{"affected":[{"ecosystem_specific":{"binaries":[{"libdcerpc-binding0":"4.2.4-18.17.1","libdcerpc-binding0-32bit":"4.2.4-18.17.1","libdcerpc0":"4.2.4-18.17.1","libdcerpc0-32bit":"4.2.4-18.17.1","libgensec0":"4.2.4-18.17.1","libgensec0-32bit":"4.2.4-18.17.1","libndr-krb5pac0":"4.2.4-18.17.1","libndr-krb5pac0-32bit":"4.2.4-18.17.1","libndr-nbt0":"4.2.4-18.17.1","libndr-nbt0-32bit":"4.2.4-18.17.1","libndr-standard0":"4.2.4-18.17.1","libndr-standard0-32bit":"4.2.4-18.17.1","libndr0":"4.2.4-18.17.1","libndr0-32bit":"4.2.4-18.17.1","libnetapi0":"4.2.4-18.17.1","libnetapi0-32bit":"4.2.4-18.17.1","libregistry0":"4.2.4-18.17.1","libsamba-credentials0":"4.2.4-18.17.1","libsamba-credentials0-32bit":"4.2.4-18.17.1","libsamba-hostconfig0":"4.2.4-18.17.1","libsamba-hostconfig0-32bit":"4.2.4-18.17.1","libsamba-passdb0":"4.2.4-18.17.1","libsamba-passdb0-32bit":"4.2.4-18.17.1","libsamba-util0":"4.2.4-18.17.1","libsamba-util0-32bit":"4.2.4-18.17.1","libsamdb0":"4.2.4-18.17.1","libsamdb0-32bit":"4.2.4-18.17.1","libsmbclient-raw0":"4.2.4-18.17.1","libsmbclient-raw0-32bit":"4.2.4-18.17.1","libsmbclient0":"4.2.4-18.17.1","libsmbclient0-32bit":"4.2.4-18.17.1","libsmbconf0":"4.2.4-18.17.1","libsmbconf0-32bit":"4.2.4-18.17.1","libsmbldap0":"4.2.4-18.17.1","libsmbldap0-32bit":"4.2.4-18.17.1","libtevent-util0":"4.2.4-18.17.1","libtevent-util0-32bit":"4.2.4-18.17.1","libwbclient0":"4.2.4-18.17.1","libwbclient0-32bit":"4.2.4-18.17.1","samba":"4.2.4-18.17.1","samba-32bit":"4.2.4-18.17.1","samba-client":"4.2.4-18.17.1","samba-client-32bit":"4.2.4-18.17.1","samba-doc":"4.2.4-18.17.1","samba-libs":"4.2.4-18.17.1","samba-libs-32bit":"4.2.4-18.17.1","samba-winbind":"4.2.4-18.17.1","samba-winbind-32bit":"4.2.4-18.17.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12","name":"samba","purl":"pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Desktop%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.4-18.17.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ctdb":"4.2.4-18.17.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Availability Extension 12","name":"samba","purl":"pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.4-18.17.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ctdb-devel":"4.2.4-18.17.1","libdcerpc-atsvc-devel":"4.2.4-18.17.1","libdcerpc-atsvc0":"4.2.4-18.17.1","libdcerpc-devel":"4.2.4-18.17.1","libdcerpc-samr-devel":"4.2.4-18.17.1","libdcerpc-samr0":"4.2.4-18.17.1","libgensec-devel":"4.2.4-18.17.1","libndr-devel":"4.2.4-18.17.1","libndr-krb5pac-devel":"4.2.4-18.17.1","libndr-nbt-devel":"4.2.4-18.17.1","libndr-standard-devel":"4.2.4-18.17.1","libnetapi-devel":"4.2.4-18.17.1","libregistry-devel":"4.2.4-18.17.1","libsamba-credentials-devel":"4.2.4-18.17.1","libsamba-hostconfig-devel":"4.2.4-18.17.1","libsamba-passdb-devel":"4.2.4-18.17.1","libsamba-policy-devel":"4.2.4-18.17.1","libsamba-policy0":"4.2.4-18.17.1","libsamba-util-devel":"4.2.4-18.17.1","libsamdb-devel":"4.2.4-18.17.1","libsmbclient-devel":"4.2.4-18.17.1","libsmbclient-raw-devel":"4.2.4-18.17.1","libsmbconf-devel":"4.2.4-18.17.1","libsmbldap-devel":"4.2.4-18.17.1","libtevent-util-devel":"4.2.4-18.17.1","libwbclient-devel":"4.2.4-18.17.1","samba-core-devel":"4.2.4-18.17.1","samba-test-devel":"4.2.4-18.17.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12","name":"samba","purl":"pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.4-18.17.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libdcerpc-binding0":"4.2.4-18.17.1","libdcerpc-binding0-32bit":"4.2.4-18.17.1","libdcerpc0":"4.2.4-18.17.1","libdcerpc0-32bit":"4.2.4-18.17.1","libgensec0":"4.2.4-18.17.1","libgensec0-32bit":"4.2.4-18.17.1","libndr-krb5pac0":"4.2.4-18.17.1","libndr-krb5pac0-32bit":"4.2.4-18.17.1","libndr-nbt0":"4.2.4-18.17.1","libndr-nbt0-32bit":"4.2.4-18.17.1","libndr-standard0":"4.2.4-18.17.1","libndr-standard0-32bit":"4.2.4-18.17.1","libndr0":"4.2.4-18.17.1","libndr0-32bit":"4.2.4-18.17.1","libnetapi0":"4.2.4-18.17.1","libnetapi0-32bit":"4.2.4-18.17.1","libregistry0":"4.2.4-18.17.1","libsamba-credentials0":"4.2.4-18.17.1","libsamba-credentials0-32bit":"4.2.4-18.17.1","libsamba-hostconfig0":"4.2.4-18.17.1","libsamba-hostconfig0-32bit":"4.2.4-18.17.1","libsamba-passdb0":"4.2.4-18.17.1","libsamba-passdb0-32bit":"4.2.4-18.17.1","libsamba-util0":"4.2.4-18.17.1","libsamba-util0-32bit":"4.2.4-18.17.1","libsamdb0":"4.2.4-18.17.1","libsamdb0-32bit":"4.2.4-18.17.1","libsmbclient-raw0":"4.2.4-18.17.1","libsmbclient-raw0-32bit":"4.2.4-18.17.1","libsmbclient0":"4.2.4-18.17.1","libsmbclient0-32bit":"4.2.4-18.17.1","libsmbconf0":"4.2.4-18.17.1","libsmbconf0-32bit":"4.2.4-18.17.1","libsmbldap0":"4.2.4-18.17.1","libsmbldap0-32bit":"4.2.4-18.17.1","libtevent-util0":"4.2.4-18.17.1","libtevent-util0-32bit":"4.2.4-18.17.1","libwbclient0":"4.2.4-18.17.1","libwbclient0-32bit":"4.2.4-18.17.1","samba":"4.2.4-18.17.1","samba-32bit":"4.2.4-18.17.1","samba-client":"4.2.4-18.17.1","samba-client-32bit":"4.2.4-18.17.1","samba-doc":"4.2.4-18.17.1","samba-libs":"4.2.4-18.17.1","samba-libs-32bit":"4.2.4-18.17.1","samba-winbind":"4.2.4-18.17.1","samba-winbind-32bit":"4.2.4-18.17.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12","name":"samba","purl":"pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.4-18.17.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libdcerpc-binding0":"4.2.4-18.17.1","libdcerpc-binding0-32bit":"4.2.4-18.17.1","libdcerpc0":"4.2.4-18.17.1","libdcerpc0-32bit":"4.2.4-18.17.1","libgensec0":"4.2.4-18.17.1","libgensec0-32bit":"4.2.4-18.17.1","libndr-krb5pac0":"4.2.4-18.17.1","libndr-krb5pac0-32bit":"4.2.4-18.17.1","libndr-nbt0":"4.2.4-18.17.1","libndr-nbt0-32bit":"4.2.4-18.17.1","libndr-standard0":"4.2.4-18.17.1","libndr-standard0-32bit":"4.2.4-18.17.1","libndr0":"4.2.4-18.17.1","libndr0-32bit":"4.2.4-18.17.1","libnetapi0":"4.2.4-18.17.1","libnetapi0-32bit":"4.2.4-18.17.1","libregistry0":"4.2.4-18.17.1","libsamba-credentials0":"4.2.4-18.17.1","libsamba-credentials0-32bit":"4.2.4-18.17.1","libsamba-hostconfig0":"4.2.4-18.17.1","libsamba-hostconfig0-32bit":"4.2.4-18.17.1","libsamba-passdb0":"4.2.4-18.17.1","libsamba-passdb0-32bit":"4.2.4-18.17.1","libsamba-util0":"4.2.4-18.17.1","libsamba-util0-32bit":"4.2.4-18.17.1","libsamdb0":"4.2.4-18.17.1","libsamdb0-32bit":"4.2.4-18.17.1","libsmbclient-raw0":"4.2.4-18.17.1","libsmbclient-raw0-32bit":"4.2.4-18.17.1","libsmbclient0":"4.2.4-18.17.1","libsmbclient0-32bit":"4.2.4-18.17.1","libsmbconf0":"4.2.4-18.17.1","libsmbconf0-32bit":"4.2.4-18.17.1","libsmbldap0":"4.2.4-18.17.1","libsmbldap0-32bit":"4.2.4-18.17.1","libtevent-util0":"4.2.4-18.17.1","libtevent-util0-32bit":"4.2.4-18.17.1","libwbclient0":"4.2.4-18.17.1","libwbclient0-32bit":"4.2.4-18.17.1","samba":"4.2.4-18.17.1","samba-32bit":"4.2.4-18.17.1","samba-client":"4.2.4-18.17.1","samba-client-32bit":"4.2.4-18.17.1","samba-doc":"4.2.4-18.17.1","samba-libs":"4.2.4-18.17.1","samba-libs-32bit":"4.2.4-18.17.1","samba-winbind":"4.2.4-18.17.1","samba-winbind-32bit":"4.2.4-18.17.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"samba","purl":"pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.4-18.17.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"Samba was updated to the 4.2.x codestream, bringing some new features and security fixes (bsc#973832, FATE#320709).\n\nThese security issues were fixed:\n- CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).\n- CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).\n- CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).\n- CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).\n- CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n- CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).\n- CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965).\n\nAlso the following fixes were done:\n- Upgrade on-disk FSRVP server state to new version; (bsc#924519).\n- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).\n- Align fsrvp feature sources with upstream version.\n- Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel; (bsc#973832).\n- s3:utils/smbget: Fix recursive download; (bso#6482).\n- s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489).\n- docs: Add example for domain logins to smbspool man page; (bso#11643).\n- s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n- loadparm: Fix memory leak issue; (bso#11708).\n- lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).\n- ctdb-scripts: Drop use of 'smbcontrol winbindd ip-dropped ...'; (bso#11719).\n- s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727).\n- param: Fix str_list_v3 to accept ';' again; (bso#11732).\n- Real memeory leak(buildup) issue in loadparm; (bso#11740).\n- Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it; (bsc#972197).\n- Getting and setting Windows ACLs on symlinks can change permissions on link\n- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).\n- Enable clustering (CTDB) support; (bsc#966271).\n- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023).\n- vfs_fruit: Fix renaming directories with open files; (bso#11065).\n- Fix MacOS finder error 36 when copying folder to Samba; (bso#11347).\n- s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400).\n- Fix copying files with vfs_fruit when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466).\n- s3:libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624).\n- Reduce the memory footprint of empty string options; (bso#11625).\n- lib/async_req: Do not install async_connect_send_test; (bso#11639).\n- docs: Fix typos in man vfs_gpfs; (bso#11641).\n- smbd: make 'hide dot files' option work with 'store dos attributes = yes'; (bso#11645).\n- smbcacls: Fix uninitialized variable; (bso#11682).\n- s3:smbd: Ignore initial allocation size for directory creation; (bso#11684).\n- Changing log level of two entries to from 1 to 3; (bso#9912).\n- vfs_gpfs: Re-enable share modes; (bso#11243).\n- wafsamba: Also build libraries with RELRO protection; (bso#11346).\n- ctdb: Strip trailing spaces from nodes file; (bso#11365).\n- s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero; (bso#11452).\n- nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563).\n- async_req: Fix non-blocking connect(); (bso#11564).\n- auth: gensec: Fix a memory leak; (bso#11565).\n- lib: util: Make non-critical message a warning; (bso#11566).\n- Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bsc#949022).\n- smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n- ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).\n- manpage: Correct small typo error; (bso#11584).\n- s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them; (bso#11589).\n- Backport some valgrind fixes from upstream master; (bso#11597).\n- s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615).\n- docs: Fix some typos in the idmap config section of man 5 smb.conf; (bso#11619).\n","id":"SUSE-SU-2016:1022-1","modified":"2016-04-12T18:46:15Z","published":"2016-04-12T18:46:15Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20161022-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/320709"},{"type":"REPORT","url":"https://bugzilla.suse.com/913547"},{"type":"REPORT","url":"https://bugzilla.suse.com/919309"},{"type":"REPORT","url":"https://bugzilla.suse.com/924519"},{"type":"REPORT","url":"https://bugzilla.suse.com/936862"},{"type":"REPORT","url":"https://bugzilla.suse.com/942716"},{"type":"REPORT","url":"https://bugzilla.suse.com/946051"},{"type":"REPORT","url":"https://bugzilla.suse.com/949022"},{"type":"REPORT","url":"https://bugzilla.suse.com/964023"},{"type":"REPORT","url":"https://bugzilla.suse.com/966271"},{"type":"REPORT","url":"https://bugzilla.suse.com/968973"},{"type":"REPORT","url":"https://bugzilla.suse.com/971965"},{"type":"REPORT","url":"https://bugzilla.suse.com/972197"},{"type":"REPORT","url":"https://bugzilla.suse.com/973031"},{"type":"REPORT","url":"https://bugzilla.suse.com/973032"},{"type":"REPORT","url":"https://bugzilla.suse.com/973033"},{"type":"REPORT","url":"https://bugzilla.suse.com/973034"},{"type":"REPORT","url":"https://bugzilla.suse.com/973036"},{"type":"REPORT","url":"https://bugzilla.suse.com/973832"},{"type":"REPORT","url":"https://bugzilla.suse.com/974629"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5370"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2110"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2111"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2112"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2113"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2115"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2118"}],"related":["CVE-2015-5370","CVE-2016-2110","CVE-2016-2111","CVE-2016-2112","CVE-2016-2113","CVE-2016-2115","CVE-2016-2118"],"summary":"Security update for samba","upstream":["CVE-2015-5370","CVE-2016-2110","CVE-2016-2111","CVE-2016-2112","CVE-2016-2113","CVE-2016-2115","CVE-2016-2118"]}