Security update for samba
This update for samba fixes the following issues:
Security issues fixed:
- CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441).
- CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd
parent process. (bsc#1014442).
- CVE-2016-2123: Heap-based Buffer Overflow Remote Code Execution Vulnerability. (bsc#1014437).
This component is not built into our packages, so we are not affected.
Non security issues fixed:
- s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
James McDonough (jmcdough)
Fixed bugs
bnc#1014442
VUL-0: EMBARGOED: CVE-2016-2126: samba: denial of service due to a client triggered crash in the winbindd parent
bnc#1014441
VUL-0: EMBARGOED: CVE-2016-2125: samba: don't send delegated credentials to all servers
bnc#1009085
SMBCLIENT tries netbios over port 139 even after "disable netbios" parameter is used.
bnc#1014437
VUL-0: EMBARGOED: CVE-2016-2123: samba: Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnera
