(RHSA-2016:1487) Moderate: samba4 security update

2016-07-26T09:06:37
ID RHSA-2016:1487
Type redhat
Reporter RedHat
Modified 2018-06-06T20:24:10

Description

Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.

Security Fix(es):

  • A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. (CVE-2016-2119)

Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher as the original reporter.