SUSE-SU-2016:3271-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 27 Dec 2016, 12:33
Last modified:04 Feb 2026, 03:00
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
27 Dec 2016, 12:33
Published
Vulnerability first disclosed
04 Feb 2026, 03:00
Last Modified
Vulnerability information updated
Description
Security update for samba This update for samba fixes the following issues: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441). - CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442). - CVE-2016-2123: Heap-based Buffer Overflow Remote Code Execution Vulnerability. (bsc#1014437). This component is not built into our packages, so we are not affected. Non security issues fixed: - s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085)
Affected Systems
- suse•samba&distro=SUSE Linux Enterprise Desktop 12 SP2
< 4.4.2-31.1
- suse•samba&distro=SUSE Linux Enterprise High Availability Extension 12 SP2
< 4.4.2-31.1
- suse•samba&distro=SUSE Linux Enterprise Server 12 SP2
< 4.4.2-31.1
- suse•samba&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
< 4.4.2-31.1
- suse•samba&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
< 4.4.2-31.1
- suse•samba&distro=SUSE Linux Enterprise Software Development Kit 12 SP2
< 4.4.2-31.1
References (8)
- https://www.suse.com/support/update/announcement/2016/suse-su-20163271-1/
- https://bugzilla.suse.com/1009085
- https://bugzilla.suse.com/1014437
- https://bugzilla.suse.com/1014441
- https://bugzilla.suse.com/1014442
- https://www.suse.com/security/cve/CVE-2016-2123
- https://www.suse.com/security/cve/CVE-2016-2125
- https://www.suse.com/security/cve/CVE-2016-2126