libsmbclient, samba security update

CentOS Errata and Security Advisory CESA-2016:0011

Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.

A man-in-the-middle vulnerability was found in the way “connection signing”
was implemented by Samba. A remote attacker could use this flaw to
downgrade an existing Samba client connection and force the use of plain
text. (CVE-2015-5296)

A missing access control flaw was found in Samba. A remote, authenticated
attacker could use this flaw to view the current snapshot on a Samba share,
despite not having DIRECTORY_LIST access rights. (CVE-2015-5299)

An access flaw was found in the way Samba verified symbolic links when
creating new files on a Samba share. A remote attacker could exploit this
flaw to gain access to files outside of Samba’s share path. (CVE-2015-5252)

Red Hat would like to thank the Samba project for reporting these issues.
Upstream acknowledges Stefan Metzmacher of the Samba Team and Sernet.de as
the original reporters of CVE-2015-5296, [email protected] as the original
reporter of CVE-2015-5299, Jan “Yenya” Kasprzak and the Computer Systems
Unit team at Faculty of Informatics, Masaryk University as the original
reporters of CVE-2015-5252.

All samba users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, the smb service will be restarted automatically.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-January/083759.html

Affected packages:
libsmbclient
libsmbclient-devel
samba
samba-client
samba-common
samba-doc
samba-domainjoin-gui
samba-glusterfs
samba-swat
samba-winbind
samba-winbind-clients
samba-winbind-devel
samba-winbind-krb5-locator

Upstream details at:
https://access.redhat.com/errata/RHSA-2016:0011