You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa samba

Sigurnosni nedostaci programskog paketa samba

SUSE Security Update: Security update for samba
______________________________________________________________________________

Announcement ID: SUSE-SU-2016:1105-1
Rating: important
References: #913087 #958582 #973031 #973032
Cross-References: CVE-2015-5252 CVE-2016-2110 CVE-2016-2111

Affected Products:
SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________

An update that solves three vulnerabilities and has one
errata is now available.

Description:

Samba was updated to fix three security issues.

These security issues were fixed:

* CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
authentication (bso#11688, bsc#973031).
* CVE-2016-2111: Domain controller netlogon member computer could have
been spoofed (bso#11749, bsc#973032).
* CVE-2015-5252: Insufficient symlink verification (allowed file access
outside the share) (bso#11395, bnc#958582).

This non-security issue was fixed:

* Allow “delete readonly = yes” to correctly override deletion of a
file (bsc#913087, bso#5073)

Security Issues:

* CVE-2016-2110
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110>
* CVE-2016-2111
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111>
* CVE-2015-5252
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252>

Contraindications:

Package List:

– SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):

cifs-mount-3.0.36-0.13.32.1
ldapsmb-1.34b-25.13.32.1
libmsrpc-3.0.36-0.13.32.1
libmsrpc-devel-3.0.36-0.13.32.1
libsmbclient-3.0.36-0.13.32.1
libsmbclient-devel-3.0.36-0.13.32.1
samba-3.0.36-0.13.32.1
samba-client-3.0.36-0.13.32.1
samba-krb-printing-3.0.36-0.13.32.1
samba-python-3.0.36-0.13.32.1
samba-vscan-0.3.6b-43.13.32.1
samba-winbind-3.0.36-0.13.32.1

– SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):

libsmbclient-32bit-3.0.36-0.13.32.1
samba-32bit-3.0.36-0.13.32.1
samba-client-32bit-3.0.36-0.13.32.1
samba-winbind-32bit-3.0.36-0.13.32.1

– SUSE Linux Enterprise Server 10 SP4 LTSS (noarch):

samba-doc-3.0.36-0.12.32.1

References:

https://www.suse.com/security/cve/CVE-2015-5252.html
https://www.suse.com/security/cve/CVE-2016-2110.html
https://www.suse.com/security/cve/CVE-2016-2111.html
https://bugzilla.suse.com/913087
https://bugzilla.suse.com/958582
https://bugzilla.suse.com/973031
https://bugzilla.suse.com/973032
https://download.suse.com/patch/finder/?keywords=7a8b86525db490aaf0868ada97807c68


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosna nadogradnja za programski paket firefox

Izdana je nadogradnja za programski paket firefox za operacijski sustav Ubuntu. Ovom nadogradnjom se ispravlja neispravan rad vec izdane sigurnosne...

Close