Описание
Security update for samba
This update for Samba fixes the following security issues:
- CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586)
- CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582)
- CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584)
- CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583)
Non-security issues fixed:
- Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022)
- Ensure samlogon fall-back requests are rerouted after kerberos failure (bnc#953382)
- Ensure 'Your account is disabled' message is displayed when attempting to ssh into locked account (bnc#953382)
- Address unrecoverable winbind failure: 'key length too large' (bnc#934299)
- Take resource group sids into account when caching netsamlogon data (bnc#912457)
- Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244)
- dependency issue with samba-winbind (bnc#936909)
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
libldb1-3.6.3-64.1
libldb1-32bit-3.6.3-64.1
libsmbclient0-3.6.3-64.1
libsmbclient0-32bit-3.6.3-64.1
libtalloc2-3.6.3-64.1
libtalloc2-32bit-3.6.3-64.1
libtdb1-3.6.3-64.1
libtdb1-32bit-3.6.3-64.1
libtevent0-3.6.3-64.1
libtevent0-32bit-3.6.3-64.1
libwbclient0-3.6.3-64.1
libwbclient0-32bit-3.6.3-64.1
samba-3.6.3-64.1
samba-32bit-3.6.3-64.1
samba-client-3.6.3-64.1
samba-client-32bit-3.6.3-64.1
samba-doc-3.6.3-64.1
samba-krb-printing-3.6.3-64.1
samba-winbind-3.6.3-64.1
samba-winbind-32bit-3.6.3-64.1
SUSE Linux Enterprise Desktop 11 SP4
libldb1-3.6.3-64.1
libldb1-32bit-3.6.3-64.1
libsmbclient0-3.6.3-64.1
libsmbclient0-32bit-3.6.3-64.1
libtalloc2-3.6.3-64.1
libtalloc2-32bit-3.6.3-64.1
libtdb1-3.6.3-64.1
libtdb1-32bit-3.6.3-64.1
libtevent0-3.6.3-64.1
libtevent0-32bit-3.6.3-64.1
libwbclient0-3.6.3-64.1
libwbclient0-32bit-3.6.3-64.1
samba-3.6.3-64.1
samba-32bit-3.6.3-64.1
samba-client-3.6.3-64.1
samba-client-32bit-3.6.3-64.1
samba-doc-3.6.3-64.1
samba-krb-printing-3.6.3-64.1
samba-winbind-3.6.3-64.1
samba-winbind-32bit-3.6.3-64.1
SUSE Linux Enterprise Server 11 SP3
ldapsmb-1.34b-64.1
libldb1-3.6.3-64.1
libsmbclient0-3.6.3-64.1
libsmbclient0-32bit-3.6.3-64.1
libsmbclient0-x86-3.6.3-64.1
libtalloc2-3.6.3-64.1
libtalloc2-32bit-3.6.3-64.1
libtalloc2-x86-3.6.3-64.1
libtdb1-3.6.3-64.1
libtdb1-32bit-3.6.3-64.1
libtdb1-x86-3.6.3-64.1
libtevent0-3.6.3-64.1
libtevent0-32bit-3.6.3-64.1
libwbclient0-3.6.3-64.1
libwbclient0-32bit-3.6.3-64.1
libwbclient0-x86-3.6.3-64.1
samba-3.6.3-64.1
samba-32bit-3.6.3-64.1
samba-client-3.6.3-64.1
samba-client-32bit-3.6.3-64.1
samba-client-x86-3.6.3-64.1
samba-doc-3.6.3-64.1
samba-krb-printing-3.6.3-64.1
samba-winbind-3.6.3-64.1
samba-winbind-32bit-3.6.3-64.1
samba-winbind-x86-3.6.3-64.1
samba-x86-3.6.3-64.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
ldapsmb-1.34b-64.1
libldb1-3.6.3-64.1
libsmbclient0-3.6.3-64.1
libsmbclient0-32bit-3.6.3-64.1
libsmbclient0-x86-3.6.3-64.1
libtalloc2-3.6.3-64.1
libtalloc2-32bit-3.6.3-64.1
libtalloc2-x86-3.6.3-64.1
libtdb1-3.6.3-64.1
libtdb1-32bit-3.6.3-64.1
libtdb1-x86-3.6.3-64.1
libtevent0-3.6.3-64.1
libtevent0-32bit-3.6.3-64.1
libwbclient0-3.6.3-64.1
libwbclient0-32bit-3.6.3-64.1
libwbclient0-x86-3.6.3-64.1
samba-3.6.3-64.1
samba-32bit-3.6.3-64.1
samba-client-3.6.3-64.1
samba-client-32bit-3.6.3-64.1
samba-client-x86-3.6.3-64.1
samba-doc-3.6.3-64.1
samba-krb-printing-3.6.3-64.1
samba-winbind-3.6.3-64.1
samba-winbind-32bit-3.6.3-64.1
samba-winbind-x86-3.6.3-64.1
samba-x86-3.6.3-64.1
SUSE Linux Enterprise Server 11 SP4
ldapsmb-1.34b-64.1
libldb1-3.6.3-64.1
libsmbclient0-3.6.3-64.1
libsmbclient0-32bit-3.6.3-64.1
libsmbclient0-x86-3.6.3-64.1
libtalloc2-3.6.3-64.1
libtalloc2-32bit-3.6.3-64.1
libtalloc2-x86-3.6.3-64.1
libtdb1-3.6.3-64.1
libtdb1-32bit-3.6.3-64.1
libtdb1-x86-3.6.3-64.1
libtevent0-3.6.3-64.1
libtevent0-32bit-3.6.3-64.1
libtevent0-x86-3.6.3-64.1
libwbclient0-3.6.3-64.1
libwbclient0-32bit-3.6.3-64.1
libwbclient0-x86-3.6.3-64.1
samba-3.6.3-64.1
samba-32bit-3.6.3-64.1
samba-client-3.6.3-64.1
samba-client-32bit-3.6.3-64.1
samba-client-x86-3.6.3-64.1
samba-doc-3.6.3-64.1
samba-krb-printing-3.6.3-64.1
samba-winbind-3.6.3-64.1
samba-winbind-32bit-3.6.3-64.1
samba-winbind-x86-3.6.3-64.1
samba-x86-3.6.3-64.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
ldapsmb-1.34b-64.1
libldb1-3.6.3-64.1
libsmbclient0-3.6.3-64.1
libsmbclient0-32bit-3.6.3-64.1
libsmbclient0-x86-3.6.3-64.1
libtalloc2-3.6.3-64.1
libtalloc2-32bit-3.6.3-64.1
libtalloc2-x86-3.6.3-64.1
libtdb1-3.6.3-64.1
libtdb1-32bit-3.6.3-64.1
libtdb1-x86-3.6.3-64.1
libtevent0-3.6.3-64.1
libtevent0-32bit-3.6.3-64.1
libwbclient0-3.6.3-64.1
libwbclient0-32bit-3.6.3-64.1
libwbclient0-x86-3.6.3-64.1
samba-3.6.3-64.1
samba-32bit-3.6.3-64.1
samba-client-3.6.3-64.1
samba-client-32bit-3.6.3-64.1
samba-client-x86-3.6.3-64.1
samba-doc-3.6.3-64.1
samba-krb-printing-3.6.3-64.1
samba-winbind-3.6.3-64.1
samba-winbind-32bit-3.6.3-64.1
samba-winbind-x86-3.6.3-64.1
samba-x86-3.6.3-64.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
ldapsmb-1.34b-64.1
libldb1-3.6.3-64.1
libsmbclient0-3.6.3-64.1
libsmbclient0-32bit-3.6.3-64.1
libsmbclient0-x86-3.6.3-64.1
libtalloc2-3.6.3-64.1
libtalloc2-32bit-3.6.3-64.1
libtalloc2-x86-3.6.3-64.1
libtdb1-3.6.3-64.1
libtdb1-32bit-3.6.3-64.1
libtdb1-x86-3.6.3-64.1
libtevent0-3.6.3-64.1
libtevent0-32bit-3.6.3-64.1
libtevent0-x86-3.6.3-64.1
libwbclient0-3.6.3-64.1
libwbclient0-32bit-3.6.3-64.1
libwbclient0-x86-3.6.3-64.1
samba-3.6.3-64.1
samba-32bit-3.6.3-64.1
samba-client-3.6.3-64.1
samba-client-32bit-3.6.3-64.1
samba-client-x86-3.6.3-64.1
samba-doc-3.6.3-64.1
samba-krb-printing-3.6.3-64.1
samba-winbind-3.6.3-64.1
samba-winbind-32bit-3.6.3-64.1
samba-winbind-x86-3.6.3-64.1
samba-x86-3.6.3-64.1
SUSE Linux Enterprise Software Development Kit 11 SP3
libldb-devel-3.6.3-64.1
libnetapi-devel-3.6.3-64.1
libnetapi0-3.6.3-64.1
libsmbclient-devel-3.6.3-64.1
libsmbsharemodes-devel-3.6.3-64.1
libsmbsharemodes0-3.6.3-64.1
libtalloc-devel-3.6.3-64.1
libtdb-devel-3.6.3-64.1
libtevent-devel-3.6.3-64.1
libwbclient-devel-3.6.3-64.1
samba-devel-3.6.3-64.1
samba-test-3.6.3-64.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libldb-devel-3.6.3-64.1
libnetapi-devel-3.6.3-64.1
libnetapi0-3.6.3-64.1
libsmbclient-devel-3.6.3-64.1
libsmbsharemodes-devel-3.6.3-64.1
libsmbsharemodes0-3.6.3-64.1
libtalloc-devel-3.6.3-64.1
libtdb-devel-3.6.3-64.1
libtevent-devel-3.6.3-64.1
libwbclient-devel-3.6.3-64.1
samba-devel-3.6.3-64.1
samba-test-3.6.3-64.1
Ссылки
- Link for SUSE-SU-2016:0164-1
- E-Mail link for SUSE-SU-2016:0164-1
- SUSE Security Ratings
- SUSE Bug 295284
- SUSE Bug 912457
- SUSE Bug 934299
- SUSE Bug 936909
- SUSE Bug 948244
- SUSE Bug 949022
- SUSE Bug 953382
- SUSE Bug 958582
- SUSE Bug 958583
- SUSE Bug 958584
- SUSE Bug 958586
- SUSE CVE CVE-2015-5252 page
- SUSE CVE CVE-2015-5296 page
- SUSE CVE CVE-2015-5299 page
- SUSE CVE CVE-2015-5330 page
Описание
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libldb1-3.6.3-64.1
SUSE Linux Enterprise Desktop 11 SP3:libldb1-32bit-3.6.3-64.1
SUSE Linux Enterprise Desktop 11 SP3:libsmbclient0-3.6.3-64.1
SUSE Linux Enterprise Desktop 11 SP3:libsmbclient0-32bit-3.6.3-64.1
Ссылки
- CVE-2015-5252
- SUSE Bug 958582
Описание
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libldb1-3.6.3-64.1
SUSE Linux Enterprise Desktop 11 SP3:libldb1-32bit-3.6.3-64.1
SUSE Linux Enterprise Desktop 11 SP3:libsmbclient0-3.6.3-64.1
SUSE Linux Enterprise Desktop 11 SP3:libsmbclient0-32bit-3.6.3-64.1
Ссылки
- CVE-2015-5296
- SUSE Bug 1058622
- SUSE Bug 958584
- SUSE Bug 973031
Описание
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libldb1-3.6.3-64.1
SUSE Linux Enterprise Desktop 11 SP3:libldb1-32bit-3.6.3-64.1
SUSE Linux Enterprise Desktop 11 SP3:libsmbclient0-3.6.3-64.1
SUSE Linux Enterprise Desktop 11 SP3:libsmbclient0-32bit-3.6.3-64.1
Ссылки
- CVE-2015-5299
- SUSE Bug 958583
Описание
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libldb1-3.6.3-64.1
SUSE Linux Enterprise Desktop 11 SP3:libldb1-32bit-3.6.3-64.1
SUSE Linux Enterprise Desktop 11 SP3:libsmbclient0-3.6.3-64.1
SUSE Linux Enterprise Desktop 11 SP3:libsmbclient0-32bit-3.6.3-64.1
Ссылки
- CVE-2015-5330
- SUSE Bug 958581
- SUSE Bug 958586