Security update for samba SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:0032-1 Final 1 1 2016-01-05T15:20:38Z current 2016-01-05T15:20:38Z 2016-01-05T15:20:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for samba This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586). - CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582). - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584). - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583). Non-security issues fixed: - Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022). - Address unrecoverable winbind failure: 'key length too large' (bnc#934299). - Take resource group sids into account when caching netsamlogon data (bnc#912457). - Use domain name if search by domain SID fails to send SIDHistory lookups to correct idmap backend (bnc#773464). - Remove deprecated base_rid example from idmap_rid manpage (bnc#913304). - Purge printer name cache on spoolss SetPrinter change (bnc#901813). - Fix lookup of groups with 'Local Domain' scope from Active Directory (bnc#948244). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp2-samba-12297 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20160032-1/ Link for SUSE-SU-2016:0032-1 https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html E-Mail link for SUSE-SU-2016:0032-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/295284 SUSE Bug 295284 https://bugzilla.suse.com/773464 SUSE Bug 773464 https://bugzilla.suse.com/901813 SUSE Bug 901813 https://bugzilla.suse.com/912457 SUSE Bug 912457 https://bugzilla.suse.com/913304 SUSE Bug 913304 https://bugzilla.suse.com/934299 SUSE Bug 934299 https://bugzilla.suse.com/948244 SUSE Bug 948244 https://bugzilla.suse.com/949022 SUSE Bug 949022 https://bugzilla.suse.com/958582 SUSE Bug 958582 https://bugzilla.suse.com/958583 SUSE Bug 958583 https://bugzilla.suse.com/958584 SUSE Bug 958584 https://bugzilla.suse.com/958586 SUSE Bug 958586 https://www.suse.com/security/cve/CVE-2015-5252/ SUSE CVE CVE-2015-5252 page https://www.suse.com/security/cve/CVE-2015-5296/ SUSE CVE CVE-2015-5296 page https://www.suse.com/security/cve/CVE-2015-5299/ SUSE CVE CVE-2015-5299 page https://www.suse.com/security/cve/CVE-2015-5330/ SUSE CVE CVE-2015-5330 page SUSE Linux Enterprise Server 11 SP2-LTSS ldapsmb-1.34b-45.2 libldb1-3.6.3-45.2 libsmbclient0-3.6.3-45.2 libsmbclient0-32bit-3.6.3-45.2 libtalloc2-3.6.3-45.2 libtalloc2-32bit-3.6.3-45.2 libtdb1-3.6.3-45.2 libtdb1-32bit-3.6.3-45.2 libtevent0-3.6.3-45.2 libtevent0-32bit-3.6.3-45.2 libwbclient0-3.6.3-45.2 libwbclient0-32bit-3.6.3-45.2 samba-3.6.3-45.2 samba-32bit-3.6.3-45.2 samba-client-3.6.3-45.2 samba-client-32bit-3.6.3-45.2 samba-doc-3.6.3-45.2 samba-krb-printing-3.6.3-45.2 samba-winbind-3.6.3-45.2 samba-winbind-32bit-3.6.3-45.2 ldapsmb-1.34b-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libldb1-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libsmbclient0-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libsmbclient0-32bit-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libtalloc2-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libtalloc2-32bit-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libtdb1-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libtdb1-32bit-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libtevent0-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libtevent0-32bit-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libwbclient0-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libwbclient0-32bit-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-32bit-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-client-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-client-32bit-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-doc-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-krb-printing-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-winbind-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-winbind-32bit-3.6.3-45.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. CVE-2015-5252 SUSE Linux Enterprise Server 11 SP2-LTSS:ldapsmb-1.34b-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libldb1-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libsmbclient0-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libsmbclient0-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtalloc2-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtalloc2-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtdb1-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtdb1-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtevent0-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtevent0-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libwbclient0-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libwbclient0-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-client-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-client-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-doc-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-krb-printing-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-winbind-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-winbind-32bit-3.6.3-45.2 moderate 6.8 AV:N/AC:L/Au:S/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160032-1/ https://www.suse.com/security/cve/CVE-2015-5252.html CVE-2015-5252 https://bugzilla.suse.com/958582 SUSE Bug 958582 Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. CVE-2015-5296 SUSE Linux Enterprise Server 11 SP2-LTSS:ldapsmb-1.34b-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libldb1-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libsmbclient0-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libsmbclient0-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtalloc2-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtalloc2-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtdb1-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtdb1-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtevent0-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtevent0-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libwbclient0-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libwbclient0-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-client-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-client-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-doc-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-krb-printing-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-winbind-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-winbind-32bit-3.6.3-45.2 moderate 3.2 AV:A/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160032-1/ https://www.suse.com/security/cve/CVE-2015-5296.html CVE-2015-5296 https://bugzilla.suse.com/1058622 SUSE Bug 1058622 https://bugzilla.suse.com/958584 SUSE Bug 958584 https://bugzilla.suse.com/973031 SUSE Bug 973031 The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. CVE-2015-5299 SUSE Linux Enterprise Server 11 SP2-LTSS:ldapsmb-1.34b-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libldb1-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libsmbclient0-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libsmbclient0-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtalloc2-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtalloc2-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtdb1-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtdb1-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtevent0-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtevent0-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libwbclient0-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libwbclient0-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-client-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-client-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-doc-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-krb-printing-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-winbind-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-winbind-32bit-3.6.3-45.2 low 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160032-1/ https://www.suse.com/security/cve/CVE-2015-5299.html CVE-2015-5299 https://bugzilla.suse.com/958583 SUSE Bug 958583 ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value. CVE-2015-5330 SUSE Linux Enterprise Server 11 SP2-LTSS:ldapsmb-1.34b-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libldb1-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libsmbclient0-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libsmbclient0-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtalloc2-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtalloc2-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtdb1-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtdb1-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtevent0-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtevent0-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libwbclient0-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libwbclient0-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-client-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-client-32bit-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-doc-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-krb-printing-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-winbind-3.6.3-45.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-winbind-32bit-3.6.3-45.2 low 4 AV:N/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160032-1/ https://www.suse.com/security/cve/CVE-2015-5330.html CVE-2015-5330 https://bugzilla.suse.com/958581 SUSE Bug 958581 https://bugzilla.suse.com/958586 SUSE Bug 958586