Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[security-announce] SUSE-SU-2016:1105-1: important: Security update for samba

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

SUSE Security Update: Security update for samba

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2016:1105-1

Rating: important

References: #913087 #958582 #973031 #973032

Cross-References: CVE-2015-5252 CVE-2016-2110 CVE-2016-2111

 

Affected Products:

SUSE Linux Enterprise Server 10 SP4 LTSS

______________________________________________________________________________

 

An update that solves three vulnerabilities and has one

errata is now available.

 

Description:

 

 

Samba was updated to fix three security issues.

 

These security issues were fixed:

 

* CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP

authentication (bso#11688, bsc#973031).

* CVE-2016-2111: Domain controller netlogon member computer could have

been spoofed (bso#11749, bsc#973032).

* CVE-2015-5252: Insufficient symlink verification (allowed file access

outside the share) (bso#11395, bnc#958582).

 

This non-security issue was fixed:

 

* Allow "delete readonly = yes" to correctly override deletion of a

file (bsc#913087, bso#5073)

 

Security Issues:

 

* CVE-2016-2110

 

* CVE-2016-2111

 

* CVE-2015-5252

 

 

Contraindications:

 

 

 

 

Package List:

 

- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):

 

cifs-mount-3.0.36-0.13.32.1

ldapsmb-1.34b-25.13.32.1

libmsrpc-3.0.36-0.13.32.1

libmsrpc-devel-3.0.36-0.13.32.1

libsmbclient-3.0.36-0.13.32.1

libsmbclient-devel-3.0.36-0.13.32.1

samba-3.0.36-0.13.32.1

samba-client-3.0.36-0.13.32.1

samba-krb-printing-3.0.36-0.13.32.1

samba-python-3.0.36-0.13.32.1

samba-vscan-0.3.6b-43.13.32.1

samba-winbind-3.0.36-0.13.32.1

 

- SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):

 

libsmbclient-32bit-3.0.36-0.13.32.1

samba-32bit-3.0.36-0.13.32.1

samba-client-32bit-3.0.36-0.13.32.1

samba-winbind-32bit-3.0.36-0.13.32.1

 

- SUSE Linux Enterprise Server 10 SP4 LTSS (noarch):

 

samba-doc-3.0.36-0.12.32.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2015-5252.html

https://www.suse.com/security/cve/CVE-2016-2110.html

https://www.suse.com/security/cve/CVE-2016-2111.html

https://bugzilla.suse.com/913087

https://bugzilla.suse.com/958582

https://bugzilla.suse.com/973031

https://bugzilla.suse.com/973032

https://download.suse.com/patch/finder/?keywords=7a8b86525db490aaf0868ada97807c68

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×