- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LSU
SUSE Security Update: Security update for samba
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1022-1
Rating: important
References: #320709 #913547 #919309 #924519 #936862 #942716
#946051 #949022 #964023 #966271 #968973 #971965
#972197 #973031 #973032 #973033 #973034 #973036
#973832 #974629
Cross-References: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111
CVE-2016-2112 CVE-2016-2113 CVE-2016-2115
CVE-2016-2118
Affected Products:
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise High Availability 12
SUSE Linux Enterprise Desktop 12
______________________________________________________________________________
An update that solves 7 vulnerabilities and has 13 fixes is
now available.
Description:
Samba was updated to the 4.2.x codestream, bringing some new features and
security fixes (bsc#973832, FATE#320709).
These security issues were fixed:
– CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM
attacks (bsc#936862).
– CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
authentication (bsc#973031).
– CVE-2016-2111: Domain controller netlogon member computer could have
been spoofed (bsc#973032).
– CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM
attack (bsc#973033).
– CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
– CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks
(bsc#973036).
– CVE-2016-2118: “Badlock” DCERPC impersonation of authenticated account
were possible (bsc#971965).
Also the following fixes were done:
– Upgrade on-disk FSRVP server state to new version; (bsc#924519).
– Fix samba.tests.messaging test and prevent potential tdb corruption by
removing obsolete now invalid tdb_close call; (bsc#974629).
– Align fsrvp feature sources with upstream version.
– Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel
from samba-core-devel; (bsc#973832).
– s3:utils/smbget: Fix recursive download; (bso#6482).
– s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem
with no ACL support; (bso#10489).
– docs: Add example for domain logins to smbspool man page; (bso#11643).
– s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).
– loadparm: Fix memory leak issue; (bso#11708).
– lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
– ctdb-scripts: Drop use of “smbcontrol winbindd ip-dropped …”;
(bso#11719).
– s3:smbd:open: Skip redundant call to file_set_dosmode when creating a
new file; (bso#11727).
– param: Fix str_list_v3 to accept “;” again; (bso#11732).
– Real memeory leak(buildup) issue in loadparm; (bso#11740).
– Obsolete libsmbclient from libsmbclient0 and libpdb-devel from
libsamba-passdb-devel while not providing it; (bsc#972197).
– Getting and setting Windows ACLs on symlinks can change permissions on
link
– Only obsolete but do not provide gplv2/3 package names; (bsc#968973).
– Enable clustering (CTDB) support; (bsc#966271).
– s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);
(bsc#964023).
– vfs_fruit: Fix renaming directories with open files; (bso#11065).
– Fix MacOS finder error 36 when copying folder to Samba; (bso#11347).
– s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;
(bso#11400).
– Fix copying files with vfs_fruit when using vfs_streams_xattr without
stream prefix and type suffix; (bso#11466).
– s3:libsmb: Correctly initialize the list head when keeping a list of
primary followed by DFS connections; (bso#11624).
– Reduce the memory footprint of empty string options; (bso#11625).
– lib/async_req: Do not install async_connect_send_test; (bso#11639).
– docs: Fix typos in man vfs_gpfs; (bso#11641).
– smbd: make “hide dot files” option work with “store dos attributes =
yes”; (bso#11645).
– smbcacls: Fix uninitialized variable; (bso#11682).
– s3:smbd: Ignore initial allocation size for directory creation;
(bso#11684).
– Changing log level of two entries to from 1 to 3; (bso#9912).
– vfs_gpfs: Re-enable share modes; (bso#11243).
– wafsamba: Also build libraries with RELRO protection; (bso#11346).
– ctdb: Strip trailing spaces from nodes file; (bso#11365).
– s3-smbd: Fix old DOS client doing wildcard delete – gives a attribute
type of zero; (bso#11452).
– nss_wins: Do not run into use after free issues when we access memory
allocated on the globals and the global being reinitialized; (bso#11563).
– async_req: Fix non-blocking connect(); (bso#11564).
– auth: gensec: Fix a memory leak; (bso#11565).
– lib: util: Make non-critical message a warning; (bso#11566).
– Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);
(bsc#949022).
– smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).
– ctdb: Open the RO tracking db with perms 0600 instead of 0000;
(bso#11577).
– manpage: Correct small typo error; (bso#11584).
– s3: smbd: If EA’s are turned off on a share don’t allow an SMB2 create
containing them; (bso#11589).
– Backport some valgrind fixes from upstream master; (bso#11597).
– s3: smbd: have_file_open_below() fails to enumerate open files below an
open directory handle; (bso#11615).
– docs: Fix some typos in the idmap config section of man 5 smb.conf;
(bso#11619).
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– SUSE Linux Enterprise Software Development Kit 12:
zypper in -t patch SUSE-SLE-SDK-12-2016-605=1
– SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2016-605=1
– SUSE Linux Enterprise High Availability 12:
zypper in -t patch SUSE-SLE-HA-12-2016-605=1
– SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2016-605=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
ctdb-debuginfo-4.2.4-18.17.1
ctdb-devel-4.2.4-18.17.1
libdcerpc-atsvc-devel-4.2.4-18.17.1
libdcerpc-atsvc0-4.2.4-18.17.1
libdcerpc-atsvc0-debuginfo-4.2.4-18.17.1
libdcerpc-devel-4.2.4-18.17.1
libdcerpc-samr-devel-4.2.4-18.17.1
libdcerpc-samr0-4.2.4-18.17.1
libdcerpc-samr0-debuginfo-4.2.4-18.17.1
libgensec-devel-4.2.4-18.17.1
libndr-devel-4.2.4-18.17.1
libndr-krb5pac-devel-4.2.4-18.17.1
libndr-nbt-devel-4.2.4-18.17.1
libndr-standard-devel-4.2.4-18.17.1
libnetapi-devel-4.2.4-18.17.1
libregistry-devel-4.2.4-18.17.1
libsamba-credentials-devel-4.2.4-18.17.1
libsamba-hostconfig-devel-4.2.4-18.17.1
libsamba-passdb-devel-4.2.4-18.17.1
libsamba-policy-devel-4.2.4-18.17.1
libsamba-policy0-4.2.4-18.17.1
libsamba-policy0-debuginfo-4.2.4-18.17.1
libsamba-util-devel-4.2.4-18.17.1
libsamdb-devel-4.2.4-18.17.1
libsmbclient-devel-4.2.4-18.17.1
libsmbclient-raw-devel-4.2.4-18.17.1
libsmbconf-devel-4.2.4-18.17.1
libsmbldap-devel-4.2.4-18.17.1
libtevent-util-devel-4.2.4-18.17.1
libwbclient-devel-4.2.4-18.17.1
samba-core-devel-4.2.4-18.17.1
samba-debuginfo-4.2.4-18.17.1
samba-debugsource-4.2.4-18.17.1
samba-test-devel-4.2.4-18.17.1
– SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
libdcerpc-binding0-4.2.4-18.17.1
libdcerpc-binding0-debuginfo-4.2.4-18.17.1
libdcerpc0-4.2.4-18.17.1
libdcerpc0-debuginfo-4.2.4-18.17.1
libgensec0-4.2.4-18.17.1
libgensec0-debuginfo-4.2.4-18.17.1
libndr-krb5pac0-4.2.4-18.17.1
libndr-krb5pac0-debuginfo-4.2.4-18.17.1
libndr-nbt0-4.2.4-18.17.1
libndr-nbt0-debuginfo-4.2.4-18.17.1
libndr-standard0-4.2.4-18.17.1
libndr-standard0-debuginfo-4.2.4-18.17.1
libndr0-4.2.4-18.17.1
libndr0-debuginfo-4.2.4-18.17.1
libnetapi0-4.2.4-18.17.1
libnetapi0-debuginfo-4.2.4-18.17.1
libregistry0-4.2.4-18.17.1
libregistry0-debuginfo-4.2.4-18.17.1
libsamba-credentials0-4.2.4-18.17.1
libsamba-credentials0-debuginfo-4.2.4-18.17.1
libsamba-hostconfig0-4.2.4-18.17.1
libsamba-hostconfig0-debuginfo-4.2.4-18.17.1
libsamba-passdb0-4.2.4-18.17.1
libsamba-passdb0-debuginfo-4.2.4-18.17.1
libsamba-util0-4.2.4-18.17.1
libsamba-util0-debuginfo-4.2.4-18.17.1
libsamdb0-4.2.4-18.17.1
libsamdb0-debuginfo-4.2.4-18.17.1
libsmbclient-raw0-4.2.4-18.17.1
libsmbclient-raw0-debuginfo-4.2.4-18.17.1
libsmbclient0-4.2.4-18.17.1
libsmbclient0-debuginfo-4.2.4-18.17.1
libsmbconf0-4.2.4-18.17.1
libsmbconf0-debuginfo-4.2.4-18.17.1
libsmbldap0-4.2.4-18.17.1
libsmbldap0-debuginfo-4.2.4-18.17.1
libtevent-util0-4.2.4-18.17.1
libtevent-util0-debuginfo-4.2.4-18.17.1
libwbclient0-4.2.4-18.17.1
libwbclient0-debuginfo-4.2.4-18.17.1
samba-4.2.4-18.17.1
samba-client-4.2.4-18.17.1
samba-client-debuginfo-4.2.4-18.17.1
samba-debuginfo-4.2.4-18.17.1
samba-debugsource-4.2.4-18.17.1
samba-libs-4.2.4-18.17.1
samba-libs-debuginfo-4.2.4-18.17.1
samba-winbind-4.2.4-18.17.1
samba-winbind-debuginfo-4.2.4-18.17.1
– SUSE Linux Enterprise Server 12 (s390x x86_64):
libdcerpc-binding0-32bit-4.2.4-18.17.1
libdcerpc-binding0-debuginfo-32bit-4.2.4-18.17.1
libdcerpc0-32bit-4.2.4-18.17.1
libdcerpc0-debuginfo-32bit-4.2.4-18.17.1
libgensec0-32bit-4.2.4-18.17.1
libgensec0-debuginfo-32bit-4.2.4-18.17.1
libndr-krb5pac0-32bit-4.2.4-18.17.1
libndr-krb5pac0-debuginfo-32bit-4.2.4-18.17.1
libndr-nbt0-32bit-4.2.4-18.17.1
libndr-nbt0-debuginfo-32bit-4.2.4-18.17.1
libndr-standard0-32bit-4.2.4-18.17.1
libndr-standard0-debuginfo-32bit-4.2.4-18.17.1
libndr0-32bit-4.2.4-18.17.1
libndr0-debuginfo-32bit-4.2.4-18.17.1
libnetapi0-32bit-4.2.4-18.17.1
libnetapi0-debuginfo-32bit-4.2.4-18.17.1
libsamba-credentials0-32bit-4.2.4-18.17.1
libsamba-credentials0-debuginfo-32bit-4.2.4-18.17.1
libsamba-hostconfig0-32bit-4.2.4-18.17.1
libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.17.1
libsamba-passdb0-32bit-4.2.4-18.17.1
libsamba-passdb0-debuginfo-32bit-4.2.4-18.17.1
libsamba-util0-32bit-4.2.4-18.17.1
libsamba-util0-debuginfo-32bit-4.2.4-18.17.1
libsamdb0-32bit-4.2.4-18.17.1
libsamdb0-debuginfo-32bit-4.2.4-18.17.1
libsmbclient-raw0-32bit-4.2.4-18.17.1
libsmbclient-raw0-debuginfo-32bit-4.2.4-18.17.1
libsmbclient0-32bit-4.2.4-18.17.1
libsmbclient0-debuginfo-32bit-4.2.4-18.17.1
libsmbconf0-32bit-4.2.4-18.17.1
libsmbconf0-debuginfo-32bit-4.2.4-18.17.1
libsmbldap0-32bit-4.2.4-18.17.1
libsmbldap0-debuginfo-32bit-4.2.4-18.17.1
libtevent-util0-32bit-4.2.4-18.17.1
libtevent-util0-debuginfo-32bit-4.2.4-18.17.1
libwbclient0-32bit-4.2.4-18.17.1
libwbclient0-debuginfo-32bit-4.2.4-18.17.1
samba-32bit-4.2.4-18.17.1
samba-client-32bit-4.2.4-18.17.1
samba-client-debuginfo-32bit-4.2.4-18.17.1
samba-debuginfo-32bit-4.2.4-18.17.1
samba-libs-32bit-4.2.4-18.17.1
samba-libs-debuginfo-32bit-4.2.4-18.17.1
samba-winbind-32bit-4.2.4-18.17.1
samba-winbind-debuginfo-32bit-4.2.4-18.17.1
– SUSE Linux Enterprise Server 12 (noarch):
samba-doc-4.2.4-18.17.1
– SUSE Linux Enterprise High Availability 12 (s390x x86_64):
ctdb-4.2.4-18.17.1
ctdb-debuginfo-4.2.4-18.17.1
– SUSE Linux Enterprise Desktop 12 (noarch):
samba-doc-4.2.4-18.17.1
– SUSE Linux Enterprise Desktop 12 (x86_64):
libdcerpc-binding0-32bit-4.2.4-18.17.1
libdcerpc-binding0-4.2.4-18.17.1
libdcerpc-binding0-debuginfo-32bit-4.2.4-18.17.1
libdcerpc-binding0-debuginfo-4.2.4-18.17.1
libdcerpc0-32bit-4.2.4-18.17.1
libdcerpc0-4.2.4-18.17.1
libdcerpc0-debuginfo-32bit-4.2.4-18.17.1
libdcerpc0-debuginfo-4.2.4-18.17.1
libgensec0-32bit-4.2.4-18.17.1
libgensec0-4.2.4-18.17.1
libgensec0-debuginfo-32bit-4.2.4-18.17.1
libgensec0-debuginfo-4.2.4-18.17.1
libndr-krb5pac0-32bit-4.2.4-18.17.1
libndr-krb5pac0-4.2.4-18.17.1
libndr-krb5pac0-debuginfo-32bit-4.2.4-18.17.1
libndr-krb5pac0-debuginfo-4.2.4-18.17.1
libndr-nbt0-32bit-4.2.4-18.17.1
libndr-nbt0-4.2.4-18.17.1
libndr-nbt0-debuginfo-32bit-4.2.4-18.17.1
libndr-nbt0-debuginfo-4.2.4-18.17.1
libndr-standard0-32bit-4.2.4-18.17.1
libndr-standard0-4.2.4-18.17.1
libndr-standard0-debuginfo-32bit-4.2.4-18.17.1
libndr-standard0-debuginfo-4.2.4-18.17.1
libndr0-32bit-4.2.4-18.17.1
libndr0-4.2.4-18.17.1
libndr0-debuginfo-32bit-4.2.4-18.17.1
libndr0-debuginfo-4.2.4-18.17.1
libnetapi0-32bit-4.2.4-18.17.1
libnetapi0-4.2.4-18.17.1
libnetapi0-debuginfo-32bit-4.2.4-18.17.1
libnetapi0-debuginfo-4.2.4-18.17.1
libregistry0-4.2.4-18.17.1
libregistry0-debuginfo-4.2.4-18.17.1
libsamba-credentials0-32bit-4.2.4-18.17.1
libsamba-credentials0-4.2.4-18.17.1
libsamba-credentials0-debuginfo-32bit-4.2.4-18.17.1
libsamba-credentials0-debuginfo-4.2.4-18.17.1
libsamba-hostconfig0-32bit-4.2.4-18.17.1
libsamba-hostconfig0-4.2.4-18.17.1
libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.17.1
libsamba-hostconfig0-debuginfo-4.2.4-18.17.1
libsamba-passdb0-32bit-4.2.4-18.17.1
libsamba-passdb0-4.2.4-18.17.1
libsamba-passdb0-debuginfo-32bit-4.2.4-18.17.1
libsamba-passdb0-debuginfo-4.2.4-18.17.1
libsamba-util0-32bit-4.2.4-18.17.1
libsamba-util0-4.2.4-18.17.1
libsamba-util0-debuginfo-32bit-4.2.4-18.17.1
libsamba-util0-debuginfo-4.2.4-18.17.1
libsamdb0-32bit-4.2.4-18.17.1
libsamdb0-4.2.4-18.17.1
libsamdb0-debuginfo-32bit-4.2.4-18.17.1
libsamdb0-debuginfo-4.2.4-18.17.1
libsmbclient-raw0-32bit-4.2.4-18.17.1
libsmbclient-raw0-4.2.4-18.17.1
libsmbclient-raw0-debuginfo-32bit-4.2.4-18.17.1
libsmbclient-raw0-debuginfo-4.2.4-18.17.1
libsmbclient0-32bit-4.2.4-18.17.1
libsmbclient0-4.2.4-18.17.1
libsmbclient0-debuginfo-32bit-4.2.4-18.17.1
libsmbclient0-debuginfo-4.2.4-18.17.1
libsmbconf0-32bit-4.2.4-18.17.1
libsmbconf0-4.2.4-18.17.1
libsmbconf0-debuginfo-32bit-4.2.4-18.17.1
libsmbconf0-debuginfo-4.2.4-18.17.1
libsmbldap0-32bit-4.2.4-18.17.1
libsmbldap0-4.2.4-18.17.1
libsmbldap0-debuginfo-32bit-4.2.4-18.17.1
libsmbldap0-debuginfo-4.2.4-18.17.1
libtevent-util0-32bit-4.2.4-18.17.1
libtevent-util0-4.2.4-18.17.1
libtevent-util0-debuginfo-32bit-4.2.4-18.17.1
libtevent-util0-debuginfo-4.2.4-18.17.1
libwbclient0-32bit-4.2.4-18.17.1
libwbclient0-4.2.4-18.17.1
libwbclient0-debuginfo-32bit-4.2.4-18.17.1
libwbclient0-debuginfo-4.2.4-18.17.1
samba-32bit-4.2.4-18.17.1
samba-4.2.4-18.17.1
samba-client-32bit-4.2.4-18.17.1
samba-client-4.2.4-18.17.1
samba-client-debuginfo-32bit-4.2.4-18.17.1
samba-client-debuginfo-4.2.4-18.17.1
samba-debuginfo-32bit-4.2.4-18.17.1
samba-debuginfo-4.2.4-18.17.1
samba-debugsource-4.2.4-18.17.1
samba-libs-32bit-4.2.4-18.17.1
samba-libs-4.2.4-18.17.1
samba-libs-debuginfo-32bit-4.2.4-18.17.1
samba-libs-debuginfo-4.2.4-18.17.1
samba-winbind-32bit-4.2.4-18.17.1
samba-winbind-4.2.4-18.17.1
samba-winbind-debuginfo-32bit-4.2.4-18.17.1
samba-winbind-debuginfo-4.2.4-18.17.1
References:
https://www.suse.com/security/cve/CVE-2015-5370.html
https://www.suse.com/security/cve/CVE-2016-2110.html
https://www.suse.com/security/cve/CVE-2016-2111.html
https://www.suse.com/security/cve/CVE-2016-2112.html
https://www.suse.com/security/cve/CVE-2016-2113.html
https://www.suse.com/security/cve/CVE-2016-2115.html
https://www.suse.com/security/cve/CVE-2016-2118.html
https://bugzilla.suse.com/320709
https://bugzilla.suse.com/913547
https://bugzilla.suse.com/919309
https://bugzilla.suse.com/924519
https://bugzilla.suse.com/936862
https://bugzilla.suse.com/942716
https://bugzilla.suse.com/946051
https://bugzilla.suse.com/949022
https://bugzilla.suse.com/964023
https://bugzilla.suse.com/966271
https://bugzilla.suse.com/968973
https://bugzilla.suse.com/971965
https://bugzilla.suse.com/972197
https://bugzilla.suse.com/973031
https://bugzilla.suse.com/973032
https://bugzilla.suse.com/973033
https://bugzilla.suse.com/973034
https://bugzilla.suse.com/973036
https://bugzilla.suse.com/973832
https://bugzilla.suse.com/974629
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
SUSE Security Update: Security update for samba
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1023-1
Rating: important
References: #936862 #967017 #971965 #973031 #973032 #973033
#973034 #973036
Cross-References: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111
CVE-2016-2112 CVE-2016-2113 CVE-2016-2115
CVE-2016-2118
Affected Products:
SUSE OpenStack Cloud 5
SUSE Manager Proxy 2.1
SUSE Manager 2.1
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Software Development Kit 11-SP3
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________
An update that solves 7 vulnerabilities and has one errata
is now available.
Description:
samba was updated to fix seven security issues.
These security issues were fixed:
– CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM
attacks (bsc#936862).
– CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
authentication (bsc#973031).
– CVE-2016-2111: Domain controller netlogon member computer could have
been spoofed (bsc#973032).
– CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM
attack (bsc#973033).
– CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
– CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks
(bsc#973036).
– CVE-2016-2118: “Badlock” DCERPC impersonation of authenticated account
were possible (bsc#971965).
These non-security issues were fixed:
– bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint
function
– Getting and setting Windows ACLs on symlinks can change permissions on
link
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– SUSE OpenStack Cloud 5:
zypper in -t patch sleclo50sp3-samba-12507=1
– SUSE Manager Proxy 2.1:
zypper in -t patch slemap21-samba-12507=1
– SUSE Manager 2.1:
zypper in -t patch sleman21-samba-12507=1
– SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-samba-12507=1
– SUSE Linux Enterprise Software Development Kit 11-SP3:
zypper in -t patch sdksp3-samba-12507=1
– SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-samba-12507=1
– SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-samba-12507=1
– SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-samba-12507=1
– SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-samba-12507=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– SUSE OpenStack Cloud 5 (noarch):
samba-doc-3.6.3-76.2
– SUSE OpenStack Cloud 5 (x86_64):
ldapsmb-1.34b-76.1
libldb1-3.6.3-76.1
libsmbclient0-3.6.3-76.1
libsmbclient0-32bit-3.6.3-76.1
libtalloc2-3.6.3-76.1
libtalloc2-32bit-3.6.3-76.1
libtdb1-3.6.3-76.1
libtdb1-32bit-3.6.3-76.1
libtevent0-3.6.3-76.1
libtevent0-32bit-3.6.3-76.1
libwbclient0-3.6.3-76.1
libwbclient0-32bit-3.6.3-76.1
samba-3.6.3-76.1
samba-32bit-3.6.3-76.1
samba-client-3.6.3-76.1
samba-client-32bit-3.6.3-76.1
samba-krb-printing-3.6.3-76.1
samba-winbind-3.6.3-76.1
samba-winbind-32bit-3.6.3-76.1
– SUSE Manager Proxy 2.1 (noarch):
samba-doc-3.6.3-76.2
– SUSE Manager Proxy 2.1 (x86_64):
ldapsmb-1.34b-76.1
libldb1-3.6.3-76.1
libsmbclient0-3.6.3-76.1
libsmbclient0-32bit-3.6.3-76.1
libtalloc2-3.6.3-76.1
libtalloc2-32bit-3.6.3-76.1
libtdb1-3.6.3-76.1
libtdb1-32bit-3.6.3-76.1
libtevent0-3.6.3-76.1
libtevent0-32bit-3.6.3-76.1
libwbclient0-3.6.3-76.1
libwbclient0-32bit-3.6.3-76.1
samba-3.6.3-76.1
samba-32bit-3.6.3-76.1
samba-client-3.6.3-76.1
samba-client-32bit-3.6.3-76.1
samba-krb-printing-3.6.3-76.1
samba-winbind-3.6.3-76.1
samba-winbind-32bit-3.6.3-76.1
– SUSE Manager 2.1 (s390x x86_64):
ldapsmb-1.34b-76.1
libldb1-3.6.3-76.1
libsmbclient0-3.6.3-76.1
libsmbclient0-32bit-3.6.3-76.1
libtalloc2-3.6.3-76.1
libtalloc2-32bit-3.6.3-76.1
libtdb1-3.6.3-76.1
libtdb1-32bit-3.6.3-76.1
libtevent0-3.6.3-76.1
libtevent0-32bit-3.6.3-76.1
libwbclient0-3.6.3-76.1
libwbclient0-32bit-3.6.3-76.1
samba-3.6.3-76.1
samba-32bit-3.6.3-76.1
samba-client-3.6.3-76.1
samba-client-32bit-3.6.3-76.1
samba-krb-printing-3.6.3-76.1
samba-winbind-3.6.3-76.1
samba-winbind-32bit-3.6.3-76.1
– SUSE Manager 2.1 (noarch):
samba-doc-3.6.3-76.2
– SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libldb-devel-3.6.3-76.1
libnetapi-devel-3.6.3-76.1
libnetapi0-3.6.3-76.1
libsmbclient-devel-3.6.3-76.1
libsmbsharemodes-devel-3.6.3-76.1
libsmbsharemodes0-3.6.3-76.1
libtalloc-devel-3.6.3-76.1
libtdb-devel-3.6.3-76.1
libtevent-devel-3.6.3-76.1
libwbclient-devel-3.6.3-76.1
samba-devel-3.6.3-76.1
samba-test-3.6.3-76.1
– SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 s390x x86_64):
libldb-devel-3.6.3-76.1
libnetapi-devel-3.6.3-76.1
libnetapi0-3.6.3-76.1
libsmbclient-devel-3.6.3-76.1
libsmbsharemodes-devel-3.6.3-76.1
libsmbsharemodes0-3.6.3-76.1
libtalloc-devel-3.6.3-76.1
libtdb-devel-3.6.3-76.1
libtevent-devel-3.6.3-76.1
libwbclient-devel-3.6.3-76.1
samba-devel-3.6.3-76.1
samba-test-3.6.3-76.1
– SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
ldapsmb-1.34b-76.1
libldb1-3.6.3-76.1
libsmbclient0-3.6.3-76.1
libtalloc2-3.6.3-76.1
libtdb1-3.6.3-76.1
libtevent0-3.6.3-76.1
libwbclient0-3.6.3-76.1
samba-3.6.3-76.1
samba-client-3.6.3-76.1
samba-krb-printing-3.6.3-76.1
samba-winbind-3.6.3-76.1
– SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):
libsmbclient0-32bit-3.6.3-76.1
libtalloc2-32bit-3.6.3-76.1
libtdb1-32bit-3.6.3-76.1
libtevent0-32bit-3.6.3-76.1
libwbclient0-32bit-3.6.3-76.1
samba-32bit-3.6.3-76.1
samba-client-32bit-3.6.3-76.1
samba-winbind-32bit-3.6.3-76.1
– SUSE Linux Enterprise Server 11-SP4 (noarch):
samba-doc-3.6.3-76.2
– SUSE Linux Enterprise Server 11-SP4 (ia64):
libsmbclient0-x86-3.6.3-76.1
libtalloc2-x86-3.6.3-76.1
libtdb1-x86-3.6.3-76.1
libtevent0-x86-3.6.3-76.1
libwbclient0-x86-3.6.3-76.1
samba-client-x86-3.6.3-76.1
samba-winbind-x86-3.6.3-76.1
samba-x86-3.6.3-76.1
– SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
ldapsmb-1.34b-76.1
libldb1-3.6.3-76.1
libsmbclient0-3.6.3-76.1
libtalloc2-3.6.3-76.1
libtdb1-3.6.3-76.1
libtevent0-3.6.3-76.1
libwbclient0-3.6.3-76.1
samba-3.6.3-76.1
samba-client-3.6.3-76.1
samba-krb-printing-3.6.3-76.1
samba-winbind-3.6.3-76.1
– SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64):
libsmbclient0-32bit-3.6.3-76.1
libtalloc2-32bit-3.6.3-76.1
libtdb1-32bit-3.6.3-76.1
libtevent0-32bit-3.6.3-76.1
libwbclient0-32bit-3.6.3-76.1
samba-32bit-3.6.3-76.1
samba-client-32bit-3.6.3-76.1
samba-winbind-32bit-3.6.3-76.1
– SUSE Linux Enterprise Server 11-SP3-LTSS (noarch):
samba-doc-3.6.3-76.2
– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
samba-debuginfo-3.6.3-76.1
samba-debugsource-3.6.3-76.1
– SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64):
samba-debuginfo-32bit-3.6.3-76.1
– SUSE Linux Enterprise Debuginfo 11-SP4 (ia64):
samba-debuginfo-x86-3.6.3-76.1
– SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
samba-debuginfo-3.6.3-76.1
samba-debugsource-3.6.3-76.1
– SUSE Linux Enterprise Debuginfo 11-SP3 (s390x):
samba-debuginfo-32bit-3.6.3-76.1
References:
https://www.suse.com/security/cve/CVE-2015-5370.html
https://www.suse.com/security/cve/CVE-2016-2110.html
https://www.suse.com/security/cve/CVE-2016-2111.html
https://www.suse.com/security/cve/CVE-2016-2112.html
https://www.suse.com/security/cve/CVE-2016-2113.html
https://www.suse.com/security/cve/CVE-2016-2115.html
https://www.suse.com/security/cve/CVE-2016-2118.html
https://bugzilla.suse.com/936862
https://bugzilla.suse.com/967017
https://bugzilla.suse.com/971965
https://bugzilla.suse.com/973031
https://bugzilla.suse.com/973032
https://bugzilla.suse.com/973033
https://bugzilla.suse.com/973034
https://bugzilla.suse.com/973036
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
SUSE Security Update: Security update for samba
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1024-1
Rating: important
References: #924519 #936862 #968973 #971965 #972197 #973031
#973032 #973033 #973034 #973036 #973832 #974629
Cross-References: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111
CVE-2016-2112 CVE-2016-2113 CVE-2016-2115
CVE-2016-2118
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise High Availability 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves 7 vulnerabilities and has 5 fixes is
now available.
Description:
samba was updated to fix seven security issues.
These security issues were fixed:
– CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM
attacks (bsc#936862).
– CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
authentication (bsc#973031).
– CVE-2016-2111: Domain controller netlogon member computer could have
been spoofed (bsc#973032).
– CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM
attack (bsc#973033).
– CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
– CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks
(bsc#973036).
– CVE-2016-2118: “Badlock” DCERPC impersonation of authenticated account
were possible (bsc#971965).
These non-security issues were fixed:
– bsc#974629: Fix samba.tests.messaging test and prevent potential tdb
corruption by removing obsolete now invalid tdb_close call.
– bsc#973832: Obsolete libsmbsharemodes0 from samba-libs and
libsmbsharemodes-devel from samba-core-devel.
– bsc#972197: Obsolete libsmbclient from libsmbclient0 and libpdb-devel
from libsamba-passdb-devel while not providing it.
– Getting and setting Windows ACLs on symlinks can change permissions on
link
– bsc#924519: Upgrade on-disk FSRVP server state to new version.
– bsc#968973: Only obsolete but do not provide gplv2/3 package names.
– bso#6482: s3:utils/smbget: Fix recursive download.
– bso#10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a
filesystem with no ACL support.
– bso#11643: docs: Add example for domain logins to smbspool man page.
– bso#11690: s3-client: Add a KRB5 wrapper for smbspool.
– bso#11708: loadparm: Fix memory leak issue.
– bso#11714: lib/tsocket: Work around sockets not supporting FIONREAD.
– bso#11719: ctdb-scripts: Drop use of “smbcontrol winbindd ip-dropped
…”.
– bso#11727: s3:smbd:open: Skip redundant call to file_set_dosmode when
creating a new file.
– bso#11732: param: Fix str_list_v3 to accept “;” again.
– bso#11740: Real memeory leak(buildup) issue in loadparm.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-604=1
– SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-604=1
– SUSE Linux Enterprise High Availability 12-SP1:
zypper in -t patch SUSE-SLE-HA-12-SP1-2016-604=1
– SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-604=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
ctdb-debuginfo-4.2.4-16.1
ctdb-devel-4.2.4-16.1
libdcerpc-atsvc-devel-4.2.4-16.1
libdcerpc-atsvc0-4.2.4-16.1
libdcerpc-atsvc0-debuginfo-4.2.4-16.1
libdcerpc-devel-4.2.4-16.1
libdcerpc-samr-devel-4.2.4-16.1
libdcerpc-samr0-4.2.4-16.1
libdcerpc-samr0-debuginfo-4.2.4-16.1
libgensec-devel-4.2.4-16.1
libndr-devel-4.2.4-16.1
libndr-krb5pac-devel-4.2.4-16.1
libndr-nbt-devel-4.2.4-16.1
libndr-standard-devel-4.2.4-16.1
libnetapi-devel-4.2.4-16.1
libregistry-devel-4.2.4-16.1
libsamba-credentials-devel-4.2.4-16.1
libsamba-hostconfig-devel-4.2.4-16.1
libsamba-passdb-devel-4.2.4-16.1
libsamba-policy-devel-4.2.4-16.1
libsamba-policy0-4.2.4-16.1
libsamba-policy0-debuginfo-4.2.4-16.1
libsamba-util-devel-4.2.4-16.1
libsamdb-devel-4.2.4-16.1
libsmbclient-devel-4.2.4-16.1
libsmbclient-raw-devel-4.2.4-16.1
libsmbconf-devel-4.2.4-16.1
libsmbldap-devel-4.2.4-16.1
libtevent-util-devel-4.2.4-16.1
libwbclient-devel-4.2.4-16.1
samba-core-devel-4.2.4-16.1
samba-debuginfo-4.2.4-16.1
samba-debugsource-4.2.4-16.1
samba-test-devel-4.2.4-16.1
– SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
libdcerpc-binding0-4.2.4-16.1
libdcerpc-binding0-debuginfo-4.2.4-16.1
libdcerpc0-4.2.4-16.1
libdcerpc0-debuginfo-4.2.4-16.1
libgensec0-4.2.4-16.1
libgensec0-debuginfo-4.2.4-16.1
libndr-krb5pac0-4.2.4-16.1
libndr-krb5pac0-debuginfo-4.2.4-16.1
libndr-nbt0-4.2.4-16.1
libndr-nbt0-debuginfo-4.2.4-16.1
libndr-standard0-4.2.4-16.1
libndr-standard0-debuginfo-4.2.4-16.1
libndr0-4.2.4-16.1
libndr0-debuginfo-4.2.4-16.1
libnetapi0-4.2.4-16.1
libnetapi0-debuginfo-4.2.4-16.1
libregistry0-4.2.4-16.1
libregistry0-debuginfo-4.2.4-16.1
libsamba-credentials0-4.2.4-16.1
libsamba-credentials0-debuginfo-4.2.4-16.1
libsamba-hostconfig0-4.2.4-16.1
libsamba-hostconfig0-debuginfo-4.2.4-16.1
libsamba-passdb0-4.2.4-16.1
libsamba-passdb0-debuginfo-4.2.4-16.1
libsamba-util0-4.2.4-16.1
libsamba-util0-debuginfo-4.2.4-16.1
libsamdb0-4.2.4-16.1
libsamdb0-debuginfo-4.2.4-16.1
libsmbclient-raw0-4.2.4-16.1
libsmbclient-raw0-debuginfo-4.2.4-16.1
libsmbclient0-4.2.4-16.1
libsmbclient0-debuginfo-4.2.4-16.1
libsmbconf0-4.2.4-16.1
libsmbconf0-debuginfo-4.2.4-16.1
libsmbldap0-4.2.4-16.1
libsmbldap0-debuginfo-4.2.4-16.1
libtevent-util0-4.2.4-16.1
libtevent-util0-debuginfo-4.2.4-16.1
libwbclient0-4.2.4-16.1
libwbclient0-debuginfo-4.2.4-16.1
samba-4.2.4-16.1
samba-client-4.2.4-16.1
samba-client-debuginfo-4.2.4-16.1
samba-debuginfo-4.2.4-16.1
samba-debugsource-4.2.4-16.1
samba-libs-4.2.4-16.1
samba-libs-debuginfo-4.2.4-16.1
samba-winbind-4.2.4-16.1
samba-winbind-debuginfo-4.2.4-16.1
– SUSE Linux Enterprise Server 12-SP1 (s390x x86_64):
libdcerpc-binding0-32bit-4.2.4-16.1
libdcerpc-binding0-debuginfo-32bit-4.2.4-16.1
libdcerpc0-32bit-4.2.4-16.1
libdcerpc0-debuginfo-32bit-4.2.4-16.1
libgensec0-32bit-4.2.4-16.1
libgensec0-debuginfo-32bit-4.2.4-16.1
libndr-krb5pac0-32bit-4.2.4-16.1
libndr-krb5pac0-debuginfo-32bit-4.2.4-16.1
libndr-nbt0-32bit-4.2.4-16.1
libndr-nbt0-debuginfo-32bit-4.2.4-16.1
libndr-standard0-32bit-4.2.4-16.1
libndr-standard0-debuginfo-32bit-4.2.4-16.1
libndr0-32bit-4.2.4-16.1
libndr0-debuginfo-32bit-4.2.4-16.1
libnetapi0-32bit-4.2.4-16.1
libnetapi0-debuginfo-32bit-4.2.4-16.1
libsamba-credentials0-32bit-4.2.4-16.1
libsamba-credentials0-debuginfo-32bit-4.2.4-16.1
libsamba-hostconfig0-32bit-4.2.4-16.1
libsamba-hostconfig0-debuginfo-32bit-4.2.4-16.1
libsamba-passdb0-32bit-4.2.4-16.1
libsamba-passdb0-debuginfo-32bit-4.2.4-16.1
libsamba-util0-32bit-4.2.4-16.1
libsamba-util0-debuginfo-32bit-4.2.4-16.1
libsamdb0-32bit-4.2.4-16.1
libsamdb0-debuginfo-32bit-4.2.4-16.1
libsmbclient-raw0-32bit-4.2.4-16.1
libsmbclient-raw0-debuginfo-32bit-4.2.4-16.1
libsmbclient0-32bit-4.2.4-16.1
libsmbclient0-debuginfo-32bit-4.2.4-16.1
libsmbconf0-32bit-4.2.4-16.1
libsmbconf0-debuginfo-32bit-4.2.4-16.1
libsmbldap0-32bit-4.2.4-16.1
libsmbldap0-debuginfo-32bit-4.2.4-16.1
libtevent-util0-32bit-4.2.4-16.1
libtevent-util0-debuginfo-32bit-4.2.4-16.1
libwbclient0-32bit-4.2.4-16.1
libwbclient0-debuginfo-32bit-4.2.4-16.1
samba-32bit-4.2.4-16.1
samba-client-32bit-4.2.4-16.1
samba-client-debuginfo-32bit-4.2.4-16.1
samba-debuginfo-32bit-4.2.4-16.1
samba-libs-32bit-4.2.4-16.1
samba-libs-debuginfo-32bit-4.2.4-16.1
samba-winbind-32bit-4.2.4-16.1
samba-winbind-debuginfo-32bit-4.2.4-16.1
– SUSE Linux Enterprise Server 12-SP1 (noarch):
samba-doc-4.2.4-16.1
– SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64):
ctdb-4.2.4-16.1
ctdb-debuginfo-4.2.4-16.1
– SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
libdcerpc-binding0-32bit-4.2.4-16.1
libdcerpc-binding0-4.2.4-16.1
libdcerpc-binding0-debuginfo-32bit-4.2.4-16.1
libdcerpc-binding0-debuginfo-4.2.4-16.1
libdcerpc0-32bit-4.2.4-16.1
libdcerpc0-4.2.4-16.1
libdcerpc0-debuginfo-32bit-4.2.4-16.1
libdcerpc0-debuginfo-4.2.4-16.1
libgensec0-32bit-4.2.4-16.1
libgensec0-4.2.4-16.1
libgensec0-debuginfo-32bit-4.2.4-16.1
libgensec0-debuginfo-4.2.4-16.1
libndr-krb5pac0-32bit-4.2.4-16.1
libndr-krb5pac0-4.2.4-16.1
libndr-krb5pac0-debuginfo-32bit-4.2.4-16.1
libndr-krb5pac0-debuginfo-4.2.4-16.1
libndr-nbt0-32bit-4.2.4-16.1
libndr-nbt0-4.2.4-16.1
libndr-nbt0-debuginfo-32bit-4.2.4-16.1
libndr-nbt0-debuginfo-4.2.4-16.1
libndr-standard0-32bit-4.2.4-16.1
libndr-standard0-4.2.4-16.1
libndr-standard0-debuginfo-32bit-4.2.4-16.1
libndr-standard0-debuginfo-4.2.4-16.1
libndr0-32bit-4.2.4-16.1
libndr0-4.2.4-16.1
libndr0-debuginfo-32bit-4.2.4-16.1
libndr0-debuginfo-4.2.4-16.1
libnetapi0-32bit-4.2.4-16.1
libnetapi0-4.2.4-16.1
libnetapi0-debuginfo-32bit-4.2.4-16.1
libnetapi0-debuginfo-4.2.4-16.1
libregistry0-4.2.4-16.1
libregistry0-debuginfo-4.2.4-16.1
libsamba-credentials0-32bit-4.2.4-16.1
libsamba-credentials0-4.2.4-16.1
libsamba-credentials0-debuginfo-32bit-4.2.4-16.1
libsamba-credentials0-debuginfo-4.2.4-16.1
libsamba-hostconfig0-32bit-4.2.4-16.1
libsamba-hostconfig0-4.2.4-16.1
libsamba-hostconfig0-debuginfo-32bit-4.2.4-16.1
libsamba-hostconfig0-debuginfo-4.2.4-16.1
libsamba-passdb0-32bit-4.2.4-16.1
libsamba-passdb0-4.2.4-16.1
libsamba-passdb0-debuginfo-32bit-4.2.4-16.1
libsamba-passdb0-debuginfo-4.2.4-16.1
libsamba-util0-32bit-4.2.4-16.1
libsamba-util0-4.2.4-16.1
libsamba-util0-debuginfo-32bit-4.2.4-16.1
libsamba-util0-debuginfo-4.2.4-16.1
libsamdb0-32bit-4.2.4-16.1
libsamdb0-4.2.4-16.1
libsamdb0-debuginfo-32bit-4.2.4-16.1
libsamdb0-debuginfo-4.2.4-16.1
libsmbclient-raw0-32bit-4.2.4-16.1
libsmbclient-raw0-4.2.4-16.1
libsmbclient-raw0-debuginfo-32bit-4.2.4-16.1
libsmbclient-raw0-debuginfo-4.2.4-16.1
libsmbclient0-32bit-4.2.4-16.1
libsmbclient0-4.2.4-16.1
libsmbclient0-debuginfo-32bit-4.2.4-16.1
libsmbclient0-debuginfo-4.2.4-16.1
libsmbconf0-32bit-4.2.4-16.1
libsmbconf0-4.2.4-16.1
libsmbconf0-debuginfo-32bit-4.2.4-16.1
libsmbconf0-debuginfo-4.2.4-16.1
libsmbldap0-32bit-4.2.4-16.1
libsmbldap0-4.2.4-16.1
libsmbldap0-debuginfo-32bit-4.2.4-16.1
libsmbldap0-debuginfo-4.2.4-16.1
libtevent-util0-32bit-4.2.4-16.1
libtevent-util0-4.2.4-16.1
libtevent-util0-debuginfo-32bit-4.2.4-16.1
libtevent-util0-debuginfo-4.2.4-16.1
libwbclient0-32bit-4.2.4-16.1
libwbclient0-4.2.4-16.1
libwbclient0-debuginfo-32bit-4.2.4-16.1
libwbclient0-debuginfo-4.2.4-16.1
samba-32bit-4.2.4-16.1
samba-4.2.4-16.1
samba-client-32bit-4.2.4-16.1
samba-client-4.2.4-16.1
samba-client-debuginfo-32bit-4.2.4-16.1
samba-client-debuginfo-4.2.4-16.1
samba-debuginfo-32bit-4.2.4-16.1
samba-debuginfo-4.2.4-16.1
samba-debugsource-4.2.4-16.1
samba-libs-32bit-4.2.4-16.1
samba-libs-4.2.4-16.1
samba-libs-debuginfo-32bit-4.2.4-16.1
samba-libs-debuginfo-4.2.4-16.1
samba-winbind-32bit-4.2.4-16.1
samba-winbind-4.2.4-16.1
samba-winbind-debuginfo-32bit-4.2.4-16.1
samba-winbind-debuginfo-4.2.4-16.1
– SUSE Linux Enterprise Desktop 12-SP1 (noarch):
samba-doc-4.2.4-16.1
References:
https://www.suse.com/security/cve/CVE-2015-5370.html
https://www.suse.com/security/cve/CVE-2016-2110.html
https://www.suse.com/security/cve/CVE-2016-2111.html
https://www.suse.com/security/cve/CVE-2016-2112.html
https://www.suse.com/security/cve/CVE-2016-2113.html
https://www.suse.com/security/cve/CVE-2016-2115.html
https://www.suse.com/security/cve/CVE-2016-2118.html
https://bugzilla.suse.com/924519
https://bugzilla.suse.com/936862
https://bugzilla.suse.com/968973
https://bugzilla.suse.com/971965
https://bugzilla.suse.com/972197
https://bugzilla.suse.com/973031
https://bugzilla.suse.com/973032
https://bugzilla.suse.com/973033
https://bugzilla.suse.com/973034
https://bugzilla.suse.com/973036
https://bugzilla.suse.com/973832
https://bugzilla.suse.com/974629
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
openSUSE Security Update: Security update for samba
______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:1025-1
Rating: important
References: #924519 #936862 #968973 #971965 #972197 #973031
#973032 #973033 #973034 #973036 #973832 #974629
Cross-References: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111
CVE-2016-2112 CVE-2016-2113 CVE-2016-2115
CVE-2016-2118
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________
An update that solves 7 vulnerabilities and has 5 fixes is
now available.
Description:
samba was updated to fix seven security issues.
These security issues were fixed:
– CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM
attacks (bsc#936862).
– CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
authentication (bsc#973031).
– CVE-2016-2111: Domain controller netlogon member computer could have
been spoofed (bsc#973032).
– CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM
attack (bsc#973033).
– CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
– CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks
(bsc#973036).
– CVE-2016-2118: “Badlock” DCERPC impersonation of authenticated account
were possible (bsc#971965).
These non-security issues were fixed:
– bsc#974629: Fix samba.tests.messaging test and prevent potential tdb
corruption by removing obsolete now invalid tdb_close call.
– bsc#973832: Obsolete libsmbsharemodes0 from samba-libs and
libsmbsharemodes-devel from samba-core-devel.
– bsc#972197: Obsolete libsmbclient from libsmbclient0 and libpdb-devel
from libsamba-passdb-devel while not providing it.
– Getting and setting Windows ACLs on symlinks can change permissions on
link
– bsc#924519: Upgrade on-disk FSRVP server state to new version.
– bsc#968973: Only obsolete but do not provide gplv2/3 package names.
– bso#6482: s3:utils/smbget: Fix recursive download.
– bso#10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a
filesystem with no ACL support.
– bso#11643: docs: Add example for domain logins to smbspool man page.
– bso#11690: s3-client: Add a KRB5 wrapper for smbspool.
– bso#11708: loadparm: Fix memory leak issue.
– bso#11714: lib/tsocket: Work around sockets not supporting FIONREAD.
– bso#11719: ctdb-scripts: Drop use of “smbcontrol winbindd ip-dropped
…”.
– bso#11727: s3:smbd:open: Skip redundant call to file_set_dosmode when
creating a new file.
– bso#11732: param: Fix str_list_v3 to accept “;” again.
– bso#11740: Real memeory leak(buildup) issue in loadparm.
This update was imported from the SUSE:SLE-12-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-453=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– openSUSE Leap 42.1 (i586 x86_64):
ctdb-4.2.4-15.1
ctdb-debuginfo-4.2.4-15.1
ctdb-devel-4.2.4-15.1
ctdb-tests-4.2.4-15.1
ctdb-tests-debuginfo-4.2.4-15.1
libdcerpc-atsvc-devel-4.2.4-15.1
libdcerpc-atsvc0-4.2.4-15.1
libdcerpc-atsvc0-debuginfo-4.2.4-15.1
libdcerpc-binding0-4.2.4-15.1
libdcerpc-binding0-debuginfo-4.2.4-15.1
libdcerpc-devel-4.2.4-15.1
libdcerpc-samr-devel-4.2.4-15.1
libdcerpc-samr0-4.2.4-15.1
libdcerpc-samr0-debuginfo-4.2.4-15.1
libdcerpc0-4.2.4-15.1
libdcerpc0-debuginfo-4.2.4-15.1
libgensec-devel-4.2.4-15.1
libgensec0-4.2.4-15.1
libgensec0-debuginfo-4.2.4-15.1
libndr-devel-4.2.4-15.1
libndr-krb5pac-devel-4.2.4-15.1
libndr-krb5pac0-4.2.4-15.1
libndr-krb5pac0-debuginfo-4.2.4-15.1
libndr-nbt-devel-4.2.4-15.1
libndr-nbt0-4.2.4-15.1
libndr-nbt0-debuginfo-4.2.4-15.1
libndr-standard-devel-4.2.4-15.1
libndr-standard0-4.2.4-15.1
libndr-standard0-debuginfo-4.2.4-15.1
libndr0-4.2.4-15.1
libndr0-debuginfo-4.2.4-15.1
libnetapi-devel-4.2.4-15.1
libnetapi0-4.2.4-15.1
libnetapi0-debuginfo-4.2.4-15.1
libregistry-devel-4.2.4-15.1
libregistry0-4.2.4-15.1
libregistry0-debuginfo-4.2.4-15.1
libsamba-credentials-devel-4.2.4-15.1
libsamba-credentials0-4.2.4-15.1
libsamba-credentials0-debuginfo-4.2.4-15.1
libsamba-hostconfig-devel-4.2.4-15.1
libsamba-hostconfig0-4.2.4-15.1
libsamba-hostconfig0-debuginfo-4.2.4-15.1
libsamba-passdb-devel-4.2.4-15.1
libsamba-passdb0-4.2.4-15.1
libsamba-passdb0-debuginfo-4.2.4-15.1
libsamba-policy-devel-4.2.4-15.1
libsamba-policy0-4.2.4-15.1
libsamba-policy0-debuginfo-4.2.4-15.1
libsamba-util-devel-4.2.4-15.1
libsamba-util0-4.2.4-15.1
libsamba-util0-debuginfo-4.2.4-15.1
libsamdb-devel-4.2.4-15.1
libsamdb0-4.2.4-15.1
libsamdb0-debuginfo-4.2.4-15.1
libsmbclient-devel-4.2.4-15.1
libsmbclient-raw-devel-4.2.4-15.1
libsmbclient-raw0-4.2.4-15.1
libsmbclient-raw0-debuginfo-4.2.4-15.1
libsmbclient0-4.2.4-15.1
libsmbclient0-debuginfo-4.2.4-15.1
libsmbconf-devel-4.2.4-15.1
libsmbconf0-4.2.4-15.1
libsmbconf0-debuginfo-4.2.4-15.1
libsmbldap-devel-4.2.4-15.1
libsmbldap0-4.2.4-15.1
libsmbldap0-debuginfo-4.2.4-15.1
libtevent-util-devel-4.2.4-15.1
libtevent-util0-4.2.4-15.1
libtevent-util0-debuginfo-4.2.4-15.1
libwbclient-devel-4.2.4-15.1
libwbclient0-4.2.4-15.1
libwbclient0-debuginfo-4.2.4-15.1
samba-4.2.4-15.1
samba-client-4.2.4-15.1
samba-client-debuginfo-4.2.4-15.1
samba-core-devel-4.2.4-15.1
samba-debuginfo-4.2.4-15.1
samba-debugsource-4.2.4-15.1
samba-libs-4.2.4-15.1
samba-libs-debuginfo-4.2.4-15.1
samba-pidl-4.2.4-15.1
samba-python-4.2.4-15.1
samba-python-debuginfo-4.2.4-15.1
samba-test-4.2.4-15.1
samba-test-debuginfo-4.2.4-15.1
samba-test-devel-4.2.4-15.1
samba-winbind-4.2.4-15.1
samba-winbind-debuginfo-4.2.4-15.1
– openSUSE Leap 42.1 (noarch):
samba-doc-4.2.4-15.1
– openSUSE Leap 42.1 (x86_64):
libdcerpc-atsvc0-32bit-4.2.4-15.1
libdcerpc-atsvc0-debuginfo-32bit-4.2.4-15.1
libdcerpc-binding0-32bit-4.2.4-15.1
libdcerpc-binding0-debuginfo-32bit-4.2.4-15.1
libdcerpc-samr0-32bit-4.2.4-15.1
libdcerpc-samr0-debuginfo-32bit-4.2.4-15.1
libdcerpc0-32bit-4.2.4-15.1
libdcerpc0-debuginfo-32bit-4.2.4-15.1
libgensec0-32bit-4.2.4-15.1
libgensec0-debuginfo-32bit-4.2.4-15.1
libndr-krb5pac0-32bit-4.2.4-15.1
libndr-krb5pac0-debuginfo-32bit-4.2.4-15.1
libndr-nbt0-32bit-4.2.4-15.1
libndr-nbt0-debuginfo-32bit-4.2.4-15.1
libndr-standard0-32bit-4.2.4-15.1
libndr-standard0-debuginfo-32bit-4.2.4-15.1
libndr0-32bit-4.2.4-15.1
libndr0-debuginfo-32bit-4.2.4-15.1
libnetapi0-32bit-4.2.4-15.1
libnetapi0-debuginfo-32bit-4.2.4-15.1
libregistry0-32bit-4.2.4-15.1
libregistry0-debuginfo-32bit-4.2.4-15.1
libsamba-credentials0-32bit-4.2.4-15.1
libsamba-credentials0-debuginfo-32bit-4.2.4-15.1
libsamba-hostconfig0-32bit-4.2.4-15.1
libsamba-hostconfig0-debuginfo-32bit-4.2.4-15.1
libsamba-passdb0-32bit-4.2.4-15.1
libsamba-passdb0-debuginfo-32bit-4.2.4-15.1
libsamba-policy0-32bit-4.2.4-15.1
libsamba-policy0-debuginfo-32bit-4.2.4-15.1
libsamba-util0-32bit-4.2.4-15.1
libsamba-util0-debuginfo-32bit-4.2.4-15.1
libsamdb0-32bit-4.2.4-15.1
libsamdb0-debuginfo-32bit-4.2.4-15.1
libsmbclient-raw0-32bit-4.2.4-15.1
libsmbclient-raw0-debuginfo-32bit-4.2.4-15.1
libsmbclient0-32bit-4.2.4-15.1
libsmbclient0-debuginfo-32bit-4.2.4-15.1
libsmbconf0-32bit-4.2.4-15.1
libsmbconf0-debuginfo-32bit-4.2.4-15.1
libsmbldap0-32bit-4.2.4-15.1
libsmbldap0-debuginfo-32bit-4.2.4-15.1
libtevent-util0-32bit-4.2.4-15.1
libtevent-util0-debuginfo-32bit-4.2.4-15.1
libwbclient0-32bit-4.2.4-15.1
libwbclient0-debuginfo-32bit-4.2.4-15.1
samba-32bit-4.2.4-15.1
samba-client-32bit-4.2.4-15.1
samba-client-debuginfo-32bit-4.2.4-15.1
samba-debuginfo-32bit-4.2.4-15.1
samba-libs-32bit-4.2.4-15.1
samba-libs-debuginfo-32bit-4.2.4-15.1
samba-winbind-32bit-4.2.4-15.1
samba-winbind-debuginfo-32bit-4.2.4-15.1
References:
https://www.suse.com/security/cve/CVE-2015-5370.html
https://www.suse.com/security/cve/CVE-2016-2110.html
https://www.suse.com/security/cve/CVE-2016-2111.html
https://www.suse.com/security/cve/CVE-2016-2112.html
https://www.suse.com/security/cve/CVE-2016-2113.html
https://www.suse.com/security/cve/CVE-2016-2115.html
https://www.suse.com/security/cve/CVE-2016-2118.html
https://bugzilla.suse.com/924519
https://bugzilla.suse.com/936862
https://bugzilla.suse.com/968973
https://bugzilla.suse.com/971965
https://bugzilla.suse.com/972197
https://bugzilla.suse.com/973031
https://bugzilla.suse.com/973032
https://bugzilla.suse.com/973033
https://bugzilla.suse.com/973034
https://bugzilla.suse.com/973036
https://bugzilla.suse.com/973832
https://bugzilla.suse.com/974629
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
SUSE Security Update: Security update for samba
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1028-1
Rating: important
References: #936862 #967017 #971965 #973031 #973032 #973033
#973034 #973036
Cross-References: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111
CVE-2016-2112 CVE-2016-2113 CVE-2016-2115
CVE-2016-2118
Affected Products:
SUSE Linux Enterprise Server 11-SP2-LTSS
SUSE Linux Enterprise Debuginfo 11-SP2
______________________________________________________________________________
An update that solves 7 vulnerabilities and has one errata
is now available.
Description:
samba was updated to fix seven security issues.
These security issues were fixed:
– CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM
attacks (bsc#936862).
– CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
authentication (bsc#973031).
– CVE-2016-2111: Domain controller netlogon member computer could have
been spoofed (bsc#973032).
– CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM
attack (bsc#973033).
– CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
– CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks
(bsc#973036).
– CVE-2016-2118: “Badlock” DCERPC impersonation of authenticated account
were possible (bsc#971965).
These non-security issues were fixed:
– bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint
function
– Getting and setting Windows ACLs on symlinks can change permissions on
link
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– SUSE Linux Enterprise Server 11-SP2-LTSS:
zypper in -t patch slessp2-samba-12508=1
– SUSE Linux Enterprise Debuginfo 11-SP2:
zypper in -t patch dbgsp2-samba-12508=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64):
ldapsmb-1.34b-52.1
libldb1-3.6.3-52.1
libsmbclient0-3.6.3-52.1
libtalloc2-3.6.3-52.1
libtdb1-3.6.3-52.1
libtevent0-3.6.3-52.1
libwbclient0-3.6.3-52.1
samba-3.6.3-52.1
samba-client-3.6.3-52.1
samba-krb-printing-3.6.3-52.1
samba-winbind-3.6.3-52.1
– SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64):
libsmbclient0-32bit-3.6.3-52.1
libtalloc2-32bit-3.6.3-52.1
libtdb1-32bit-3.6.3-52.1
libtevent0-32bit-3.6.3-52.1
libwbclient0-32bit-3.6.3-52.1
samba-32bit-3.6.3-52.1
samba-client-32bit-3.6.3-52.1
samba-winbind-32bit-3.6.3-52.1
– SUSE Linux Enterprise Server 11-SP2-LTSS (noarch):
samba-doc-3.6.3-52.1
– SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64):
samba-debuginfo-3.6.3-52.1
samba-debugsource-3.6.3-52.1
– SUSE Linux Enterprise Debuginfo 11-SP2 (s390x x86_64):
samba-debuginfo-32bit-3.6.3-52.1
References:
https://www.suse.com/security/cve/CVE-2015-5370.html
https://www.suse.com/security/cve/CVE-2016-2110.html
https://www.suse.com/security/cve/CVE-2016-2111.html
https://www.suse.com/security/cve/CVE-2016-2112.html
https://www.suse.com/security/cve/CVE-2016-2113.html
https://www.suse.com/security/cve/CVE-2016-2115.html
https://www.suse.com/security/cve/CVE-2016-2118.html
https://bugzilla.suse.com/936862
https://bugzilla.suse.com/967017
https://bugzilla.suse.com/971965
https://bugzilla.suse.com/973031
https://bugzilla.suse.com/973032
https://bugzilla.suse.com/973033
https://bugzilla.suse.com/973034
https://bugzilla.suse.com/973036
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
| Autor | Marko Stanec |
| Cert id | NCERT-REF-2016-04-0008-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
