libsmbclient, samba security update

2017-03-24T15:43:17
ID CESA-2017:0662
Type centos
Reporter CentOS Project
Modified 2017-03-24T15:43:17

Description

CentOS Errata and Security Advisory CESA-2017:0662

Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.

Security Fix(es):

  • It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125)

  • A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126)

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2017-March/003927.html

Affected packages: libsmbclient libsmbclient-devel samba samba-client samba-common samba-doc samba-domainjoin-gui samba-glusterfs samba-swat samba-winbind samba-winbind-clients samba-winbind-devel samba-winbind-krb5-locator

Upstream details at: https://rhn.redhat.com/errata/RHSA-2017-0662.html