SUSE-SU-2016:3300-1

Source
https://www.suse.com/support/update/announcement/2016/suse-su-20163300-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3300-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2016:3300-1
Related
Published
2016-12-29T19:46:53Z
Modified
2016-12-29T19:46:53Z
Summary
Security update for samba
Details

This update for samba provides the following fixes:

Security issues fixed:

  • CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441)
  • CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442)

Non security issues fixed:

  • Allow SESSION KEY setup without signing. (bsc#1009711)
  • Fix crash bug in teventqueueimmediate_trigger(). (bsc#1003731)
  • Don't fail when using default domain with user@domain.com format. (bsc#997833)
  • Prevent core, make sure response->extra_data.data is always cleared out. (bsc#993692)
  • Honor smb.conf socket options in winbind. (bsc#975131)
  • Fix crash with net rpc join. (bsc#978898)
  • Fix a regression verifying the security trailer. (bsc#978898)
  • Fix updating netlogon credentials. (bsc#978898)
References

Affected packages

SUSE:Linux Enterprise Server 11 SP2-LTSS / samba

Package

Name
samba
Purl
purl:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.3-56.1

Ecosystem specific

{
    "binaries": [
        {
            "libtevent0-32bit": "3.6.3-56.1",
            "samba": "3.6.3-56.1",
            "libwbclient0-32bit": "3.6.3-56.1",
            "samba-winbind-32bit": "3.6.3-56.1",
            "samba-doc": "3.6.3-56.1",
            "samba-krb-printing": "3.6.3-56.1",
            "libtdb1-32bit": "3.6.3-56.1",
            "libtalloc2-32bit": "3.6.3-56.1",
            "libldb1": "3.6.3-56.1",
            "samba-client": "3.6.3-56.1",
            "libtevent0": "3.6.3-56.1",
            "ldapsmb": "1.34b-56.1",
            "samba-client-32bit": "3.6.3-56.1",
            "libtalloc2": "3.6.3-56.1",
            "libtdb1": "3.6.3-56.1",
            "samba-32bit": "3.6.3-56.1",
            "samba-winbind": "3.6.3-56.1",
            "libwbclient0": "3.6.3-56.1",
            "libsmbclient0-32bit": "3.6.3-56.1",
            "libsmbclient0": "3.6.3-56.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP2-LTSS / samba-doc

Package

Name
samba-doc
Purl
purl:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.3-56.1

Ecosystem specific

{
    "binaries": [
        {
            "libtevent0-32bit": "3.6.3-56.1",
            "samba": "3.6.3-56.1",
            "libwbclient0-32bit": "3.6.3-56.1",
            "samba-winbind-32bit": "3.6.3-56.1",
            "samba-doc": "3.6.3-56.1",
            "samba-krb-printing": "3.6.3-56.1",
            "libtdb1-32bit": "3.6.3-56.1",
            "libtalloc2-32bit": "3.6.3-56.1",
            "libldb1": "3.6.3-56.1",
            "samba-client": "3.6.3-56.1",
            "libtevent0": "3.6.3-56.1",
            "ldapsmb": "1.34b-56.1",
            "samba-client-32bit": "3.6.3-56.1",
            "libtalloc2": "3.6.3-56.1",
            "libtdb1": "3.6.3-56.1",
            "samba-32bit": "3.6.3-56.1",
            "samba-winbind": "3.6.3-56.1",
            "libwbclient0": "3.6.3-56.1",
            "libsmbclient0-32bit": "3.6.3-56.1",
            "libsmbclient0": "3.6.3-56.1"
        }
    ]
}