Security update for samba (important)

2016-04-19T21:07:47
ID SUSE-SU-2016:1105-1
Type suse
Reporter Suse
Modified 2016-04-19T21:07:47

Description

Samba was updated to fix three security issues.

These security issues were fixed:

   * CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
     authentication (bso#11688, bsc#973031).
   * CVE-2016-2111: Domain controller netlogon member computer could have
     been spoofed (bso#11749, bsc#973032).
   * CVE-2015-5252: Insufficient symlink verification (allowed file access
     outside the share) (bso#11395, bnc#958582).

This non-security issue was fixed:

   * Allow "delete readonly = yes" to correctly override deletion of a
     file (bsc#913087, bso#5073)

Security Issues:

   * CVE-2016-2110
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110</a>>
   * CVE-2016-2111
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111</a>>
   * CVE-2015-5252
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252</a>>

Contraindications: