Security update for samba

Announcement ID: SUSE-SU-2016:1028-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2016-2110 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
  • CVE-2016-2111 ( NVD ): 6.3 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
  • CVE-2016-2112 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
  • CVE-2016-2113 ( NVD ): 7.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  • CVE-2016-2115 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
  • CVE-2016-2118 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2016-2118 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
  • SUSE Linux Enterprise Server 11 SP2 LTSS 11-SP2

An update that solves seven vulnerabilities and has one security fix can now be installed.

Description:

samba was updated to fix seven security issues.

These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account were possible (bsc#971965).

These non-security issues were fixed: - bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint function - Getting and setting Windows ACLs on symlinks can change permissions on link

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 11 SP2 LTSS 11-SP2
    zypper in -t patch slessp2-samba-12508=1

Package List:

  • SUSE Linux Enterprise Server 11 SP2 LTSS 11-SP2 (s390x x86_64 i586)
    • libtdb1-3.6.3-52.1
    • libtevent0-3.6.3-52.1
    • libwbclient0-3.6.3-52.1
    • samba-3.6.3-52.1
    • libtalloc2-3.6.3-52.1
    • samba-client-3.6.3-52.1
    • samba-krb-printing-3.6.3-52.1
    • ldapsmb-1.34b-52.1
    • samba-winbind-3.6.3-52.1
    • libsmbclient0-3.6.3-52.1
    • libldb1-3.6.3-52.1
  • SUSE Linux Enterprise Server 11 SP2 LTSS 11-SP2 (noarch)
    • samba-doc-3.6.3-52.1
  • SUSE Linux Enterprise Server 11 SP2 LTSS 11-SP2 (s390x x86_64)
    • libtevent0-32bit-3.6.3-52.1
    • samba-winbind-32bit-3.6.3-52.1
    • libwbclient0-32bit-3.6.3-52.1
    • libsmbclient0-32bit-3.6.3-52.1
    • samba-32bit-3.6.3-52.1
    • samba-client-32bit-3.6.3-52.1
    • libtdb1-32bit-3.6.3-52.1
    • libtalloc2-32bit-3.6.3-52.1

References: