Security update for samba

SUSE Security Update: Security update for samba
Announcement ID: SUSE-SU-2016:1105-1
Rating: important
References: #913087 #958582 #973031 #973032
Affected Products:
  • SUSE Linux Enterprise Server 10 SP4 LTSS
    		•

    An update that solves three vulnerabilities and has one errata is now available.

    Description:

    Samba was updated to fix three security issues.

    These security issues were fixed:

    • CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bso#11688, bsc#973031).
    • CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bso#11749, bsc#973032).
    • CVE-2015-5252: Insufficient symlink verification (allowed file access outside the share) (bso#11395, bnc#958582).

    This non-security issue was fixed:

    • Allow "delete readonly = yes" to correctly override deletion of a file (bsc#913087, bso#5073)

    Security Issues:

    Contraindications:

    None

    Package List:

    • SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):
      • cifs-mount-3.0.36-0.13.32.1
      • ldapsmb-1.34b-25.13.32.1
      • libmsrpc-3.0.36-0.13.32.1
      • libmsrpc-devel-3.0.36-0.13.32.1
      • libsmbclient-3.0.36-0.13.32.1
      • libsmbclient-devel-3.0.36-0.13.32.1
      • samba-3.0.36-0.13.32.1
      • samba-client-3.0.36-0.13.32.1
      • samba-krb-printing-3.0.36-0.13.32.1
      • samba-python-3.0.36-0.13.32.1
      • samba-vscan-0.3.6b-43.13.32.1
      • samba-winbind-3.0.36-0.13.32.1
    • SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):
      • libsmbclient-32bit-3.0.36-0.13.32.1
      • samba-32bit-3.0.36-0.13.32.1
      • samba-client-32bit-3.0.36-0.13.32.1
      • samba-winbind-32bit-3.0.36-0.13.32.1
    • SUSE Linux Enterprise Server 10 SP4 LTSS (noarch):
      • samba-doc-3.0.36-0.12.32.1

    References: