openSUSE 13.2: 2016:1064-1 Critical: Samba DoS and MITM Threats
opensuse
April 17, 2016
An update that solves 16 vulnerabilities and has 17 fixes An update that solves 16 vulnerabilities and has 17 fixes An update that solves 16 vulnerabilities and has 17 fixes is now...
Description
samba was updated to version 4.2.4 to fix 14 security issues.
These security issues were fixed:
- CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM
attacks (bsc#936862).
- CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
authentication (bsc#973031).
- CVE-2016-2111: Domain controller netlogon member computer could have
been spoofed (bsc#973032).
- CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM
attack (bsc#973033).
- CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
- CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks
(bsc#973036).
- CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account
were possible (bsc#971965).
- CVE-2015-3223: Malicious request can cause Samba LDAP server to hang,
spinning using CPU (boo#958581).
- CVE-2015-5330: Remote read memory exploit in LDB (boo#958586).
- CVE-2015-5252:...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2016-462=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 13.2 (i586 x86_64):
ctdb-4.2.4-34.1
ctdb-debuginfo-4.2.4-34.1
ctdb-devel-4.2.4-34.1
ctdb-pcp-pmda-4.2.4-34.1
ctdb-pcp-pmda-debuginfo-4.2.4-34.1
ctdb-tests-4.2.4-34.1
ctdb-tests-debuginfo-4.2.4-34.1
libdcerpc-atsvc-devel-4.2.4-34.1
libdcerpc-atsvc0-4.2.4-34.1
libdcerpc-atsvc0-debuginfo-4.2.4-34.1
libdcerpc-binding0-4.2.4-34.1
libdcerpc-binding0-debuginfo-4.2.4-34.1
libdcerpc-devel-4.2.4-34.1
libdcerpc-samr-devel-4.2.4-34.1
libdcerpc-samr0-4.2.4-34.1
libdcerpc-samr0-debuginfo-4.2.4-34.1
libdcerpc0-4.2.4-34.1
libdcerpc0-debuginfo-4.2.4-34.1
libgensec-devel-4.2.4-34.1
libgensec0-4.2.4-34.1
libgensec0-debuginfo-4.2.4-34.1
libndr-devel-4.2.4-34.1
libndr-krb5pac-devel-4.2.4-34.1
libndr-krb5pac0-4.2.4-34.1
libndr-krb5pac0-debuginfo-4.2.4-34.1
libndr-nbt-devel-4.2.4-34.1
libndr-nbt0-4.2.4-34.1
libndr-nbt0-debuginfo-4.2.4-34.1
libndr-standard-devel-4.2.4-34.1
libndr-standard0-4.2.4-34.1
libndr-standard0-debuginfo-4.2.4-34.1
libndr0-4.2.4-34.1
libndr0-debuginfo-4.2.4-34.1
libnetapi-devel-4.2.4-34.1
libnetapi0-4.2.4-34.1...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2014-8143.html
https://www.suse.com/security/cve/CVE-2015-0240.html
https://www.suse.com/security/cve/CVE-2015-3223.html
https://www.suse.com/security/cve/CVE-2015-5252.html
https://www.suse.com/security/cve/CVE-2015-5296.html
https://www.suse.com/security/cve/CVE-2015-5299.html
https://www.suse.com/security/cve/CVE-2015-5330.html
https://www.suse.com/security/cve/CVE-2015-5370.html
https://www.suse.com/security/cve/CVE-2015-7560.html
https://www.suse.com/security/cve/CVE-2015-8467.html
https://www.suse.com/security/cve/CVE-2016-2110.html
https://www.suse.com/security/cve/CVE-2016-2111.html
https://www.suse.com/security/cve/CVE-2016-2112.html
https://www.suse.com/security/cve/CVE-2016-2113.html
https://www.suse.com/security/cve/CVE-2016-2115.html
https://www.suse.com/security/cve/CVE-2016-2118.html
https://bugzilla.suse.com/898031
https://bugzilla.suse.com/901813
https://bugzilla.suse.com/912457
https://bugzilla.suse.com/913238
https://bugzilla.suse.com/913547
https://...
Read the Full Advisory
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2016:1064-1
Rating: important
Affected Products:
openSUSE 13.2
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!