Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Fedora 24 Samba Security Update: Critical Man-in-the-Middle Threats

fedora
Calendar Grey April 15, 2016
Dist Fedora Esm H88
Fedora 25 samba security patch tackles multiple severe vulnerabilities such as interception and rollback attacks.
Security fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118

Summary

Samba is the standard Windows interoperability suite of programs for Linux and

Unix.

Update Information:

Security fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118

Change Log

References


[ 1 ] Bug #1309987 - CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check https://bugzilla.redhat.com/show_bug.cgi?id=1309987 [ 2 ] Bug #1311893 - CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication https://bugzilla.redhat.com/show_bug.cgi?id=1311893 [ 3 ] Bug #1311902 - CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured https://bugzilla.redhat.com/show_bug.cgi?id=1311902 [ 4 ] Bug #1311903 - CVE-2016-2112 samba: Missing downgrade detection https://bugzilla.redhat.com/show_bug.cgi?id=1311903 [ 5 ] Bug #1311910 - CVE-2016-2113 samba: Server certificates not validated at client side https://bugzilla.redhat.com/show_bug.cgi?id=1311910 [ 6 ] Bug #1312082 - CVE-2016-2114 samba: Samba based active directory domain controller does not enforce smb signing https://bugzilla.redhat.com/show_bug.cgi?id=1312082 [ 7 ] Bug #1312084 - CVE-2016-2115 sam...

Read the Full Advisory

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update samba' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: samba
Product: Fedora 24
Version: 4.4.2
Release: 1.fc24
URL:
Summary: Server and Client software to interoperate with Windows machines

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.