Описание
Security update for samba
This update for Samba fixes the following security issues:
- CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586).
- CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582).
- CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584).
- CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583).
Non-security issues fixed:
- Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022).
- Address unrecoverable winbind failure: 'key length too large' (bnc#934299).
- Take resource group sids into account when caching netsamlogon data (bnc#912457).
- Use domain name if search by domain SID fails to send SIDHistory lookups to correct idmap backend (bnc#773464).
- Remove deprecated base_rid example from idmap_rid manpage (bnc#913304).
- Purge printer name cache on spoolss SetPrinter change (bnc#901813).
- Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244).
Список пакетов
SUSE Linux Enterprise Server 11 SP2-LTSS
Ссылки
- Link for SUSE-SU-2016:0032-1
- E-Mail link for SUSE-SU-2016:0032-1
- SUSE Security Ratings
- SUSE Bug 295284
- SUSE Bug 773464
- SUSE Bug 901813
- SUSE Bug 912457
- SUSE Bug 913304
- SUSE Bug 934299
- SUSE Bug 948244
- SUSE Bug 949022
- SUSE Bug 958582
- SUSE Bug 958583
- SUSE Bug 958584
- SUSE Bug 958586
- SUSE CVE CVE-2015-5252 page
- SUSE CVE CVE-2015-5296 page
- SUSE CVE CVE-2015-5299 page
- SUSE CVE CVE-2015-5330 page
Описание
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
Затронутые продукты
Ссылки
- CVE-2015-5252
- SUSE Bug 958582
Описание
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
Затронутые продукты
Ссылки
- CVE-2015-5296
- SUSE Bug 1058622
- SUSE Bug 958584
- SUSE Bug 973031
Описание
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
Затронутые продукты
Ссылки
- CVE-2015-5299
- SUSE Bug 958583
Описание
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.
Затронутые продукты
Ссылки
- CVE-2015-5330
- SUSE Bug 958581
- SUSE Bug 958586