Overview Repositories Revisions Requests Users Attributes Meta
Security update for samba

samba was updated to fix seven security issues.

These security issues were fixed:
- CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).
- CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).
- CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).
- CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).
- CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
- CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).
- CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account were possible (bsc#971965).

These non-security issues were fixed:
- bsc#974629: Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call.
- bsc#973832: Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel.
- bsc#972197: Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it.
- Getting and setting Windows ACLs on symlinks can change permissions on link
- bsc#924519: Upgrade on-disk FSRVP server state to new version.
- bsc#968973: Only obsolete but do not provide gplv2/3 package names.
- bso#6482: s3:utils/smbget: Fix recursive download.
- bso#10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support.
- bso#11643: docs: Add example for domain logins to smbspool man page.
- bso#11690: s3-client: Add a KRB5 wrapper for smbspool.
- bso#11708: loadparm: Fix memory leak issue.
- bso#11714: lib/tsocket: Work around sockets not supporting FIONREAD.
- bso#11719: ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ...".
- bso#11727: s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file.
- bso#11732: param: Fix str_list_v3 to accept ";" again.
- bso#11740: Real memeory leak(buildup) issue in loadparm.

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Fixed bugs
bnc#973032
VUL-0: EMBARGOED: CVE-2016-2111: samba: Microsoft's NETLOGON spoofing
bnc#973033
VUL-0: EMBARGOED: CVE-2016-2112: samba: The LDAP client and server don't enforce integrity protection
bnc#973031
VUL-0: EMBARGOED: CVE-2016-2110: samba: NTLM-SSP auth. downgrade
bnc#973036
VUL-0: EMBARGOED: CVE-2016-2115: samba: SMB client connections for IPC traffic are not integrity protected
bnc#973034
VUL-0: EMBARGOED: CVE-2016-2113: samba: Missing TLS certificate validation allows man in the middle attacks
bnc#972197
libsamba-passdb-devel and libsmbclient0 provides/ obsoletes cleanup
bnc#973832
[TRACKERBUG] FATE#320709: [ECO] Update samba 4.1 to 4.2
bnc#924519
FSRVP server state on-disk format upgrade for upstream
bnc#974629
samba.tests.messaging is failing
bnc#968973
Superfluously provided obsoleted package names
bnc#936862
VUL-0: EMBARGOED: CVE-2015-5370: samba: RPC crash in dcesrv_auth_bind_ack() due to a missing error check on the return value of dcerpc_pull_auth_trailer() could lead to a remote denial-of-service
bnc#971965
VUL-0: EMBARGOED: CVE-2016-2118: samba: SAMR and LSA man in the middle attacks possible (aka "BADLOCK")
CVE-CVE-2016-2118
CVE-CVE-2016-2115
CVE-CVE-2016-2112
CVE-CVE-2016-2113
CVE-CVE-2016-2110
CVE-CVE-2016-2111
CVE-CVE-2015-5370
Selected Binaries
openSUSE Build Service is sponsored by
Places