-3.6.3-45.2

libtdb1-3.6.3-45.2

libtevent0-3.6.3-45.2

libwbclient0-3.6.3-45.2

samba-3.6.3-45.2

samba-client-3.6.3-45.2

samba-krb-printing-3.6.3-45.2

samba-winbind-3.6.3-45.2

 

- SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64):

 

libsmbclient0-32bit-3.6.3-45.2

libtalloc2-32bit-3.6.3-45.2

libtdb1-32bit-3.6.3-45.2

libtevent0-32bit-3.6.3-45.2

libwbclient0-32bit-3.6.3-45.2

samba-32bit-3.6.3-45.2

samba-client-32bit-3.6.3-45.2

samba-winbind-32bit-3.6.3-45.2

 

- SUSE Linux Enterprise Server 11-SP2-LTSS (noarch):

 

samba-doc-3.6.3-45.2

 

- SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64):

 

samba-debuginfo-3.6.3-45.2

samba-debugsource-3.6.3-45.2

 

- SUSE Linux Enterprise Debuginfo 11-SP2 (s390x x86_64):

 

samba-debuginfo-32bit-3.6.3-45.2

 

 

References:

 

https://www.suse.com/security/cve/CVE-2015-5252.html

https://www.suse.com/security/cve/CVE-2015-5296.html

https://www.suse.com/security/cve/CVE-2015-5299.html

https://www.suse.com/security/cve/CVE-2015-5330.html

https://bugzilla.suse.com/295284

https://bugzilla.suse.com/773464

https://bugzilla.suse.com/901813

https://bugzilla.suse.com/912457

https://bugzilla.suse.com/913304

https://bugzilla.suse.com/934299

https://bugzilla.suse.com/948244

https://bugzilla.suse.com/949022

https://bugzilla.suse.com/958582

https://bugzilla.suse.com/958583

https://bugzilla.suse.com/958584

https://bugzilla.suse.com/958586

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org