SUSE-SU-2016:1028-1

Source
https://www.suse.com/support/update/announcement/2016/suse-su-20161028-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:1028-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2016:1028-1
Related
Published
2016-04-13T14:32:30Z
Modified
2016-04-13T14:32:30Z
Summary
Security update for samba
Details

samba was updated to fix seven security issues.

These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965).

These non-security issues were fixed: - bsc#967017: Fix leaking memory in libsmbclient in clisetmntpoint function - Getting and setting Windows ACLs on symlinks can change permissions on link

References

Affected packages

SUSE:Linux Enterprise Server 11 SP2-LTSS / samba

Package

Name
samba
Purl
pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.3-52.1

Ecosystem specific

{
    "binaries": [
        {
            "libtevent0-32bit": "3.6.3-52.1",
            "samba": "3.6.3-52.1",
            "libwbclient0-32bit": "3.6.3-52.1",
            "samba-winbind-32bit": "3.6.3-52.1",
            "samba-doc": "3.6.3-52.1",
            "samba-krb-printing": "3.6.3-52.1",
            "libtdb1-32bit": "3.6.3-52.1",
            "libtalloc2-32bit": "3.6.3-52.1",
            "libldb1": "3.6.3-52.1",
            "samba-client": "3.6.3-52.1",
            "libtevent0": "3.6.3-52.1",
            "ldapsmb": "1.34b-52.1",
            "samba-client-32bit": "3.6.3-52.1",
            "libtalloc2": "3.6.3-52.1",
            "libtdb1": "3.6.3-52.1",
            "samba-32bit": "3.6.3-52.1",
            "samba-winbind": "3.6.3-52.1",
            "libwbclient0": "3.6.3-52.1",
            "libsmbclient0-32bit": "3.6.3-52.1",
            "libsmbclient0": "3.6.3-52.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP2-LTSS / samba-doc

Package

Name
samba-doc
Purl
pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.3-52.1

Ecosystem specific

{
    "binaries": [
        {
            "libtevent0-32bit": "3.6.3-52.1",
            "samba": "3.6.3-52.1",
            "libwbclient0-32bit": "3.6.3-52.1",
            "samba-winbind-32bit": "3.6.3-52.1",
            "samba-doc": "3.6.3-52.1",
            "samba-krb-printing": "3.6.3-52.1",
            "libtdb1-32bit": "3.6.3-52.1",
            "libtalloc2-32bit": "3.6.3-52.1",
            "libldb1": "3.6.3-52.1",
            "samba-client": "3.6.3-52.1",
            "libtevent0": "3.6.3-52.1",
            "ldapsmb": "1.34b-52.1",
            "samba-client-32bit": "3.6.3-52.1",
            "libtalloc2": "3.6.3-52.1",
            "libtdb1": "3.6.3-52.1",
            "samba-32bit": "3.6.3-52.1",
            "samba-winbind": "3.6.3-52.1",
            "libwbclient0": "3.6.3-52.1",
            "libsmbclient0-32bit": "3.6.3-52.1",
            "libsmbclient0": "3.6.3-52.1"
        }
    ]
}