SUSE-SU-2016:3272-1
Vulnerability Summary
Timeline
Description
Security update for samba This update for samba fixes the following issues: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441). - CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442). - CVE-2016-2123: Heap-based Buffer Overflow Remote Code Execution Vulnerability. (bsc#1014437). The component affected is not built in our packages. Non security issues fixed: - s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085) - Add doc changes for net ads --no-dns-updates switch; (bsc#991564) - Include vfstest in samba-test; (bsc#1001203). - s3/winbindd: using default domain with user@domain.com format fails (bsc#997833). - Fix illegal memory access after memory has been deleted (bsc#975299). - Fix bug in tevent poll backend causing winbind to loop tightly (bsc#994500). - Various fixes for spnego/ntlm (bsc#986675).
Affected Systems
- suse•samba&distro=SUSE Linux Enterprise Desktop 12 SP1
< 4.2.4-28.3.1
- suse•samba&distro=SUSE Linux Enterprise Desktop 12 SP2
< 4.2.4-28.3.1
- suse•samba&distro=SUSE Linux Enterprise High Availability Extension 12 SP1
< 4.2.4-28.3.1
- suse•samba&distro=SUSE Linux Enterprise Server 12 SP1
< 4.2.4-28.3.1
- suse•samba&distro=SUSE Linux Enterprise Server 12 SP2
< 4.2.4-28.3.1
- suse•samba&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
< 4.2.4-28.3.1
- suse•samba&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
< 4.2.4-28.3.1
- suse•samba&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
< 4.2.4-28.3.1
- suse•samba&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
< 4.2.4-28.3.1
- suse•samba&distro=SUSE Linux Enterprise Software Development Kit 12 SP2
< 4.2.4-28.3.1
References (14)
- https://www.suse.com/support/update/announcement/2016/suse-su-20163272-1/
- https://bugzilla.suse.com/1001203
- https://bugzilla.suse.com/1009085
- https://bugzilla.suse.com/1014437
- https://bugzilla.suse.com/1014441
- https://bugzilla.suse.com/1014442
- https://bugzilla.suse.com/975299
- https://bugzilla.suse.com/986675
- https://bugzilla.suse.com/991564
- https://bugzilla.suse.com/994500
- https://bugzilla.suse.com/997833
- https://www.suse.com/security/cve/CVE-2016-2123
- https://www.suse.com/security/cve/CVE-2016-2125
- https://www.suse.com/security/cve/CVE-2016-2126