SUSE-SU-2016:0032-1

Source
https://www.suse.com/support/update/announcement/2016/suse-su-20160032-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0032-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2016:0032-1
Related
Published
2016-01-05T15:20:38Z
Modified
2016-01-05T15:20:38Z
Summary
Security update for samba
Details

This update for Samba fixes the following security issues:

  • CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586).
  • CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582).
  • CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584).
  • CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583).

Non-security issues fixed:

  • Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022).
  • Address unrecoverable winbind failure: 'key length too large' (bnc#934299).
  • Take resource group sids into account when caching netsamlogon data (bnc#912457).
  • Use domain name if search by domain SID fails to send SIDHistory lookups to correct idmap backend (bnc#773464).
  • Remove deprecated baserid example from idmaprid manpage (bnc#913304).
  • Purge printer name cache on spoolss SetPrinter change (bnc#901813).
  • Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244).
References

Affected packages

SUSE:Linux Enterprise Server 11 SP2-LTSS / samba

Package

Name
samba
Purl
pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.3-45.2

Ecosystem specific

{
    "binaries": [
        {
            "libtevent0-32bit": "3.6.3-45.2",
            "samba": "3.6.3-45.2",
            "libwbclient0-32bit": "3.6.3-45.2",
            "samba-winbind-32bit": "3.6.3-45.2",
            "samba-doc": "3.6.3-45.2",
            "samba-krb-printing": "3.6.3-45.2",
            "libtdb1-32bit": "3.6.3-45.2",
            "libtalloc2-32bit": "3.6.3-45.2",
            "libldb1": "3.6.3-45.2",
            "samba-client": "3.6.3-45.2",
            "libtevent0": "3.6.3-45.2",
            "ldapsmb": "1.34b-45.2",
            "samba-client-32bit": "3.6.3-45.2",
            "libtalloc2": "3.6.3-45.2",
            "libtdb1": "3.6.3-45.2",
            "samba-32bit": "3.6.3-45.2",
            "samba-winbind": "3.6.3-45.2",
            "libwbclient0": "3.6.3-45.2",
            "libsmbclient0-32bit": "3.6.3-45.2",
            "libsmbclient0": "3.6.3-45.2"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP2-LTSS / samba-doc

Package

Name
samba-doc
Purl
pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.3-45.2

Ecosystem specific

{
    "binaries": [
        {
            "libtevent0-32bit": "3.6.3-45.2",
            "samba": "3.6.3-45.2",
            "libwbclient0-32bit": "3.6.3-45.2",
            "samba-winbind-32bit": "3.6.3-45.2",
            "samba-doc": "3.6.3-45.2",
            "samba-krb-printing": "3.6.3-45.2",
            "libtdb1-32bit": "3.6.3-45.2",
            "libtalloc2-32bit": "3.6.3-45.2",
            "libldb1": "3.6.3-45.2",
            "samba-client": "3.6.3-45.2",
            "libtevent0": "3.6.3-45.2",
            "ldapsmb": "1.34b-45.2",
            "samba-client-32bit": "3.6.3-45.2",
            "libtalloc2": "3.6.3-45.2",
            "libtdb1": "3.6.3-45.2",
            "samba-32bit": "3.6.3-45.2",
            "samba-winbind": "3.6.3-45.2",
            "libwbclient0": "3.6.3-45.2",
            "libsmbclient0-32bit": "3.6.3-45.2",
            "libsmbclient0": "3.6.3-45.2"
        }
    ]
}