Overview

File _patchinfo of Package patchinfo.3824

<patchinfo incident="3824">
  <issue id="1014442" tracker="bnc">VUL-0: EMBARGOED: CVE-2016-2126: samba: denial of service due to a client triggered crash in the winbindd parent</issue>
  <issue id="1014441" tracker="bnc">VUL-0: EMBARGOED: CVE-2016-2125: samba: don't send delegated credentials to all servers</issue>
  <issue id="1009085" tracker="bnc">SMBCLIENT tries netbios over port 139 even after "disable netbios" parameter is used.</issue>
  <issue id="1014437" tracker="bnc">VUL-0: EMBARGOED: CVE-2016-2123: samba: Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnera</issue>
  <issue id="2016-2125" tracker="cve" />
  <issue id="2016-2126" tracker="cve" />
  <issue id="2016-2123" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>jmcdough</packager>
  <description>
This update for samba fixes the following issues:

Security issues fixed:

- CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441).
- CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd
  parent process. (bsc#1014442).
- CVE-2016-2123: Heap-based Buffer Overflow Remote Code Execution Vulnerability. (bsc#1014437).
  This component is not built into our packages, so we are not affected.

Non security issues fixed:

- s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085)
</description>
  <summary>Security update for samba</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places