Описание
Security update for samba
This update for samba provides the following fixes:
Security issues fixed:
- CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441)
- CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442)
Non security issues fixed:
- Allow SESSION KEY setup without signing. (bsc#1009711)
- Fix crash bug in tevent_queue_immediate_trigger(). (bsc#1003731)
- Don't fail when using default domain with user@domain.com format. (bsc#997833)
- Prevent core, make sure response->extra_data.data is always cleared out. (bsc#993692)
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
ldapsmb-1.34b-84.1
libldb1-3.6.3-84.1
libsmbclient0-3.6.3-84.1
libtalloc2-3.6.3-84.1
libtdb1-3.6.3-84.1
libtevent0-3.6.3-84.1
libwbclient0-3.6.3-84.1
samba-3.6.3-84.1
samba-client-3.6.3-84.1
samba-doc-3.6.3-84.1
samba-krb-printing-3.6.3-84.1
samba-winbind-3.6.3-84.1
SUSE Linux Enterprise Server 11 SP3-LTSS
ldapsmb-1.34b-84.1
libldb1-3.6.3-84.1
libsmbclient0-3.6.3-84.1
libsmbclient0-32bit-3.6.3-84.1
libtalloc2-3.6.3-84.1
libtalloc2-32bit-3.6.3-84.1
libtdb1-3.6.3-84.1
libtdb1-32bit-3.6.3-84.1
libtevent0-3.6.3-84.1
libtevent0-32bit-3.6.3-84.1
libwbclient0-3.6.3-84.1
libwbclient0-32bit-3.6.3-84.1
samba-3.6.3-84.1
samba-32bit-3.6.3-84.1
samba-client-3.6.3-84.1
samba-client-32bit-3.6.3-84.1
samba-doc-3.6.3-84.1
samba-krb-printing-3.6.3-84.1
samba-winbind-3.6.3-84.1
samba-winbind-32bit-3.6.3-84.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
ldapsmb-1.34b-84.1
libldb1-3.6.3-84.1
libsmbclient0-3.6.3-84.1
libsmbclient0-32bit-3.6.3-84.1
libtalloc2-3.6.3-84.1
libtalloc2-32bit-3.6.3-84.1
libtdb1-3.6.3-84.1
libtdb1-32bit-3.6.3-84.1
libtevent0-3.6.3-84.1
libtevent0-32bit-3.6.3-84.1
libwbclient0-3.6.3-84.1
libwbclient0-32bit-3.6.3-84.1
samba-3.6.3-84.1
samba-32bit-3.6.3-84.1
samba-client-3.6.3-84.1
samba-client-32bit-3.6.3-84.1
samba-doc-3.6.3-84.1
samba-krb-printing-3.6.3-84.1
samba-winbind-3.6.3-84.1
samba-winbind-32bit-3.6.3-84.1
SUSE Linux Enterprise Server 11 SP4
ldapsmb-1.34b-84.1
libldb1-3.6.3-84.1
libsmbclient0-3.6.3-84.1
libsmbclient0-32bit-3.6.3-84.1
libsmbclient0-x86-3.6.3-84.1
libtalloc2-3.6.3-84.1
libtalloc2-32bit-3.6.3-84.1
libtalloc2-x86-3.6.3-84.1
libtdb1-3.6.3-84.1
libtdb1-32bit-3.6.3-84.1
libtdb1-x86-3.6.3-84.1
libtevent0-3.6.3-84.1
libtevent0-32bit-3.6.3-84.1
libtevent0-x86-3.6.3-84.1
libwbclient0-3.6.3-84.1
libwbclient0-32bit-3.6.3-84.1
libwbclient0-x86-3.6.3-84.1
samba-3.6.3-84.1
samba-32bit-3.6.3-84.1
samba-client-3.6.3-84.1
samba-client-32bit-3.6.3-84.1
samba-client-x86-3.6.3-84.1
samba-doc-3.6.3-84.1
samba-krb-printing-3.6.3-84.1
samba-winbind-3.6.3-84.1
samba-winbind-32bit-3.6.3-84.1
samba-winbind-x86-3.6.3-84.1
samba-x86-3.6.3-84.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
ldapsmb-1.34b-84.1
libldb1-3.6.3-84.1
libsmbclient0-3.6.3-84.1
libsmbclient0-32bit-3.6.3-84.1
libsmbclient0-x86-3.6.3-84.1
libtalloc2-3.6.3-84.1
libtalloc2-32bit-3.6.3-84.1
libtalloc2-x86-3.6.3-84.1
libtdb1-3.6.3-84.1
libtdb1-32bit-3.6.3-84.1
libtdb1-x86-3.6.3-84.1
libtevent0-3.6.3-84.1
libtevent0-32bit-3.6.3-84.1
libtevent0-x86-3.6.3-84.1
libwbclient0-3.6.3-84.1
libwbclient0-32bit-3.6.3-84.1
libwbclient0-x86-3.6.3-84.1
samba-3.6.3-84.1
samba-32bit-3.6.3-84.1
samba-client-3.6.3-84.1
samba-client-32bit-3.6.3-84.1
samba-client-x86-3.6.3-84.1
samba-doc-3.6.3-84.1
samba-krb-printing-3.6.3-84.1
samba-winbind-3.6.3-84.1
samba-winbind-32bit-3.6.3-84.1
samba-winbind-x86-3.6.3-84.1
samba-x86-3.6.3-84.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libldb-devel-3.6.3-84.1
libnetapi-devel-3.6.3-84.1
libnetapi0-3.6.3-84.1
libsmbclient-devel-3.6.3-84.1
libsmbsharemodes-devel-3.6.3-84.1
libsmbsharemodes0-3.6.3-84.1
libtalloc-devel-3.6.3-84.1
libtdb-devel-3.6.3-84.1
libtevent-devel-3.6.3-84.1
libwbclient-devel-3.6.3-84.1
samba-devel-3.6.3-84.1
samba-test-3.6.3-84.1
SUSE Manager 2.1
ldapsmb-1.34b-84.1
libldb1-3.6.3-84.1
libsmbclient0-3.6.3-84.1
libsmbclient0-32bit-3.6.3-84.1
libtalloc2-3.6.3-84.1
libtalloc2-32bit-3.6.3-84.1
libtdb1-3.6.3-84.1
libtdb1-32bit-3.6.3-84.1
libtevent0-3.6.3-84.1
libtevent0-32bit-3.6.3-84.1
libwbclient0-3.6.3-84.1
libwbclient0-32bit-3.6.3-84.1
samba-3.6.3-84.1
samba-32bit-3.6.3-84.1
samba-client-3.6.3-84.1
samba-client-32bit-3.6.3-84.1
samba-doc-3.6.3-84.1
samba-krb-printing-3.6.3-84.1
samba-winbind-3.6.3-84.1
samba-winbind-32bit-3.6.3-84.1
SUSE Manager Proxy 2.1
ldapsmb-1.34b-84.1
libldb1-3.6.3-84.1
libsmbclient0-3.6.3-84.1
libsmbclient0-32bit-3.6.3-84.1
libtalloc2-3.6.3-84.1
libtalloc2-32bit-3.6.3-84.1
libtdb1-3.6.3-84.1
libtdb1-32bit-3.6.3-84.1
libtevent0-3.6.3-84.1
libtevent0-32bit-3.6.3-84.1
libwbclient0-3.6.3-84.1
libwbclient0-32bit-3.6.3-84.1
samba-3.6.3-84.1
samba-32bit-3.6.3-84.1
samba-client-3.6.3-84.1
samba-client-32bit-3.6.3-84.1
samba-doc-3.6.3-84.1
samba-krb-printing-3.6.3-84.1
samba-winbind-3.6.3-84.1
samba-winbind-32bit-3.6.3-84.1
SUSE OpenStack Cloud 5
ldapsmb-1.34b-84.1
libldb1-3.6.3-84.1
libsmbclient0-3.6.3-84.1
libsmbclient0-32bit-3.6.3-84.1
libtalloc2-3.6.3-84.1
libtalloc2-32bit-3.6.3-84.1
libtdb1-3.6.3-84.1
libtdb1-32bit-3.6.3-84.1
libtevent0-3.6.3-84.1
libtevent0-32bit-3.6.3-84.1
libwbclient0-3.6.3-84.1
libwbclient0-32bit-3.6.3-84.1
samba-3.6.3-84.1
samba-32bit-3.6.3-84.1
samba-client-3.6.3-84.1
samba-client-32bit-3.6.3-84.1
samba-doc-3.6.3-84.1
samba-krb-printing-3.6.3-84.1
samba-winbind-3.6.3-84.1
samba-winbind-32bit-3.6.3-84.1
Ссылки
- Link for SUSE-SU-2016:3298-1
- E-Mail link for SUSE-SU-2016:3298-1
- SUSE Security Ratings
- SUSE Bug 1003731
- SUSE Bug 1009711
- SUSE Bug 1014441
- SUSE Bug 1014442
- SUSE Bug 993692
- SUSE Bug 997833
- SUSE CVE CVE-2016-2125 page
- SUSE CVE CVE-2016-2126 page
Описание
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ldapsmb-1.34b-84.1
SUSE Linux Enterprise Point of Sale 11 SP3:libldb1-3.6.3-84.1
SUSE Linux Enterprise Point of Sale 11 SP3:libsmbclient0-3.6.3-84.1
SUSE Linux Enterprise Point of Sale 11 SP3:libtalloc2-3.6.3-84.1
Ссылки
- CVE-2016-2125
- SUSE Bug 1014441
Описание
Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:ldapsmb-1.34b-84.1
SUSE Linux Enterprise Point of Sale 11 SP3:libldb1-3.6.3-84.1
SUSE Linux Enterprise Point of Sale 11 SP3:libsmbclient0-3.6.3-84.1
SUSE Linux Enterprise Point of Sale 11 SP3:libtalloc2-3.6.3-84.1
Ссылки
- CVE-2016-2126
- SUSE Bug 1014442