You are here
Home > Preporuke > Ranjivosti programskog paketa samba – Badlock Bug

Ranjivosti programskog paketa samba – Badlock Bug

SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID: SUSE-SU-2016:1022-1
Rating: important
References: #320709 #913547 #919309 #924519 #936862 #942716
#946051 #949022 #964023 #966271 #968973 #971965
#972197 #973031 #973032 #973033 #973034 #973036
#973832 #974629
Cross-References: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111
CVE-2016-2112 CVE-2016-2113 CVE-2016-2115
CVE-2016-2118
Affected Products:
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise High Availability 12
SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

An update that solves 7 vulnerabilities and has 13 fixes is
now available.

Description:

Samba was updated to the 4.2.x codestream, bringing some new features and
security fixes (bsc#973832, FATE#320709).

These security issues were fixed:
– CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM
attacks (bsc#936862).
– CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
authentication (bsc#973031).
– CVE-2016-2111: Domain controller netlogon member computer could have
been spoofed (bsc#973032).
– CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM
attack (bsc#973033).
– CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
– CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks
(bsc#973036).
– CVE-2016-2118: “Badlock” DCERPC impersonation of authenticated account
were possible (bsc#971965).

Also the following fixes were done:
– Upgrade on-disk FSRVP server state to new version; (bsc#924519).
– Fix samba.tests.messaging test and prevent potential tdb corruption by
removing obsolete now invalid tdb_close call; (bsc#974629).
– Align fsrvp feature sources with upstream version.
– Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel
from samba-core-devel; (bsc#973832).
– s3:utils/smbget: Fix recursive download; (bso#6482).
– s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem
with no ACL support; (bso#10489).
– docs: Add example for domain logins to smbspool man page; (bso#11643).
– s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).
– loadparm: Fix memory leak issue; (bso#11708).
– lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
– ctdb-scripts: Drop use of “smbcontrol winbindd ip-dropped …”;
(bso#11719).
– s3:smbd:open: Skip redundant call to file_set_dosmode when creating a
new file; (bso#11727).
– param: Fix str_list_v3 to accept “;” again; (bso#11732).
– Real memeory leak(buildup) issue in loadparm; (bso#11740).
– Obsolete libsmbclient from libsmbclient0 and libpdb-devel from
libsamba-passdb-devel while not providing it; (bsc#972197).
– Getting and setting Windows ACLs on symlinks can change permissions on
link
– Only obsolete but do not provide gplv2/3 package names; (bsc#968973).
– Enable clustering (CTDB) support; (bsc#966271).
– s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);
(bsc#964023).
– vfs_fruit: Fix renaming directories with open files; (bso#11065).
– Fix MacOS finder error 36 when copying folder to Samba; (bso#11347).
– s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;
(bso#11400).
– Fix copying files with vfs_fruit when using vfs_streams_xattr without
stream prefix and type suffix; (bso#11466).
– s3:libsmb: Correctly initialize the list head when keeping a list of
primary followed by DFS connections; (bso#11624).
– Reduce the memory footprint of empty string options; (bso#11625).
– lib/async_req: Do not install async_connect_send_test; (bso#11639).
– docs: Fix typos in man vfs_gpfs; (bso#11641).
– smbd: make “hide dot files” option work with “store dos attributes =
yes”; (bso#11645).
– smbcacls: Fix uninitialized variable; (bso#11682).
– s3:smbd: Ignore initial allocation size for directory creation;
(bso#11684).
– Changing log level of two entries to from 1 to 3; (bso#9912).
– vfs_gpfs: Re-enable share modes; (bso#11243).
– wafsamba: Also build libraries with RELRO protection; (bso#11346).
– ctdb: Strip trailing spaces from nodes file; (bso#11365).
– s3-smbd: Fix old DOS client doing wildcard delete – gives a attribute
type of zero; (bso#11452).
– nss_wins: Do not run into use after free issues when we access memory
allocated on the globals and the global being reinitialized; (bso#11563).
– async_req: Fix non-blocking connect(); (bso#11564).
– auth: gensec: Fix a memory leak; (bso#11565).
– lib: util: Make non-critical message a warning; (bso#11566).
– Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);
(bsc#949022).
– smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).
– ctdb: Open the RO tracking db with perms 0600 instead of 0000;
(bso#11577).
– manpage: Correct small typo error; (bso#11584).
– s3: smbd: If EA’s are turned off on a share don’t allow an SMB2 create
containing them; (bso#11589).
– Backport some valgrind fixes from upstream master; (bso#11597).
– s3: smbd: have_file_open_below() fails to enumerate open files below an
open directory handle; (bso#11615).
– docs: Fix some typos in the idmap config section of man 5 smb.conf;
(bso#11619).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Software Development Kit 12:

zypper in -t patch SUSE-SLE-SDK-12-2016-605=1

– SUSE Linux Enterprise Server 12:

zypper in -t patch SUSE-SLE-SERVER-12-2016-605=1

– SUSE Linux Enterprise High Availability 12:

zypper in -t patch SUSE-SLE-HA-12-2016-605=1

– SUSE Linux Enterprise Desktop 12:

zypper in -t patch SUSE-SLE-DESKTOP-12-2016-605=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

ctdb-debuginfo-4.2.4-18.17.1
ctdb-devel-4.2.4-18.17.1
libdcerpc-atsvc-devel-4.2.4-18.17.1
libdcerpc-atsvc0-4.2.4-18.17.1
libdcerpc-atsvc0-debuginfo-4.2.4-18.17.1
libdcerpc-devel-4.2.4-18.17.1
libdcerpc-samr-devel-4.2.4-18.17.1
libdcerpc-samr0-4.2.4-18.17.1
libdcerpc-samr0-debuginfo-4.2.4-18.17.1
libgensec-devel-4.2.4-18.17.1
libndr-devel-4.2.4-18.17.1
libndr-krb5pac-devel-4.2.4-18.17.1
libndr-nbt-devel-4.2.4-18.17.1
libndr-standard-devel-4.2.4-18.17.1
libnetapi-devel-4.2.4-18.17.1
libregistry-devel-4.2.4-18.17.1
libsamba-credentials-devel-4.2.4-18.17.1
libsamba-hostconfig-devel-4.2.4-18.17.1
libsamba-passdb-devel-4.2.4-18.17.1
libsamba-policy-devel-4.2.4-18.17.1
libsamba-policy0-4.2.4-18.17.1
libsamba-policy0-debuginfo-4.2.4-18.17.1
libsamba-util-devel-4.2.4-18.17.1
libsamdb-devel-4.2.4-18.17.1
libsmbclient-devel-4.2.4-18.17.1
libsmbclient-raw-devel-4.2.4-18.17.1
libsmbconf-devel-4.2.4-18.17.1
libsmbldap-devel-4.2.4-18.17.1
libtevent-util-devel-4.2.4-18.17.1
libwbclient-devel-4.2.4-18.17.1
samba-core-devel-4.2.4-18.17.1
samba-debuginfo-4.2.4-18.17.1
samba-debugsource-4.2.4-18.17.1
samba-test-devel-4.2.4-18.17.1

– SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

libdcerpc-binding0-4.2.4-18.17.1
libdcerpc-binding0-debuginfo-4.2.4-18.17.1
libdcerpc0-4.2.4-18.17.1
libdcerpc0-debuginfo-4.2.4-18.17.1
libgensec0-4.2.4-18.17.1
libgensec0-debuginfo-4.2.4-18.17.1
libndr-krb5pac0-4.2.4-18.17.1
libndr-krb5pac0-debuginfo-4.2.4-18.17.1
libndr-nbt0-4.2.4-18.17.1
libndr-nbt0-debuginfo-4.2.4-18.17.1
libndr-standard0-4.2.4-18.17.1
libndr-standard0-debuginfo-4.2.4-18.17.1
libndr0-4.2.4-18.17.1
libndr0-debuginfo-4.2.4-18.17.1
libnetapi0-4.2.4-18.17.1
libnetapi0-debuginfo-4.2.4-18.17.1
libregistry0-4.2.4-18.17.1
libregistry0-debuginfo-4.2.4-18.17.1
libsamba-credentials0-4.2.4-18.17.1
libsamba-credentials0-debuginfo-4.2.4-18.17.1
libsamba-hostconfig0-4.2.4-18.17.1
libsamba-hostconfig0-debuginfo-4.2.4-18.17.1
libsamba-passdb0-4.2.4-18.17.1
libsamba-passdb0-debuginfo-4.2.4-18.17.1
libsamba-util0-4.2.4-18.17.1
libsamba-util0-debuginfo-4.2.4-18.17.1
libsamdb0-4.2.4-18.17.1
libsamdb0-debuginfo-4.2.4-18.17.1
libsmbclient-raw0-4.2.4-18.17.1
libsmbclient-raw0-debuginfo-4.2.4-18.17.1
libsmbclient0-4.2.4-18.17.1
libsmbclient0-debuginfo-4.2.4-18.17.1
libsmbconf0-4.2.4-18.17.1
libsmbconf0-debuginfo-4.2.4-18.17.1
libsmbldap0-4.2.4-18.17.1
libsmbldap0-debuginfo-4.2.4-18.17.1
libtevent-util0-4.2.4-18.17.1
libtevent-util0-debuginfo-4.2.4-18.17.1
libwbclient0-4.2.4-18.17.1
libwbclient0-debuginfo-4.2.4-18.17.1
samba-4.2.4-18.17.1
samba-client-4.2.4-18.17.1
samba-client-debuginfo-4.2.4-18.17.1
samba-debuginfo-4.2.4-18.17.1
samba-debugsource-4.2.4-18.17.1
samba-libs-4.2.4-18.17.1
samba-libs-debuginfo-4.2.4-18.17.1
samba-winbind-4.2.4-18.17.1
samba-winbind-debuginfo-4.2.4-18.17.1

– SUSE Linux Enterprise Server 12 (s390x x86_64):

libdcerpc-binding0-32bit-4.2.4-18.17.1
libdcerpc-binding0-debuginfo-32bit-4.2.4-18.17.1
libdcerpc0-32bit-4.2.4-18.17.1
libdcerpc0-debuginfo-32bit-4.2.4-18.17.1
libgensec0-32bit-4.2.4-18.17.1
libgensec0-debuginfo-32bit-4.2.4-18.17.1
libndr-krb5pac0-32bit-4.2.4-18.17.1
libndr-krb5pac0-debuginfo-32bit-4.2.4-18.17.1
libndr-nbt0-32bit-4.2.4-18.17.1
libndr-nbt0-debuginfo-32bit-4.2.4-18.17.1
libndr-standard0-32bit-4.2.4-18.17.1
libndr-standard0-debuginfo-32bit-4.2.4-18.17.1
libndr0-32bit-4.2.4-18.17.1
libndr0-debuginfo-32bit-4.2.4-18.17.1
libnetapi0-32bit-4.2.4-18.17.1
libnetapi0-debuginfo-32bit-4.2.4-18.17.1
libsamba-credentials0-32bit-4.2.4-18.17.1
libsamba-credentials0-debuginfo-32bit-4.2.4-18.17.1
libsamba-hostconfig0-32bit-4.2.4-18.17.1
libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.17.1
libsamba-passdb0-32bit-4.2.4-18.17.1
libsamba-passdb0-debuginfo-32bit-4.2.4-18.17.1
libsamba-util0-32bit-4.2.4-18.17.1
libsamba-util0-debuginfo-32bit-4.2.4-18.17.1
libsamdb0-32bit-4.2.4-18.17.1
libsamdb0-debuginfo-32bit-4.2.4-18.17.1
libsmbclient-raw0-32bit-4.2.4-18.17.1
libsmbclient-raw0-debuginfo-32bit-4.2.4-18.17.1
libsmbclient0-32bit-4.2.4-18.17.1
libsmbclient0-debuginfo-32bit-4.2.4-18.17.1
libsmbconf0-32bit-4.2.4-18.17.1
libsmbconf0-debuginfo-32bit-4.2.4-18.17.1
libsmbldap0-32bit-4.2.4-18.17.1
libsmbldap0-debuginfo-32bit-4.2.4-18.17.1
libtevent-util0-32bit-4.2.4-18.17.1
libtevent-util0-debuginfo-32bit-4.2.4-18.17.1
libwbclient0-32bit-4.2.4-18.17.1
libwbclient0-debuginfo-32bit-4.2.4-18.17.1
samba-32bit-4.2.4-18.17.1
samba-client-32bit-4.2.4-18.17.1
samba-client-debuginfo-32bit-4.2.4-18.17.1
samba-debuginfo-32bit-4.2.4-18.17.1
samba-libs-32bit-4.2.4-18.17.1
samba-libs-debuginfo-32bit-4.2.4-18.17.1
samba-winbind-32bit-4.2.4-18.17.1
samba-winbind-debuginfo-32bit-4.2.4-18.17.1

– SUSE Linux Enterprise Server 12 (noarch):

samba-doc-4.2.4-18.17.1

– SUSE Linux Enterprise High Availability 12 (s390x x86_64):

ctdb-4.2.4-18.17.1
ctdb-debuginfo-4.2.4-18.17.1

– SUSE Linux Enterprise Desktop 12 (noarch):

samba-doc-4.2.4-18.17.1

– SUSE Linux Enterprise Desktop 12 (x86_64):

libdcerpc-binding0-32bit-4.2.4-18.17.1
libdcerpc-binding0-4.2.4-18.17.1
libdcerpc-binding0-debuginfo-32bit-4.2.4-18.17.1
libdcerpc-binding0-debuginfo-4.2.4-18.17.1
libdcerpc0-32bit-4.2.4-18.17.1
libdcerpc0-4.2.4-18.17.1
libdcerpc0-debuginfo-32bit-4.2.4-18.17.1
libdcerpc0-debuginfo-4.2.4-18.17.1
libgensec0-32bit-4.2.4-18.17.1
libgensec0-4.2.4-18.17.1
libgensec0-debuginfo-32bit-4.2.4-18.17.1
libgensec0-debuginfo-4.2.4-18.17.1
libndr-krb5pac0-32bit-4.2.4-18.17.1
libndr-krb5pac0-4.2.4-18.17.1
libndr-krb5pac0-debuginfo-32bit-4.2.4-18.17.1
libndr-krb5pac0-debuginfo-4.2.4-18.17.1
libndr-nbt0-32bit-4.2.4-18.17.1
libndr-nbt0-4.2.4-18.17.1
libndr-nbt0-debuginfo-32bit-4.2.4-18.17.1
libndr-nbt0-debuginfo-4.2.4-18.17.1
libndr-standard0-32bit-4.2.4-18.17.1
libndr-standard0-4.2.4-18.17.1
libndr-standard0-debuginfo-32bit-4.2.4-18.17.1
libndr-standard0-debuginfo-4.2.4-18.17.1
libndr0-32bit-4.2.4-18.17.1
libndr0-4.2.4-18.17.1
libndr0-debuginfo-32bit-4.2.4-18.17.1
libndr0-debuginfo-4.2.4-18.17.1
libnetapi0-32bit-4.2.4-18.17.1
libnetapi0-4.2.4-18.17.1
libnetapi0-debuginfo-32bit-4.2.4-18.17.1
libnetapi0-debuginfo-4.2.4-18.17.1
libregistry0-4.2.4-18.17.1
libregistry0-debuginfo-4.2.4-18.17.1
libsamba-credentials0-32bit-4.2.4-18.17.1
libsamba-credentials0-4.2.4-18.17.1
libsamba-credentials0-debuginfo-32bit-4.2.4-18.17.1
libsamba-credentials0-debuginfo-4.2.4-18.17.1
libsamba-hostconfig0-32bit-4.2.4-18.17.1
libsamba-hostconfig0-4.2.4-18.17.1
libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.17.1
libsamba-hostconfig0-debuginfo-4.2.4-18.17.1
libsamba-passdb0-32bit-4.2.4-18.17.1
libsamba-passdb0-4.2.4-18.17.1
libsamba-passdb0-debuginfo-32bit-4.2.4-18.17.1
libsamba-passdb0-debuginfo-4.2.4-18.17.1
libsamba-util0-32bit-4.2.4-18.17.1
libsamba-util0-4.2.4-18.17.1
libsamba-util0-debuginfo-32bit-4.2.4-18.17.1
libsamba-util0-debuginfo-4.2.4-18.17.1
libsamdb0-32bit-4.2.4-18.17.1
libsamdb0-4.2.4-18.17.1
libsamdb0-debuginfo-32bit-4.2.4-18.17.1
libsamdb0-debuginfo-4.2.4-18.17.1
libsmbclient-raw0-32bit-4.2.4-18.17.1
libsmbclient-raw0-4.2.4-18.17.1
libsmbclient-raw0-debuginfo-32bit-4.2.4-18.17.1
libsmbclient-raw0-debuginfo-4.2.4-18.17.1
libsmbclient0-32bit-4.2.4-18.17.1
libsmbclient0-4.2.4-18.17.1
libsmbclient0-debuginfo-32bit-4.2.4-18.17.1
libsmbclient0-debuginfo-4.2.4-18.17.1
libsmbconf0-32bit-4.2.4-18.17.1
libsmbconf0-4.2.4-18.17.1
libsmbconf0-debuginfo-32bit-4.2.4-18.17.1
libsmbconf0-debuginfo-4.2.4-18.17.1
libsmbldap0-32bit-4.2.4-18.17.1
libsmbldap0-4.2.4-18.17.1
libsmbldap0-debuginfo-32bit-4.2.4-18.17.1
libsmbldap0-debuginfo-4.2.4-18.17.1
libtevent-util0-32bit-4.2.4-18.17.1
libtevent-util0-4.2.4-18.17.1
libtevent-util0-debuginfo-32bit-4.2.4-18.17.1
libtevent-util0-debuginfo-4.2.4-18.17.1
libwbclient0-32bit-4.2.4-18.17.1
libwbclient0-4.2.4-18.17.1
libwbclient0-debuginfo-32bit-4.2.4-18.17.1
libwbclient0-debuginfo-4.2.4-18.17.1
samba-32bit-4.2.4-18.17.1
samba-4.2.4-18.17.1
samba-client-32bit-4.2.4-18.17.1
samba-client-4.2.4-18.17.1
samba-client-debuginfo-32bit-4.2.4-18.17.1
samba-client-debuginfo-4.2.4-18.17.1
samba-debuginfo-32bit-4.2.4-18.17.1
samba-debuginfo-4.2.4-18.17.1
samba-debugsource-4.2.4-18.17.1
samba-libs-32bit-4.2.4-18.17.1
samba-libs-4.2.4-18.17.1
samba-libs-debuginfo-32bit-4.2.4-18.17.1
samba-libs-debuginfo-4.2.4-18.17.1
samba-winbind-32bit-4.2.4-18.17.1
samba-winbind-4.2.4-18.17.1
samba-winbind-debuginfo-32bit-4.2.4-18.17.1
samba-winbind-debuginfo-4.2.4-18.17.1

References:

https://www.suse.com/security/cve/CVE-2015-5370.html
https://www.suse.com/security/cve/CVE-2016-2110.html
https://www.suse.com/security/cve/CVE-2016-2111.html
https://www.suse.com/security/cve/CVE-2016-2112.html
https://www.suse.com/security/cve/CVE-2016-2113.html
https://www.suse.com/security/cve/CVE-2016-2115.html
https://www.suse.com/security/cve/CVE-2016-2118.html
https://bugzilla.suse.com/320709
https://bugzilla.suse.com/913547
https://bugzilla.suse.com/919309
https://bugzilla.suse.com/924519
https://bugzilla.suse.com/936862
https://bugzilla.suse.com/942716
https://bugzilla.suse.com/946051
https://bugzilla.suse.com/949022
https://bugzilla.suse.com/964023
https://bugzilla.suse.com/966271
https://bugzilla.suse.com/968973
https://bugzilla.suse.com/971965
https://bugzilla.suse.com/972197
https://bugzilla.suse.com/973031
https://bugzilla.suse.com/973032
https://bugzilla.suse.com/973033
https://bugzilla.suse.com/973034
https://bugzilla.suse.com/973036
https://bugzilla.suse.com/973832
https://bugzilla.suse.com/974629


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID: SUSE-SU-2016:1023-1
Rating: important
References: #936862 #967017 #971965 #973031 #973032 #973033
#973034 #973036
Cross-References: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111
CVE-2016-2112 CVE-2016-2113 CVE-2016-2115
CVE-2016-2118
Affected Products:
SUSE OpenStack Cloud 5
SUSE Manager Proxy 2.1
SUSE Manager 2.1
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Software Development Kit 11-SP3
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

An update that solves 7 vulnerabilities and has one errata
is now available.

Description:

samba was updated to fix seven security issues.

These security issues were fixed:
– CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM
attacks (bsc#936862).
– CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
authentication (bsc#973031).
– CVE-2016-2111: Domain controller netlogon member computer could have
been spoofed (bsc#973032).
– CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM
attack (bsc#973033).
– CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
– CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks
(bsc#973036).
– CVE-2016-2118: “Badlock” DCERPC impersonation of authenticated account
were possible (bsc#971965).

These non-security issues were fixed:
– bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint
function
– Getting and setting Windows ACLs on symlinks can change permissions on
link

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE OpenStack Cloud 5:

zypper in -t patch sleclo50sp3-samba-12507=1

– SUSE Manager Proxy 2.1:

zypper in -t patch slemap21-samba-12507=1

– SUSE Manager 2.1:

zypper in -t patch sleman21-samba-12507=1

– SUSE Linux Enterprise Software Development Kit 11-SP4:

zypper in -t patch sdksp4-samba-12507=1

– SUSE Linux Enterprise Software Development Kit 11-SP3:

zypper in -t patch sdksp3-samba-12507=1

– SUSE Linux Enterprise Server 11-SP4:

zypper in -t patch slessp4-samba-12507=1

– SUSE Linux Enterprise Server 11-SP3-LTSS:

zypper in -t patch slessp3-samba-12507=1

– SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-samba-12507=1

– SUSE Linux Enterprise Debuginfo 11-SP3:

zypper in -t patch dbgsp3-samba-12507=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE OpenStack Cloud 5 (noarch):

samba-doc-3.6.3-76.2

– SUSE OpenStack Cloud 5 (x86_64):

ldapsmb-1.34b-76.1
libldb1-3.6.3-76.1
libsmbclient0-3.6.3-76.1
libsmbclient0-32bit-3.6.3-76.1
libtalloc2-3.6.3-76.1
libtalloc2-32bit-3.6.3-76.1
libtdb1-3.6.3-76.1
libtdb1-32bit-3.6.3-76.1
libtevent0-3.6.3-76.1
libtevent0-32bit-3.6.3-76.1
libwbclient0-3.6.3-76.1
libwbclient0-32bit-3.6.3-76.1
samba-3.6.3-76.1
samba-32bit-3.6.3-76.1
samba-client-3.6.3-76.1
samba-client-32bit-3.6.3-76.1
samba-krb-printing-3.6.3-76.1
samba-winbind-3.6.3-76.1
samba-winbind-32bit-3.6.3-76.1

– SUSE Manager Proxy 2.1 (noarch):

samba-doc-3.6.3-76.2

– SUSE Manager Proxy 2.1 (x86_64):

ldapsmb-1.34b-76.1
libldb1-3.6.3-76.1
libsmbclient0-3.6.3-76.1
libsmbclient0-32bit-3.6.3-76.1
libtalloc2-3.6.3-76.1
libtalloc2-32bit-3.6.3-76.1
libtdb1-3.6.3-76.1
libtdb1-32bit-3.6.3-76.1
libtevent0-3.6.3-76.1
libtevent0-32bit-3.6.3-76.1
libwbclient0-3.6.3-76.1
libwbclient0-32bit-3.6.3-76.1
samba-3.6.3-76.1
samba-32bit-3.6.3-76.1
samba-client-3.6.3-76.1
samba-client-32bit-3.6.3-76.1
samba-krb-printing-3.6.3-76.1
samba-winbind-3.6.3-76.1
samba-winbind-32bit-3.6.3-76.1

– SUSE Manager 2.1 (s390x x86_64):

ldapsmb-1.34b-76.1
libldb1-3.6.3-76.1
libsmbclient0-3.6.3-76.1
libsmbclient0-32bit-3.6.3-76.1
libtalloc2-3.6.3-76.1
libtalloc2-32bit-3.6.3-76.1
libtdb1-3.6.3-76.1
libtdb1-32bit-3.6.3-76.1
libtevent0-3.6.3-76.1
libtevent0-32bit-3.6.3-76.1
libwbclient0-3.6.3-76.1
libwbclient0-32bit-3.6.3-76.1
samba-3.6.3-76.1
samba-32bit-3.6.3-76.1
samba-client-3.6.3-76.1
samba-client-32bit-3.6.3-76.1
samba-krb-printing-3.6.3-76.1
samba-winbind-3.6.3-76.1
samba-winbind-32bit-3.6.3-76.1

– SUSE Manager 2.1 (noarch):

samba-doc-3.6.3-76.2

– SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

libldb-devel-3.6.3-76.1
libnetapi-devel-3.6.3-76.1
libnetapi0-3.6.3-76.1
libsmbclient-devel-3.6.3-76.1
libsmbsharemodes-devel-3.6.3-76.1
libsmbsharemodes0-3.6.3-76.1
libtalloc-devel-3.6.3-76.1
libtdb-devel-3.6.3-76.1
libtevent-devel-3.6.3-76.1
libwbclient-devel-3.6.3-76.1
samba-devel-3.6.3-76.1
samba-test-3.6.3-76.1

– SUSE Linux Enterprise Software Development Kit 11-SP3 (i586 s390x x86_64):

libldb-devel-3.6.3-76.1
libnetapi-devel-3.6.3-76.1
libnetapi0-3.6.3-76.1
libsmbclient-devel-3.6.3-76.1
libsmbsharemodes-devel-3.6.3-76.1
libsmbsharemodes0-3.6.3-76.1
libtalloc-devel-3.6.3-76.1
libtdb-devel-3.6.3-76.1
libtevent-devel-3.6.3-76.1
libwbclient-devel-3.6.3-76.1
samba-devel-3.6.3-76.1
samba-test-3.6.3-76.1

– SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

ldapsmb-1.34b-76.1
libldb1-3.6.3-76.1
libsmbclient0-3.6.3-76.1
libtalloc2-3.6.3-76.1
libtdb1-3.6.3-76.1
libtevent0-3.6.3-76.1
libwbclient0-3.6.3-76.1
samba-3.6.3-76.1
samba-client-3.6.3-76.1
samba-krb-printing-3.6.3-76.1
samba-winbind-3.6.3-76.1

– SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):

libsmbclient0-32bit-3.6.3-76.1
libtalloc2-32bit-3.6.3-76.1
libtdb1-32bit-3.6.3-76.1
libtevent0-32bit-3.6.3-76.1
libwbclient0-32bit-3.6.3-76.1
samba-32bit-3.6.3-76.1
samba-client-32bit-3.6.3-76.1
samba-winbind-32bit-3.6.3-76.1

– SUSE Linux Enterprise Server 11-SP4 (noarch):

samba-doc-3.6.3-76.2

– SUSE Linux Enterprise Server 11-SP4 (ia64):

libsmbclient0-x86-3.6.3-76.1
libtalloc2-x86-3.6.3-76.1
libtdb1-x86-3.6.3-76.1
libtevent0-x86-3.6.3-76.1
libwbclient0-x86-3.6.3-76.1
samba-client-x86-3.6.3-76.1
samba-winbind-x86-3.6.3-76.1
samba-x86-3.6.3-76.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

ldapsmb-1.34b-76.1
libldb1-3.6.3-76.1
libsmbclient0-3.6.3-76.1
libtalloc2-3.6.3-76.1
libtdb1-3.6.3-76.1
libtevent0-3.6.3-76.1
libwbclient0-3.6.3-76.1
samba-3.6.3-76.1
samba-client-3.6.3-76.1
samba-krb-printing-3.6.3-76.1
samba-winbind-3.6.3-76.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64):

libsmbclient0-32bit-3.6.3-76.1
libtalloc2-32bit-3.6.3-76.1
libtdb1-32bit-3.6.3-76.1
libtevent0-32bit-3.6.3-76.1
libwbclient0-32bit-3.6.3-76.1
samba-32bit-3.6.3-76.1
samba-client-32bit-3.6.3-76.1
samba-winbind-32bit-3.6.3-76.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (noarch):

samba-doc-3.6.3-76.2

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

samba-debuginfo-3.6.3-76.1
samba-debugsource-3.6.3-76.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64):

samba-debuginfo-32bit-3.6.3-76.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (ia64):

samba-debuginfo-x86-3.6.3-76.1

– SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

samba-debuginfo-3.6.3-76.1
samba-debugsource-3.6.3-76.1

– SUSE Linux Enterprise Debuginfo 11-SP3 (s390x):

samba-debuginfo-32bit-3.6.3-76.1

References:

https://www.suse.com/security/cve/CVE-2015-5370.html
https://www.suse.com/security/cve/CVE-2016-2110.html
https://www.suse.com/security/cve/CVE-2016-2111.html
https://www.suse.com/security/cve/CVE-2016-2112.html
https://www.suse.com/security/cve/CVE-2016-2113.html
https://www.suse.com/security/cve/CVE-2016-2115.html
https://www.suse.com/security/cve/CVE-2016-2118.html
https://bugzilla.suse.com/936862
https://bugzilla.suse.com/967017
https://bugzilla.suse.com/971965
https://bugzilla.suse.com/973031
https://bugzilla.suse.com/973032
https://bugzilla.suse.com/973033
https://bugzilla.suse.com/973034
https://bugzilla.suse.com/973036


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID: SUSE-SU-2016:1024-1
Rating: important
References: #924519 #936862 #968973 #971965 #972197 #973031
#973032 #973033 #973034 #973036 #973832 #974629

Cross-References: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111
CVE-2016-2112 CVE-2016-2113 CVE-2016-2115
CVE-2016-2118
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise High Availability 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________

An update that solves 7 vulnerabilities and has 5 fixes is
now available.

Description:

samba was updated to fix seven security issues.

These security issues were fixed:
– CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM
attacks (bsc#936862).
– CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
authentication (bsc#973031).
– CVE-2016-2111: Domain controller netlogon member computer could have
been spoofed (bsc#973032).
– CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM
attack (bsc#973033).
– CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
– CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks
(bsc#973036).
– CVE-2016-2118: “Badlock” DCERPC impersonation of authenticated account
were possible (bsc#971965).

These non-security issues were fixed:
– bsc#974629: Fix samba.tests.messaging test and prevent potential tdb
corruption by removing obsolete now invalid tdb_close call.
– bsc#973832: Obsolete libsmbsharemodes0 from samba-libs and
libsmbsharemodes-devel from samba-core-devel.
– bsc#972197: Obsolete libsmbclient from libsmbclient0 and libpdb-devel
from libsamba-passdb-devel while not providing it.
– Getting and setting Windows ACLs on symlinks can change permissions on
link
– bsc#924519: Upgrade on-disk FSRVP server state to new version.
– bsc#968973: Only obsolete but do not provide gplv2/3 package names.
– bso#6482: s3:utils/smbget: Fix recursive download.
– bso#10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a
filesystem with no ACL support.
– bso#11643: docs: Add example for domain logins to smbspool man page.
– bso#11690: s3-client: Add a KRB5 wrapper for smbspool.
– bso#11708: loadparm: Fix memory leak issue.
– bso#11714: lib/tsocket: Work around sockets not supporting FIONREAD.
– bso#11719: ctdb-scripts: Drop use of “smbcontrol winbindd ip-dropped
…”.
– bso#11727: s3:smbd:open: Skip redundant call to file_set_dosmode when
creating a new file.
– bso#11732: param: Fix str_list_v3 to accept “;” again.
– bso#11740: Real memeory leak(buildup) issue in loadparm.

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Software Development Kit 12-SP1:

zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-604=1

– SUSE Linux Enterprise Server 12-SP1:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-604=1

– SUSE Linux Enterprise High Availability 12-SP1:

zypper in -t patch SUSE-SLE-HA-12-SP1-2016-604=1

– SUSE Linux Enterprise Desktop 12-SP1:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-604=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):

ctdb-debuginfo-4.2.4-16.1
ctdb-devel-4.2.4-16.1
libdcerpc-atsvc-devel-4.2.4-16.1
libdcerpc-atsvc0-4.2.4-16.1
libdcerpc-atsvc0-debuginfo-4.2.4-16.1
libdcerpc-devel-4.2.4-16.1
libdcerpc-samr-devel-4.2.4-16.1
libdcerpc-samr0-4.2.4-16.1
libdcerpc-samr0-debuginfo-4.2.4-16.1
libgensec-devel-4.2.4-16.1
libndr-devel-4.2.4-16.1
libndr-krb5pac-devel-4.2.4-16.1
libndr-nbt-devel-4.2.4-16.1
libndr-standard-devel-4.2.4-16.1
libnetapi-devel-4.2.4-16.1
libregistry-devel-4.2.4-16.1
libsamba-credentials-devel-4.2.4-16.1
libsamba-hostconfig-devel-4.2.4-16.1
libsamba-passdb-devel-4.2.4-16.1
libsamba-policy-devel-4.2.4-16.1
libsamba-policy0-4.2.4-16.1
libsamba-policy0-debuginfo-4.2.4-16.1
libsamba-util-devel-4.2.4-16.1
libsamdb-devel-4.2.4-16.1
libsmbclient-devel-4.2.4-16.1
libsmbclient-raw-devel-4.2.4-16.1
libsmbconf-devel-4.2.4-16.1
libsmbldap-devel-4.2.4-16.1
libtevent-util-devel-4.2.4-16.1
libwbclient-devel-4.2.4-16.1
samba-core-devel-4.2.4-16.1
samba-debuginfo-4.2.4-16.1
samba-debugsource-4.2.4-16.1
samba-test-devel-4.2.4-16.1

– SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):

libdcerpc-binding0-4.2.4-16.1
libdcerpc-binding0-debuginfo-4.2.4-16.1
libdcerpc0-4.2.4-16.1
libdcerpc0-debuginfo-4.2.4-16.1
libgensec0-4.2.4-16.1
libgensec0-debuginfo-4.2.4-16.1
libndr-krb5pac0-4.2.4-16.1
libndr-krb5pac0-debuginfo-4.2.4-16.1
libndr-nbt0-4.2.4-16.1
libndr-nbt0-debuginfo-4.2.4-16.1
libndr-standard0-4.2.4-16.1
libndr-standard0-debuginfo-4.2.4-16.1
libndr0-4.2.4-16.1
libndr0-debuginfo-4.2.4-16.1
libnetapi0-4.2.4-16.1
libnetapi0-debuginfo-4.2.4-16.1
libregistry0-4.2.4-16.1
libregistry0-debuginfo-4.2.4-16.1
libsamba-credentials0-4.2.4-16.1
libsamba-credentials0-debuginfo-4.2.4-16.1
libsamba-hostconfig0-4.2.4-16.1
libsamba-hostconfig0-debuginfo-4.2.4-16.1
libsamba-passdb0-4.2.4-16.1
libsamba-passdb0-debuginfo-4.2.4-16.1
libsamba-util0-4.2.4-16.1
libsamba-util0-debuginfo-4.2.4-16.1
libsamdb0-4.2.4-16.1
libsamdb0-debuginfo-4.2.4-16.1
libsmbclient-raw0-4.2.4-16.1
libsmbclient-raw0-debuginfo-4.2.4-16.1
libsmbclient0-4.2.4-16.1
libsmbclient0-debuginfo-4.2.4-16.1
libsmbconf0-4.2.4-16.1
libsmbconf0-debuginfo-4.2.4-16.1
libsmbldap0-4.2.4-16.1
libsmbldap0-debuginfo-4.2.4-16.1
libtevent-util0-4.2.4-16.1
libtevent-util0-debuginfo-4.2.4-16.1
libwbclient0-4.2.4-16.1
libwbclient0-debuginfo-4.2.4-16.1
samba-4.2.4-16.1
samba-client-4.2.4-16.1
samba-client-debuginfo-4.2.4-16.1
samba-debuginfo-4.2.4-16.1
samba-debugsource-4.2.4-16.1
samba-libs-4.2.4-16.1
samba-libs-debuginfo-4.2.4-16.1
samba-winbind-4.2.4-16.1
samba-winbind-debuginfo-4.2.4-16.1

– SUSE Linux Enterprise Server 12-SP1 (s390x x86_64):

libdcerpc-binding0-32bit-4.2.4-16.1
libdcerpc-binding0-debuginfo-32bit-4.2.4-16.1
libdcerpc0-32bit-4.2.4-16.1
libdcerpc0-debuginfo-32bit-4.2.4-16.1
libgensec0-32bit-4.2.4-16.1
libgensec0-debuginfo-32bit-4.2.4-16.1
libndr-krb5pac0-32bit-4.2.4-16.1
libndr-krb5pac0-debuginfo-32bit-4.2.4-16.1
libndr-nbt0-32bit-4.2.4-16.1
libndr-nbt0-debuginfo-32bit-4.2.4-16.1
libndr-standard0-32bit-4.2.4-16.1
libndr-standard0-debuginfo-32bit-4.2.4-16.1
libndr0-32bit-4.2.4-16.1
libndr0-debuginfo-32bit-4.2.4-16.1
libnetapi0-32bit-4.2.4-16.1
libnetapi0-debuginfo-32bit-4.2.4-16.1
libsamba-credentials0-32bit-4.2.4-16.1
libsamba-credentials0-debuginfo-32bit-4.2.4-16.1
libsamba-hostconfig0-32bit-4.2.4-16.1
libsamba-hostconfig0-debuginfo-32bit-4.2.4-16.1
libsamba-passdb0-32bit-4.2.4-16.1
libsamba-passdb0-debuginfo-32bit-4.2.4-16.1
libsamba-util0-32bit-4.2.4-16.1
libsamba-util0-debuginfo-32bit-4.2.4-16.1
libsamdb0-32bit-4.2.4-16.1
libsamdb0-debuginfo-32bit-4.2.4-16.1
libsmbclient-raw0-32bit-4.2.4-16.1
libsmbclient-raw0-debuginfo-32bit-4.2.4-16.1
libsmbclient0-32bit-4.2.4-16.1
libsmbclient0-debuginfo-32bit-4.2.4-16.1
libsmbconf0-32bit-4.2.4-16.1
libsmbconf0-debuginfo-32bit-4.2.4-16.1
libsmbldap0-32bit-4.2.4-16.1
libsmbldap0-debuginfo-32bit-4.2.4-16.1
libtevent-util0-32bit-4.2.4-16.1
libtevent-util0-debuginfo-32bit-4.2.4-16.1
libwbclient0-32bit-4.2.4-16.1
libwbclient0-debuginfo-32bit-4.2.4-16.1
samba-32bit-4.2.4-16.1
samba-client-32bit-4.2.4-16.1
samba-client-debuginfo-32bit-4.2.4-16.1
samba-debuginfo-32bit-4.2.4-16.1
samba-libs-32bit-4.2.4-16.1
samba-libs-debuginfo-32bit-4.2.4-16.1
samba-winbind-32bit-4.2.4-16.1
samba-winbind-debuginfo-32bit-4.2.4-16.1

– SUSE Linux Enterprise Server 12-SP1 (noarch):

samba-doc-4.2.4-16.1

– SUSE Linux Enterprise High Availability 12-SP1 (s390x x86_64):

ctdb-4.2.4-16.1
ctdb-debuginfo-4.2.4-16.1

– SUSE Linux Enterprise Desktop 12-SP1 (x86_64):

libdcerpc-binding0-32bit-4.2.4-16.1
libdcerpc-binding0-4.2.4-16.1
libdcerpc-binding0-debuginfo-32bit-4.2.4-16.1
libdcerpc-binding0-debuginfo-4.2.4-16.1
libdcerpc0-32bit-4.2.4-16.1
libdcerpc0-4.2.4-16.1
libdcerpc0-debuginfo-32bit-4.2.4-16.1
libdcerpc0-debuginfo-4.2.4-16.1
libgensec0-32bit-4.2.4-16.1
libgensec0-4.2.4-16.1
libgensec0-debuginfo-32bit-4.2.4-16.1
libgensec0-debuginfo-4.2.4-16.1
libndr-krb5pac0-32bit-4.2.4-16.1
libndr-krb5pac0-4.2.4-16.1
libndr-krb5pac0-debuginfo-32bit-4.2.4-16.1
libndr-krb5pac0-debuginfo-4.2.4-16.1
libndr-nbt0-32bit-4.2.4-16.1
libndr-nbt0-4.2.4-16.1
libndr-nbt0-debuginfo-32bit-4.2.4-16.1
libndr-nbt0-debuginfo-4.2.4-16.1
libndr-standard0-32bit-4.2.4-16.1
libndr-standard0-4.2.4-16.1
libndr-standard0-debuginfo-32bit-4.2.4-16.1
libndr-standard0-debuginfo-4.2.4-16.1
libndr0-32bit-4.2.4-16.1
libndr0-4.2.4-16.1
libndr0-debuginfo-32bit-4.2.4-16.1
libndr0-debuginfo-4.2.4-16.1
libnetapi0-32bit-4.2.4-16.1
libnetapi0-4.2.4-16.1
libnetapi0-debuginfo-32bit-4.2.4-16.1
libnetapi0-debuginfo-4.2.4-16.1
libregistry0-4.2.4-16.1
libregistry0-debuginfo-4.2.4-16.1
libsamba-credentials0-32bit-4.2.4-16.1
libsamba-credentials0-4.2.4-16.1
libsamba-credentials0-debuginfo-32bit-4.2.4-16.1
libsamba-credentials0-debuginfo-4.2.4-16.1
libsamba-hostconfig0-32bit-4.2.4-16.1
libsamba-hostconfig0-4.2.4-16.1
libsamba-hostconfig0-debuginfo-32bit-4.2.4-16.1
libsamba-hostconfig0-debuginfo-4.2.4-16.1
libsamba-passdb0-32bit-4.2.4-16.1
libsamba-passdb0-4.2.4-16.1
libsamba-passdb0-debuginfo-32bit-4.2.4-16.1
libsamba-passdb0-debuginfo-4.2.4-16.1
libsamba-util0-32bit-4.2.4-16.1
libsamba-util0-4.2.4-16.1
libsamba-util0-debuginfo-32bit-4.2.4-16.1
libsamba-util0-debuginfo-4.2.4-16.1
libsamdb0-32bit-4.2.4-16.1
libsamdb0-4.2.4-16.1
libsamdb0-debuginfo-32bit-4.2.4-16.1
libsamdb0-debuginfo-4.2.4-16.1
libsmbclient-raw0-32bit-4.2.4-16.1
libsmbclient-raw0-4.2.4-16.1
libsmbclient-raw0-debuginfo-32bit-4.2.4-16.1
libsmbclient-raw0-debuginfo-4.2.4-16.1
libsmbclient0-32bit-4.2.4-16.1
libsmbclient0-4.2.4-16.1
libsmbclient0-debuginfo-32bit-4.2.4-16.1
libsmbclient0-debuginfo-4.2.4-16.1
libsmbconf0-32bit-4.2.4-16.1
libsmbconf0-4.2.4-16.1
libsmbconf0-debuginfo-32bit-4.2.4-16.1
libsmbconf0-debuginfo-4.2.4-16.1
libsmbldap0-32bit-4.2.4-16.1
libsmbldap0-4.2.4-16.1
libsmbldap0-debuginfo-32bit-4.2.4-16.1
libsmbldap0-debuginfo-4.2.4-16.1
libtevent-util0-32bit-4.2.4-16.1
libtevent-util0-4.2.4-16.1
libtevent-util0-debuginfo-32bit-4.2.4-16.1
libtevent-util0-debuginfo-4.2.4-16.1
libwbclient0-32bit-4.2.4-16.1
libwbclient0-4.2.4-16.1
libwbclient0-debuginfo-32bit-4.2.4-16.1
libwbclient0-debuginfo-4.2.4-16.1
samba-32bit-4.2.4-16.1
samba-4.2.4-16.1
samba-client-32bit-4.2.4-16.1
samba-client-4.2.4-16.1
samba-client-debuginfo-32bit-4.2.4-16.1
samba-client-debuginfo-4.2.4-16.1
samba-debuginfo-32bit-4.2.4-16.1
samba-debuginfo-4.2.4-16.1
samba-debugsource-4.2.4-16.1
samba-libs-32bit-4.2.4-16.1
samba-libs-4.2.4-16.1
samba-libs-debuginfo-32bit-4.2.4-16.1
samba-libs-debuginfo-4.2.4-16.1
samba-winbind-32bit-4.2.4-16.1
samba-winbind-4.2.4-16.1
samba-winbind-debuginfo-32bit-4.2.4-16.1
samba-winbind-debuginfo-4.2.4-16.1

– SUSE Linux Enterprise Desktop 12-SP1 (noarch):

samba-doc-4.2.4-16.1

References:

https://www.suse.com/security/cve/CVE-2015-5370.html
https://www.suse.com/security/cve/CVE-2016-2110.html
https://www.suse.com/security/cve/CVE-2016-2111.html
https://www.suse.com/security/cve/CVE-2016-2112.html
https://www.suse.com/security/cve/CVE-2016-2113.html
https://www.suse.com/security/cve/CVE-2016-2115.html
https://www.suse.com/security/cve/CVE-2016-2118.html
https://bugzilla.suse.com/924519
https://bugzilla.suse.com/936862
https://bugzilla.suse.com/968973
https://bugzilla.suse.com/971965
https://bugzilla.suse.com/972197
https://bugzilla.suse.com/973031
https://bugzilla.suse.com/973032
https://bugzilla.suse.com/973033
https://bugzilla.suse.com/973034
https://bugzilla.suse.com/973036
https://bugzilla.suse.com/973832
https://bugzilla.suse.com/974629


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

 

 

openSUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:1025-1
Rating:             important
References:         #924519 #936862 #968973 #971965 #972197 #973031
                    #973032 #973033 #973034 #973036 #973832 #974629
                   
Cross-References:   CVE-2015-5370 CVE-2016-2110 CVE-2016-2111
                    CVE-2016-2112 CVE-2016-2113 CVE-2016-2115
                    CVE-2016-2118
Affected Products:
                    openSUSE Leap 42.1
______________________________________________________________________________

   An update that solves 7 vulnerabilities and has 5 fixes is
   now available.

Description:

   samba was updated to fix seven security issues.

   These security issues were fixed:
   – CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM
     attacks (bsc#936862).
   – CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
     authentication (bsc#973031).
   – CVE-2016-2111: Domain controller netlogon member computer could have
     been spoofed (bsc#973032).
   – CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM
     attack (bsc#973033).
   – CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
   – CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks
     (bsc#973036).
   – CVE-2016-2118: “Badlock” DCERPC impersonation of authenticated account
     were possible (bsc#971965).

   These non-security issues were fixed:
   – bsc#974629: Fix samba.tests.messaging test and prevent potential tdb
     corruption by removing obsolete now invalid tdb_close call.
   – bsc#973832: Obsolete libsmbsharemodes0 from samba-libs and
     libsmbsharemodes-devel from samba-core-devel.
   – bsc#972197: Obsolete libsmbclient from libsmbclient0 and libpdb-devel
     from libsamba-passdb-devel while not providing it.
   – Getting and setting Windows ACLs on symlinks can change permissions on
     link
   – bsc#924519: Upgrade on-disk FSRVP server state to new version.
   – bsc#968973: Only obsolete but do not provide gplv2/3 package names.
   – bso#6482: s3:utils/smbget: Fix recursive download.
   – bso#10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a
     filesystem with no ACL support.
   – bso#11643: docs: Add example for domain logins to smbspool man page.
   – bso#11690: s3-client: Add a KRB5 wrapper for smbspool.
   – bso#11708: loadparm: Fix memory leak issue.
   – bso#11714: lib/tsocket: Work around sockets not supporting FIONREAD.
   – bso#11719: ctdb-scripts: Drop use of “smbcontrol winbindd ip-dropped
     …”.
   – bso#11727: s3:smbd:open: Skip redundant call to file_set_dosmode when
     creating a new file.
   – bso#11732: param: Fix str_list_v3 to accept “;” again.
   – bso#11740: Real memeory leak(buildup) issue in loadparm.

   This update was imported from the SUSE:SLE-12-SP1:Update update project.

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   – openSUSE Leap 42.1:

      zypper in -t patch openSUSE-2016-453=1

   To bring your system up-to-date, use “zypper patch”.

Package List:

   – openSUSE Leap 42.1 (i586 x86_64):

      ctdb-4.2.4-15.1
      ctdb-debuginfo-4.2.4-15.1
      ctdb-devel-4.2.4-15.1
      ctdb-tests-4.2.4-15.1
      ctdb-tests-debuginfo-4.2.4-15.1
      libdcerpc-atsvc-devel-4.2.4-15.1
      libdcerpc-atsvc0-4.2.4-15.1
      libdcerpc-atsvc0-debuginfo-4.2.4-15.1
      libdcerpc-binding0-4.2.4-15.1
      libdcerpc-binding0-debuginfo-4.2.4-15.1
      libdcerpc-devel-4.2.4-15.1
      libdcerpc-samr-devel-4.2.4-15.1
      libdcerpc-samr0-4.2.4-15.1
      libdcerpc-samr0-debuginfo-4.2.4-15.1
      libdcerpc0-4.2.4-15.1
      libdcerpc0-debuginfo-4.2.4-15.1
      libgensec-devel-4.2.4-15.1
      libgensec0-4.2.4-15.1
      libgensec0-debuginfo-4.2.4-15.1
      libndr-devel-4.2.4-15.1
      libndr-krb5pac-devel-4.2.4-15.1
      libndr-krb5pac0-4.2.4-15.1
      libndr-krb5pac0-debuginfo-4.2.4-15.1
      libndr-nbt-devel-4.2.4-15.1
      libndr-nbt0-4.2.4-15.1
      libndr-nbt0-debuginfo-4.2.4-15.1
      libndr-standard-devel-4.2.4-15.1
      libndr-standard0-4.2.4-15.1
      libndr-standard0-debuginfo-4.2.4-15.1
      libndr0-4.2.4-15.1
      libndr0-debuginfo-4.2.4-15.1
      libnetapi-devel-4.2.4-15.1
      libnetapi0-4.2.4-15.1
      libnetapi0-debuginfo-4.2.4-15.1
      libregistry-devel-4.2.4-15.1
      libregistry0-4.2.4-15.1
      libregistry0-debuginfo-4.2.4-15.1
      libsamba-credentials-devel-4.2.4-15.1
      libsamba-credentials0-4.2.4-15.1
      libsamba-credentials0-debuginfo-4.2.4-15.1
      libsamba-hostconfig-devel-4.2.4-15.1
      libsamba-hostconfig0-4.2.4-15.1
      libsamba-hostconfig0-debuginfo-4.2.4-15.1
      libsamba-passdb-devel-4.2.4-15.1
      libsamba-passdb0-4.2.4-15.1
      libsamba-passdb0-debuginfo-4.2.4-15.1
      libsamba-policy-devel-4.2.4-15.1
      libsamba-policy0-4.2.4-15.1
      libsamba-policy0-debuginfo-4.2.4-15.1
      libsamba-util-devel-4.2.4-15.1
      libsamba-util0-4.2.4-15.1
      libsamba-util0-debuginfo-4.2.4-15.1
      libsamdb-devel-4.2.4-15.1
      libsamdb0-4.2.4-15.1
      libsamdb0-debuginfo-4.2.4-15.1
      libsmbclient-devel-4.2.4-15.1
      libsmbclient-raw-devel-4.2.4-15.1
      libsmbclient-raw0-4.2.4-15.1
      libsmbclient-raw0-debuginfo-4.2.4-15.1
      libsmbclient0-4.2.4-15.1
      libsmbclient0-debuginfo-4.2.4-15.1
      libsmbconf-devel-4.2.4-15.1
      libsmbconf0-4.2.4-15.1
      libsmbconf0-debuginfo-4.2.4-15.1
      libsmbldap-devel-4.2.4-15.1
      libsmbldap0-4.2.4-15.1
      libsmbldap0-debuginfo-4.2.4-15.1
      libtevent-util-devel-4.2.4-15.1
      libtevent-util0-4.2.4-15.1
      libtevent-util0-debuginfo-4.2.4-15.1
      libwbclient-devel-4.2.4-15.1
      libwbclient0-4.2.4-15.1
      libwbclient0-debuginfo-4.2.4-15.1
      samba-4.2.4-15.1
      samba-client-4.2.4-15.1
      samba-client-debuginfo-4.2.4-15.1
      samba-core-devel-4.2.4-15.1
      samba-debuginfo-4.2.4-15.1
      samba-debugsource-4.2.4-15.1
      samba-libs-4.2.4-15.1
      samba-libs-debuginfo-4.2.4-15.1
      samba-pidl-4.2.4-15.1
      samba-python-4.2.4-15.1
      samba-python-debuginfo-4.2.4-15.1
      samba-test-4.2.4-15.1
      samba-test-debuginfo-4.2.4-15.1
      samba-test-devel-4.2.4-15.1
      samba-winbind-4.2.4-15.1
      samba-winbind-debuginfo-4.2.4-15.1

   – openSUSE Leap 42.1 (noarch):

      samba-doc-4.2.4-15.1

   – openSUSE Leap 42.1 (x86_64):

      libdcerpc-atsvc0-32bit-4.2.4-15.1
      libdcerpc-atsvc0-debuginfo-32bit-4.2.4-15.1
      libdcerpc-binding0-32bit-4.2.4-15.1
      libdcerpc-binding0-debuginfo-32bit-4.2.4-15.1
      libdcerpc-samr0-32bit-4.2.4-15.1
      libdcerpc-samr0-debuginfo-32bit-4.2.4-15.1
      libdcerpc0-32bit-4.2.4-15.1
      libdcerpc0-debuginfo-32bit-4.2.4-15.1
      libgensec0-32bit-4.2.4-15.1
      libgensec0-debuginfo-32bit-4.2.4-15.1
      libndr-krb5pac0-32bit-4.2.4-15.1
      libndr-krb5pac0-debuginfo-32bit-4.2.4-15.1
      libndr-nbt0-32bit-4.2.4-15.1
      libndr-nbt0-debuginfo-32bit-4.2.4-15.1
      libndr-standard0-32bit-4.2.4-15.1
      libndr-standard0-debuginfo-32bit-4.2.4-15.1
      libndr0-32bit-4.2.4-15.1
      libndr0-debuginfo-32bit-4.2.4-15.1
      libnetapi0-32bit-4.2.4-15.1
      libnetapi0-debuginfo-32bit-4.2.4-15.1
      libregistry0-32bit-4.2.4-15.1
      libregistry0-debuginfo-32bit-4.2.4-15.1
      libsamba-credentials0-32bit-4.2.4-15.1
      libsamba-credentials0-debuginfo-32bit-4.2.4-15.1
      libsamba-hostconfig0-32bit-4.2.4-15.1
      libsamba-hostconfig0-debuginfo-32bit-4.2.4-15.1
      libsamba-passdb0-32bit-4.2.4-15.1
      libsamba-passdb0-debuginfo-32bit-4.2.4-15.1
      libsamba-policy0-32bit-4.2.4-15.1
      libsamba-policy0-debuginfo-32bit-4.2.4-15.1
      libsamba-util0-32bit-4.2.4-15.1
      libsamba-util0-debuginfo-32bit-4.2.4-15.1
      libsamdb0-32bit-4.2.4-15.1
      libsamdb0-debuginfo-32bit-4.2.4-15.1
      libsmbclient-raw0-32bit-4.2.4-15.1
      libsmbclient-raw0-debuginfo-32bit-4.2.4-15.1
      libsmbclient0-32bit-4.2.4-15.1
      libsmbclient0-debuginfo-32bit-4.2.4-15.1
      libsmbconf0-32bit-4.2.4-15.1
      libsmbconf0-debuginfo-32bit-4.2.4-15.1
      libsmbldap0-32bit-4.2.4-15.1
      libsmbldap0-debuginfo-32bit-4.2.4-15.1
      libtevent-util0-32bit-4.2.4-15.1
      libtevent-util0-debuginfo-32bit-4.2.4-15.1
      libwbclient0-32bit-4.2.4-15.1
      libwbclient0-debuginfo-32bit-4.2.4-15.1
      samba-32bit-4.2.4-15.1
      samba-client-32bit-4.2.4-15.1
      samba-client-debuginfo-32bit-4.2.4-15.1
      samba-debuginfo-32bit-4.2.4-15.1
      samba-libs-32bit-4.2.4-15.1
      samba-libs-debuginfo-32bit-4.2.4-15.1
      samba-winbind-32bit-4.2.4-15.1
      samba-winbind-debuginfo-32bit-4.2.4-15.1

References:

   https://www.suse.com/security/cve/CVE-2015-5370.html
   https://www.suse.com/security/cve/CVE-2016-2110.html
   https://www.suse.com/security/cve/CVE-2016-2111.html
   https://www.suse.com/security/cve/CVE-2016-2112.html
   https://www.suse.com/security/cve/CVE-2016-2113.html
   https://www.suse.com/security/cve/CVE-2016-2115.html
   https://www.suse.com/security/cve/CVE-2016-2118.html
   https://bugzilla.suse.com/924519
   https://bugzilla.suse.com/936862
   https://bugzilla.suse.com/968973
   https://bugzilla.suse.com/971965
   https://bugzilla.suse.com/972197
   https://bugzilla.suse.com/973031
   https://bugzilla.suse.com/973032
   https://bugzilla.suse.com/973033
   https://bugzilla.suse.com/973034
   https://bugzilla.suse.com/973036
   https://bugzilla.suse.com/973832
   https://bugzilla.suse.com/974629


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

   SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:1028-1
Rating:             important
References:         #936862 #967017 #971965 #973031 #973032 #973033
                    #973034 #973036
Cross-References:   CVE-2015-5370 CVE-2016-2110 CVE-2016-2111
                    CVE-2016-2112 CVE-2016-2113 CVE-2016-2115
                    CVE-2016-2118
Affected Products:
                    SUSE Linux Enterprise Server 11-SP2-LTSS
                    SUSE Linux Enterprise Debuginfo 11-SP2
______________________________________________________________________________

   An update that solves 7 vulnerabilities and has one errata
   is now available.

Description:

   samba was updated to fix seven security issues.

   These security issues were fixed:
   – CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM
     attacks (bsc#936862).
   – CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
     authentication (bsc#973031).
   – CVE-2016-2111: Domain controller netlogon member computer could have
     been spoofed (bsc#973032).
   – CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM
     attack (bsc#973033).
   – CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
   – CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks
     (bsc#973036).
   – CVE-2016-2118: “Badlock” DCERPC impersonation of authenticated account
     were possible (bsc#971965).

   These non-security issues were fixed:
   – bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint
     function
   – Getting and setting Windows ACLs on symlinks can change permissions on
     link

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   – SUSE Linux Enterprise Server 11-SP2-LTSS:

      zypper in -t patch slessp2-samba-12508=1

   – SUSE Linux Enterprise Debuginfo 11-SP2:

      zypper in -t patch dbgsp2-samba-12508=1

   To bring your system up-to-date, use “zypper patch”.

Package List:

   – SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64):

      ldapsmb-1.34b-52.1
      libldb1-3.6.3-52.1
      libsmbclient0-3.6.3-52.1
      libtalloc2-3.6.3-52.1
      libtdb1-3.6.3-52.1
      libtevent0-3.6.3-52.1
      libwbclient0-3.6.3-52.1
      samba-3.6.3-52.1
      samba-client-3.6.3-52.1
      samba-krb-printing-3.6.3-52.1
      samba-winbind-3.6.3-52.1

   – SUSE Linux Enterprise Server 11-SP2-LTSS (s390x x86_64):

      libsmbclient0-32bit-3.6.3-52.1
      libtalloc2-32bit-3.6.3-52.1
      libtdb1-32bit-3.6.3-52.1
      libtevent0-32bit-3.6.3-52.1
      libwbclient0-32bit-3.6.3-52.1
      samba-32bit-3.6.3-52.1
      samba-client-32bit-3.6.3-52.1
      samba-winbind-32bit-3.6.3-52.1

   – SUSE Linux Enterprise Server 11-SP2-LTSS (noarch):

      samba-doc-3.6.3-52.1

   – SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64):

      samba-debuginfo-3.6.3-52.1
      samba-debugsource-3.6.3-52.1

   – SUSE Linux Enterprise Debuginfo 11-SP2 (s390x x86_64):

      samba-debuginfo-32bit-3.6.3-52.1

References:

   https://www.suse.com/security/cve/CVE-2015-5370.html
   https://www.suse.com/security/cve/CVE-2016-2110.html
   https://www.suse.com/security/cve/CVE-2016-2111.html
   https://www.suse.com/security/cve/CVE-2016-2112.html
   https://www.suse.com/security/cve/CVE-2016-2113.html
   https://www.suse.com/security/cve/CVE-2016-2115.html
   https://www.suse.com/security/cve/CVE-2016-2118.html
   https://bugzilla.suse.com/936862
   https://bugzilla.suse.com/967017
   https://bugzilla.suse.com/971965
   https://bugzilla.suse.com/973031
   https://bugzilla.suse.com/973032
   https://bugzilla.suse.com/973033
   https://bugzilla.suse.com/973034
   https://bugzilla.suse.com/973036


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Nadogradnja za protokole programskih paketa SAM i LSAD

Microsoft je izdao nadogradnju za otklanjanje ranjivosti u protokolima programskih paketa SAM (Security Account Manager) i LSAD (Local Security Authority...

Close