Security update for samba SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:0905-1 Final 1 1 2016-03-29T11:30:33Z current 2016-03-29T11:30:33Z 2016-03-29T11:30:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for samba This update for samba fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222). Bugs fixed: - Fix leaking memory in libsmbclient: Add missing talloc stackframe; (bso#11177); (bsc#967017). - Ensure samlogon fallback requests are rerouted after kerberos failure; (bsc#953382). - Ensure attempt to ssh into locked account triggers 'Your account is disabled.....' to the console; (bsc#953382). - Make the winbind package depend on the matching libwbclient version and vice versa; (bsc#936909). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp2-samba-12477 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20160905-1/ Link for SUSE-SU-2016:0905-1 https://lists.suse.com/pipermail/sle-security-updates/2016-March/001969.html E-Mail link for SUSE-SU-2016:0905-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/936909 SUSE Bug 936909 https://bugzilla.suse.com/953382 SUSE Bug 953382 https://bugzilla.suse.com/967017 SUSE Bug 967017 https://bugzilla.suse.com/968222 SUSE Bug 968222 https://www.suse.com/security/cve/CVE-2015-7560/ SUSE CVE CVE-2015-7560 page SUSE Linux Enterprise Server 11 SP2-LTSS ldapsmb-1.34b-48.2 libldb1-3.6.3-48.2 libsmbclient0-3.6.3-48.2 libsmbclient0-32bit-3.6.3-48.2 libtalloc2-3.6.3-48.2 libtalloc2-32bit-3.6.3-48.2 libtdb1-3.6.3-48.2 libtdb1-32bit-3.6.3-48.2 libtevent0-3.6.3-48.2 libtevent0-32bit-3.6.3-48.2 libwbclient0-3.6.3-48.2 libwbclient0-32bit-3.6.3-48.2 samba-3.6.3-48.2 samba-32bit-3.6.3-48.2 samba-client-3.6.3-48.2 samba-client-32bit-3.6.3-48.2 samba-doc-3.6.3-48.2 samba-krb-printing-3.6.3-48.2 samba-winbind-3.6.3-48.2 samba-winbind-32bit-3.6.3-48.2 ldapsmb-1.34b-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libldb1-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libsmbclient0-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libsmbclient0-32bit-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libtalloc2-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libtalloc2-32bit-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libtdb1-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libtdb1-32bit-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libtevent0-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libtevent0-32bit-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libwbclient0-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libwbclient0-32bit-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-32bit-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-client-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-client-32bit-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-doc-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-krb-printing-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-winbind-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS samba-winbind-32bit-3.6.3-48.2 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. CVE-2015-7560 SUSE Linux Enterprise Server 11 SP2-LTSS:ldapsmb-1.34b-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libldb1-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libsmbclient0-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libsmbclient0-32bit-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtalloc2-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtalloc2-32bit-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtdb1-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtdb1-32bit-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtevent0-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libtevent0-32bit-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libwbclient0-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:libwbclient0-32bit-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-32bit-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-client-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-client-32bit-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-doc-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-krb-printing-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-winbind-3.6.3-48.2 SUSE Linux Enterprise Server 11 SP2-LTSS:samba-winbind-32bit-3.6.3-48.2 moderate 4.9 AV:A/AC:M/Au:S/C:P/I:P/A:P 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160905-1/ https://www.suse.com/security/cve/CVE-2015-7560.html CVE-2015-7560 https://bugzilla.suse.com/968222 SUSE Bug 968222