Описание
Security update for samba
This update for the samba server fixes the following issues:
Security issue fixed:
- CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222).
Other bugs fixed:
- Enable clustering (CTDB) support; (bsc#966271).
- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023).
- vfs_fruit: Fix renaming directories with open files; (bso#11065).
- Fix MacOS finder error 36 when copying folder to Samba; (bso#11347).
- s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400).
- Fix copying files with vfs_fruit when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466).
- s3:libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624).
- Reduce the memory footprint of empty string options; (bso#11625).
- lib/async_req: Do not install async_connect_send_test; (bso#11639).
- docs: Fix typos in man vfs_gpfs; (bso#11641).
- smbd: make 'hide dot files' option work with 'store dos attributes = yes'; (bso#11645).
- smbcacls: Fix uninitialized variable; (bso#11682).
- s3:smbd: Ignore initial allocation size for directory creation; (bso#11684).
- Add quotes around path of update-apparmor-samba-profile; (bsc#962177).
- Prevent access denied if the share path is '/'; (bso#11647); (bsc#960249).
- Ensure samlogon fallback requests are rerouted after kerberos failure; (bsc#953972).
- samba: winbind crash -> netlogon_creds_client_authenticator; (bsc#953972)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
libdcerpc-binding0-4.2.4-11.1
libdcerpc-binding0-32bit-4.2.4-11.1
libdcerpc0-4.2.4-11.1
libdcerpc0-32bit-4.2.4-11.1
libgensec0-4.2.4-11.1
libgensec0-32bit-4.2.4-11.1
libndr-krb5pac0-4.2.4-11.1
libndr-krb5pac0-32bit-4.2.4-11.1
libndr-nbt0-4.2.4-11.1
libndr-nbt0-32bit-4.2.4-11.1
libndr-standard0-4.2.4-11.1
libndr-standard0-32bit-4.2.4-11.1
libndr0-4.2.4-11.1
libndr0-32bit-4.2.4-11.1
libnetapi0-4.2.4-11.1
libnetapi0-32bit-4.2.4-11.1
libregistry0-4.2.4-11.1
libsamba-credentials0-4.2.4-11.1
libsamba-credentials0-32bit-4.2.4-11.1
libsamba-hostconfig0-4.2.4-11.1
libsamba-hostconfig0-32bit-4.2.4-11.1
libsamba-passdb0-4.2.4-11.1
libsamba-passdb0-32bit-4.2.4-11.1
libsamba-util0-4.2.4-11.1
libsamba-util0-32bit-4.2.4-11.1
libsamdb0-4.2.4-11.1
libsamdb0-32bit-4.2.4-11.1
libsmbclient-raw0-4.2.4-11.1
libsmbclient-raw0-32bit-4.2.4-11.1
libsmbclient0-4.2.4-11.1
libsmbclient0-32bit-4.2.4-11.1
libsmbconf0-4.2.4-11.1
libsmbconf0-32bit-4.2.4-11.1
libsmbldap0-4.2.4-11.1
libsmbldap0-32bit-4.2.4-11.1
libtevent-util0-4.2.4-11.1
libtevent-util0-32bit-4.2.4-11.1
libwbclient0-4.2.4-11.1
libwbclient0-32bit-4.2.4-11.1
samba-4.2.4-11.1
samba-32bit-4.2.4-11.1
samba-client-4.2.4-11.1
samba-client-32bit-4.2.4-11.1
samba-doc-4.2.4-11.1
samba-libs-4.2.4-11.1
samba-libs-32bit-4.2.4-11.1
samba-winbind-4.2.4-11.1
samba-winbind-32bit-4.2.4-11.1
SUSE Linux Enterprise Server 12 SP1
libdcerpc-binding0-4.2.4-11.1
libdcerpc-binding0-32bit-4.2.4-11.1
libdcerpc0-4.2.4-11.1
libdcerpc0-32bit-4.2.4-11.1
libgensec0-4.2.4-11.1
libgensec0-32bit-4.2.4-11.1
libndr-krb5pac0-4.2.4-11.1
libndr-krb5pac0-32bit-4.2.4-11.1
libndr-nbt0-4.2.4-11.1
libndr-nbt0-32bit-4.2.4-11.1
libndr-standard0-4.2.4-11.1
libndr-standard0-32bit-4.2.4-11.1
libndr0-4.2.4-11.1
libndr0-32bit-4.2.4-11.1
libnetapi0-4.2.4-11.1
libnetapi0-32bit-4.2.4-11.1
libregistry0-4.2.4-11.1
libsamba-credentials0-4.2.4-11.1
libsamba-credentials0-32bit-4.2.4-11.1
libsamba-hostconfig0-4.2.4-11.1
libsamba-hostconfig0-32bit-4.2.4-11.1
libsamba-passdb0-4.2.4-11.1
libsamba-passdb0-32bit-4.2.4-11.1
libsamba-util0-4.2.4-11.1
libsamba-util0-32bit-4.2.4-11.1
libsamdb0-4.2.4-11.1
libsamdb0-32bit-4.2.4-11.1
libsmbclient-raw0-4.2.4-11.1
libsmbclient-raw0-32bit-4.2.4-11.1
libsmbclient0-4.2.4-11.1
libsmbclient0-32bit-4.2.4-11.1
libsmbconf0-4.2.4-11.1
libsmbconf0-32bit-4.2.4-11.1
libsmbldap0-4.2.4-11.1
libsmbldap0-32bit-4.2.4-11.1
libtevent-util0-4.2.4-11.1
libtevent-util0-32bit-4.2.4-11.1
libwbclient0-4.2.4-11.1
libwbclient0-32bit-4.2.4-11.1
samba-4.2.4-11.1
samba-32bit-4.2.4-11.1
samba-client-4.2.4-11.1
samba-client-32bit-4.2.4-11.1
samba-doc-4.2.4-11.1
samba-libs-4.2.4-11.1
samba-libs-32bit-4.2.4-11.1
samba-winbind-4.2.4-11.1
samba-winbind-32bit-4.2.4-11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libdcerpc-binding0-4.2.4-11.1
libdcerpc-binding0-32bit-4.2.4-11.1
libdcerpc0-4.2.4-11.1
libdcerpc0-32bit-4.2.4-11.1
libgensec0-4.2.4-11.1
libgensec0-32bit-4.2.4-11.1
libndr-krb5pac0-4.2.4-11.1
libndr-krb5pac0-32bit-4.2.4-11.1
libndr-nbt0-4.2.4-11.1
libndr-nbt0-32bit-4.2.4-11.1
libndr-standard0-4.2.4-11.1
libndr-standard0-32bit-4.2.4-11.1
libndr0-4.2.4-11.1
libndr0-32bit-4.2.4-11.1
libnetapi0-4.2.4-11.1
libnetapi0-32bit-4.2.4-11.1
libregistry0-4.2.4-11.1
libsamba-credentials0-4.2.4-11.1
libsamba-credentials0-32bit-4.2.4-11.1
libsamba-hostconfig0-4.2.4-11.1
libsamba-hostconfig0-32bit-4.2.4-11.1
libsamba-passdb0-4.2.4-11.1
libsamba-passdb0-32bit-4.2.4-11.1
libsamba-util0-4.2.4-11.1
libsamba-util0-32bit-4.2.4-11.1
libsamdb0-4.2.4-11.1
libsamdb0-32bit-4.2.4-11.1
libsmbclient-raw0-4.2.4-11.1
libsmbclient-raw0-32bit-4.2.4-11.1
libsmbclient0-4.2.4-11.1
libsmbclient0-32bit-4.2.4-11.1
libsmbconf0-4.2.4-11.1
libsmbconf0-32bit-4.2.4-11.1
libsmbldap0-4.2.4-11.1
libsmbldap0-32bit-4.2.4-11.1
libtevent-util0-4.2.4-11.1
libtevent-util0-32bit-4.2.4-11.1
libwbclient0-4.2.4-11.1
libwbclient0-32bit-4.2.4-11.1
samba-4.2.4-11.1
samba-32bit-4.2.4-11.1
samba-client-4.2.4-11.1
samba-client-32bit-4.2.4-11.1
samba-doc-4.2.4-11.1
samba-libs-4.2.4-11.1
samba-libs-32bit-4.2.4-11.1
samba-winbind-4.2.4-11.1
samba-winbind-32bit-4.2.4-11.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libdcerpc-atsvc-devel-4.2.4-11.1
libdcerpc-atsvc0-4.2.4-11.1
libdcerpc-devel-4.2.4-11.1
libdcerpc-samr-devel-4.2.4-11.1
libdcerpc-samr0-4.2.4-11.1
libgensec-devel-4.2.4-11.1
libndr-devel-4.2.4-11.1
libndr-krb5pac-devel-4.2.4-11.1
libndr-nbt-devel-4.2.4-11.1
libndr-standard-devel-4.2.4-11.1
libnetapi-devel-4.2.4-11.1
libregistry-devel-4.2.4-11.1
libsamba-credentials-devel-4.2.4-11.1
libsamba-hostconfig-devel-4.2.4-11.1
libsamba-passdb-devel-4.2.4-11.1
libsamba-policy-devel-4.2.4-11.1
libsamba-policy0-4.2.4-11.1
libsamba-util-devel-4.2.4-11.1
libsamdb-devel-4.2.4-11.1
libsmbclient-devel-4.2.4-11.1
libsmbclient-raw-devel-4.2.4-11.1
libsmbconf-devel-4.2.4-11.1
libsmbldap-devel-4.2.4-11.1
libtevent-util-devel-4.2.4-11.1
libwbclient-devel-4.2.4-11.1
samba-core-devel-4.2.4-11.1
samba-test-devel-4.2.4-11.1
Ссылки
- Link for SUSE-SU-2016:0816-1
- E-Mail link for SUSE-SU-2016:0816-1
- SUSE Security Ratings
- SUSE Bug 953382
- SUSE Bug 953972
- SUSE Bug 960249
- SUSE Bug 962177
- SUSE Bug 964023
- SUSE Bug 966271
- SUSE Bug 968222
- SUSE CVE CVE-2015-7560 page
Описание
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libdcerpc-binding0-32bit-4.2.4-11.1
SUSE Linux Enterprise Desktop 12 SP1:libdcerpc-binding0-4.2.4-11.1
SUSE Linux Enterprise Desktop 12 SP1:libdcerpc0-32bit-4.2.4-11.1
SUSE Linux Enterprise Desktop 12 SP1:libdcerpc0-4.2.4-11.1
Ссылки
- CVE-2015-7560
- SUSE Bug 968222