SUSE-SU-2016:0032-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:0032-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2016:0032-1
- Related
- Published
- 2016-01-05T15:20:38Z
- Modified
- 2016-01-05T15:20:38Z
- Summary
- Security update for samba
- Details
-
This update for Samba fixes the following security issues:
- CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586).
- CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582).
- CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584).
- CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583).
Non-security issues fixed:
- Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022).
- Address unrecoverable winbind failure: 'key length too large' (bnc#934299).
- Take resource group sids into account when caching netsamlogon data (bnc#912457).
- Use domain name if search by domain SID fails to send SIDHistory lookups to correct idmap backend (bnc#773464).
- Remove deprecated baserid example from idmaprid manpage (bnc#913304).
- Purge printer name cache on spoolss SetPrinter change (bnc#901813).
- Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244).
- References
-
- https://www.suse.com/support/update/announcement/2016/suse-su-20160032-1/
- https://bugzilla.suse.com/295284
- https://bugzilla.suse.com/773464
- https://bugzilla.suse.com/901813
- https://bugzilla.suse.com/912457
- https://bugzilla.suse.com/913304
- https://bugzilla.suse.com/934299
- https://bugzilla.suse.com/948244
- https://bugzilla.suse.com/949022
- https://bugzilla.suse.com/958582
- https://bugzilla.suse.com/958583
- https://bugzilla.suse.com/958584
- https://bugzilla.suse.com/958586
- https://www.suse.com/security/cve/CVE-2015-5252
- https://www.suse.com/security/cve/CVE-2015-5296
- https://www.suse.com/security/cve/CVE-2015-5299
- https://www.suse.com/security/cve/CVE-2015-5330
Affected packages
SUSE:Linux Enterprise Server 11 SP2-LTSS / samba
Package
- Name
- samba
- Purl
- purl:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.3-45.2
Ecosystem specific
{
"binaries": [
{
"libtevent0-32bit": "3.6.3-45.2",
"samba": "3.6.3-45.2",
"libwbclient0-32bit": "3.6.3-45.2",
"samba-winbind-32bit": "3.6.3-45.2",
"samba-doc": "3.6.3-45.2",
"samba-krb-printing": "3.6.3-45.2",
"libtdb1-32bit": "3.6.3-45.2",
"libtalloc2-32bit": "3.6.3-45.2",
"libldb1": "3.6.3-45.2",
"samba-client": "3.6.3-45.2",
"libtevent0": "3.6.3-45.2",
"ldapsmb": "1.34b-45.2",
"samba-client-32bit": "3.6.3-45.2",
"libtalloc2": "3.6.3-45.2",
"libtdb1": "3.6.3-45.2",
"samba-32bit": "3.6.3-45.2",
"samba-winbind": "3.6.3-45.2",
"libwbclient0": "3.6.3-45.2",
"libsmbclient0-32bit": "3.6.3-45.2",
"libsmbclient0": "3.6.3-45.2"
}
]
}
SUSE:Linux Enterprise Server 11 SP2-LTSS / samba-doc
Package
- Name
- samba-doc
- Purl
- purl:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.3-45.2
Ecosystem specific
{
"binaries": [
{
"libtevent0-32bit": "3.6.3-45.2",
"samba": "3.6.3-45.2",
"libwbclient0-32bit": "3.6.3-45.2",
"samba-winbind-32bit": "3.6.3-45.2",
"samba-doc": "3.6.3-45.2",
"samba-krb-printing": "3.6.3-45.2",
"libtdb1-32bit": "3.6.3-45.2",
"libtalloc2-32bit": "3.6.3-45.2",
"libldb1": "3.6.3-45.2",
"samba-client": "3.6.3-45.2",
"libtevent0": "3.6.3-45.2",
"ldapsmb": "1.34b-45.2",
"samba-client-32bit": "3.6.3-45.2",
"libtalloc2": "3.6.3-45.2",
"libtdb1": "3.6.3-45.2",
"samba-32bit": "3.6.3-45.2",
"samba-winbind": "3.6.3-45.2",
"libwbclient0": "3.6.3-45.2",
"libsmbclient0-32bit": "3.6.3-45.2",
"libsmbclient0": "3.6.3-45.2"
}
]
}