Security update for samba

Announcement ID:	SUSE-SU-2016:1028-1
Rating:	important
References:	bsc#936862 bsc#967017 bsc#971965 bsc#973031 bsc#973032 bsc#973033 bsc#973034 bsc#973036
Cross-References:	CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118
CVSS scores:	CVE-2016-2110 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2016-2111 ( NVD ): 6.3 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2016-2112 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2016-2113 ( NVD ): 7.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2016-2115 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2016-2118 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-2118 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Server 11 SP2 LTSS 11-SP2

An update that solves seven vulnerabilities and has one security fix can now be installed.

Description:

samba was updated to fix seven security issues.

These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account were possible (bsc#971965).

These non-security issues were fixed: - bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint function - Getting and setting Windows ACLs on symlinks can change permissions on link

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 11 SP2 LTSS 11-SP2
  zypper in -t patch slessp2-samba-12508=1

Package List:

• SUSE Linux Enterprise Server 11 SP2 LTSS 11-SP2 (s390x x86_64 i586)
  • libtdb1-3.6.3-52.1
  • libtevent0-3.6.3-52.1
  • libwbclient0-3.6.3-52.1
  • samba-3.6.3-52.1
  • libtalloc2-3.6.3-52.1
  • samba-client-3.6.3-52.1
  • samba-krb-printing-3.6.3-52.1
  • ldapsmb-1.34b-52.1
  • samba-winbind-3.6.3-52.1
  • libsmbclient0-3.6.3-52.1
  • libldb1-3.6.3-52.1
• SUSE Linux Enterprise Server 11 SP2 LTSS 11-SP2 (noarch)
  • samba-doc-3.6.3-52.1
• SUSE Linux Enterprise Server 11 SP2 LTSS 11-SP2 (s390x x86_64)
  • libtevent0-32bit-3.6.3-52.1
  • samba-winbind-32bit-3.6.3-52.1
  • libwbclient0-32bit-3.6.3-52.1
  • libsmbclient0-32bit-3.6.3-52.1
  • samba-32bit-3.6.3-52.1
  • samba-client-32bit-3.6.3-52.1
  • libtdb1-32bit-3.6.3-52.1
  • libtalloc2-32bit-3.6.3-52.1

References:

• https://www.suse.com/security/cve/CVE-2015-5370.html
• https://www.suse.com/security/cve/CVE-2016-2110.html
• https://www.suse.com/security/cve/CVE-2016-2111.html
• https://www.suse.com/security/cve/CVE-2016-2112.html
• https://www.suse.com/security/cve/CVE-2016-2113.html
• https://www.suse.com/security/cve/CVE-2016-2115.html
• https://www.suse.com/security/cve/CVE-2016-2118.html
• https://bugzilla.suse.com/show_bug.cgi?id=936862
• https://bugzilla.suse.com/show_bug.cgi?id=967017
• https://bugzilla.suse.com/show_bug.cgi?id=971965
• https://bugzilla.suse.com/show_bug.cgi?id=973031
• https://bugzilla.suse.com/show_bug.cgi?id=973032
• https://bugzilla.suse.com/show_bug.cgi?id=973033
• https://bugzilla.suse.com/show_bug.cgi?id=973034
• https://bugzilla.suse.com/show_bug.cgi?id=973036