Overview Repositories Revisions Requests Users Attributes Meta
Security update for samba

This update fixes these security vulnerabilities:
- CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).
- CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).
- CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).
- CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).
- CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
- CVE-2016-2114: "server signing = mandatory" not enforced (bsc#973035).
- CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).
- CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account were possible (bsc#971965).

The openSUSE 13.1 update also upgrades to samba 4.2.4 as 4.1.x versions
are no longer supported by upstream. As a side effect, libpdb0 package
was replaced by libsamba-passdb0.

Fixed bugs
CVE-2015-5370
CVE-2016-2110
CVE-2016-2111
CVE-2016-2112
CVE-2016-2113
CVE-2016-2114
CVE-2016-2115
CVE-2016-2118
bnc#936862
VUL-0: CVE-2015-5370: samba: RPC crash in dcesrv_auth_bind_ack() due to a missing error check on the return value of dcerpc_pull_auth_trailer() could lead to a remote denial-of-service
bnc#971965
VUL-0: CVE-2016-2118: samba: SAMR and LSA man in the middle attacks possible (aka "BADLOCK")
bnc#973031
VUL-0: CVE-2016-2110: samba: NTLM-SSP auth. downgrade
bnc#973032
VUL-0: CVE-2016-2111: samba: Microsofts NETLOGON spoofing
bnc#973033
VUL-0: CVE-2016-2112: samba: The LDAP client and server dont enforce integrity protection
bnc#973034
VUL-0: CVE-2016-2113: samba: Missing TLS certificate validation allows man in the middle attacks
bnc#973035
VUL-0: CVE-2016-2114: samba: "server signing = mandatory" not enforced
bnc#973036
VUL-0: CVE-2016-2115: samba: SMB client connections for IPC traffic are not integrity protected
bso#11344
bso#11644
bso#11688
bso#11749
bso#11752
bso#11756
bso#11804
CVE-2012-6150
CVE-2013-4408
CVE-2013-4496
CVE-2015-0240
CVE-2015-5252
CVE-2015-5296
CVE-2015-5299
CVE-2015-5330
CVE-2015-7560
bnc#844720
VUL-0: CVE-2013-4408: samba: DCERPC frag_len not checked
bnc#849224
VUL-0: CVE-2013-4496: samba: Password lockout not enforced for SAMR password changes
bnc#853347
VUL-0: CVE-2012-6150: samba: winbind pam security problem
bnc#917376
VUL-0: CVE-2015-0240: samba/talloc: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability.
bnc#958582
VUL-0: CVE-2015-5252: samba: Insufficient symlink verification (file access outside the share)
bnc#958583
VUL-0: CVE-2015-5299: samba: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2)
bnc#958584
VUL-0: CVE-2015-5296: samba: No man in the middle protection when forcing smb encryption on the client side
bnc#958586
VUL-0: CVE-2015-5330: samba: Remote read memory exploit in LDB
bnc#968222
VUL-0: CVE-2015-7560: samba: Getting and setting Windows ACLs on symlinks can change permissions on link target.
bso#11077
bso#11395
bso#11529
bso#11536
bso#11599
bso#11648
Selected Binaries
openSUSE Build Service is sponsored by
Places