Описание
Security update for samba
This update for samba fixes the following issues:
Security issue fixed:
- CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222).
Bugs fixed:
- Fix leaking memory in libsmbclient: Add missing talloc stackframe; (bso#11177); (bsc#967017).
- Ensure samlogon fallback requests are rerouted after kerberos failure; (bsc#953382).
- Ensure attempt to ssh into locked account triggers 'Your account is disabled.....' to the console; (bsc#953382).
- Make the winbind package depend on the matching libwbclient version and vice versa; (bsc#936909).
Список пакетов
SUSE Linux Enterprise Server 11 SP2-LTSS
ldapsmb-1.34b-48.2
libldb1-3.6.3-48.2
libsmbclient0-3.6.3-48.2
libsmbclient0-32bit-3.6.3-48.2
libtalloc2-3.6.3-48.2
libtalloc2-32bit-3.6.3-48.2
libtdb1-3.6.3-48.2
libtdb1-32bit-3.6.3-48.2
libtevent0-3.6.3-48.2
libtevent0-32bit-3.6.3-48.2
libwbclient0-3.6.3-48.2
libwbclient0-32bit-3.6.3-48.2
samba-3.6.3-48.2
samba-32bit-3.6.3-48.2
samba-client-3.6.3-48.2
samba-client-32bit-3.6.3-48.2
samba-doc-3.6.3-48.2
samba-krb-printing-3.6.3-48.2
samba-winbind-3.6.3-48.2
samba-winbind-32bit-3.6.3-48.2
Ссылки
- Link for SUSE-SU-2016:0905-1
- E-Mail link for SUSE-SU-2016:0905-1
- SUSE Security Ratings
- SUSE Bug 936909
- SUSE Bug 953382
- SUSE Bug 967017
- SUSE Bug 968222
- SUSE CVE CVE-2015-7560 page
Описание
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP2-LTSS:ldapsmb-1.34b-48.2
SUSE Linux Enterprise Server 11 SP2-LTSS:libldb1-3.6.3-48.2
SUSE Linux Enterprise Server 11 SP2-LTSS:libsmbclient0-3.6.3-48.2
SUSE Linux Enterprise Server 11 SP2-LTSS:libsmbclient0-32bit-3.6.3-48.2
Ссылки
- CVE-2015-7560
- SUSE Bug 968222