CentOS Errata and Security Advisory CESA-2017:0662
Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.
It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125)
A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126)
For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-cr-announce/2017-March/003927.html
Affected packages: libsmbclient libsmbclient-devel samba samba-client samba-common samba-doc samba-domainjoin-gui samba-glusterfs samba-swat samba-winbind samba-winbind-clients samba-winbind-devel samba-winbind-krb5-locator
Upstream details at: https://rhn.redhat.com/errata/RHSA-2017-0662.html