Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Scientific Linux 7 Moderate: SLSA-2016:1486-1 Samba Man-In-The-Middle Fix

Calendar Jul 26, 2016 User Avatar LinuxSecurity Advisories
2 - 4 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate bug fix samba security fix man-in-the-middle scientific linux
Moderate: samba security and bug fix update 
Date: Tue, 26 Jul 2016 19:27:12 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: Security ERRATA Moderate: samba on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20160726192712.8474.98648@slpackages.fnal.gov>

Synopsis: Moderate: samba security and bug fix update
Advisory ID: SLSA-2016:1486-1
Issue Date: 2016-07-26
CVE Numbers: CVE-2016-2119
--

Security Fix(es):

* A flaw was found in the way Samba initiated signed DCE/RPC connections.
A man-in-the-middle attacker could use this flaw to downgrade the
connection to not use signing and therefore impersonate the server.
(CVE-2016-2119)

Bug Fix(es):

* Previously, the "net" command in some cases failed to join the client to
Active Directory (AD) because the permissions setting prevented
modification of the supported Kerberos encryption type LDAP attribute.
With this update, Samba has been fixed to allow joining an AD domain as a
user. In addition, Samba now uses the machine account credentials to set
up the Kerberos encryption types within AD for the joined machine. As a
result, using "net" to join a domain now works more reliably.

* Previously, the idmap_hash module worked incorrectly when it was used
together with other modules. As a consequence, user and group IDs were not
mapped properly. A patch has been applied to skip already configured
modules. Now, the hash module can be used as the default idmap
configuration back end and IDs are resolved correctly.
--

SL7
 x86_64
 libsmbclient-4.2.10-7.el7_2.i686.rpm
 libsmbclient-4.2.10-7.el7_2.x86_64.rpm
 libwbclient-4.2.10-7.el7_2.i686.rpm
 libwbclient-4.2.10-7.el7_2.x86_64.rpm
 samba-client-4.2.10-7.el7_2.x86_64.rpm
 samba-client-libs-4.2.10-7.el7_2.i686.rpm
 samba-client-libs-4.2.10-7.el7_2.x86_64.rpm
 samba-common-libs-4.2.10-7.el7_2.x86_64.rpm
 samba-common-tools-4.2.10-7.el7_2.x86_64.rpm
 samba-debuginfo-4.2.10-7.el7_2.i686.rpm
 samba-debuginfo-4.2.10-7.el7_2.x86_64.rpm
 samba-libs-4.2.10-7.el7_2.i686.rpm
 samba-libs-4.2.10-7.el7_2.x86_64.rpm
 samba-winbind-4.2.10-7.el7_2.x86_64.rpm
 samba-winbind-clients-4.2.10-7.el7_2.x86_64.rpm
 samba-winbind-modules-4.2.10-7.el7_2.i686.rpm
 samba-winbind-modules-4.2.10-7.el7_2.x86_64.rpm
 libsmbclient-devel-4.2.10-7.el7_2.i686.rpm
 libsmbclient-devel-4.2.10-7.el7_2.x86_64.rpm
 libwbclient-devel-4.2.10-7.el7_2.i686.rpm
 libwbclient-devel-4.2.10-7.el7_2.x86_64.rpm
 samba-4.2.10-7.el7_2.x86_64.rpm
 samba-dc-4.2.10-7.el7_2.x86_64.rpm
 samba-dc-libs-4.2.10-7.el7_2.x86_64.rpm
 samba-devel-4.2.10-7.el7_2.i686.rpm
 samba-devel-4.2.10-7.el7_2.x86_64.rpm
 samba-python-4.2.10-7.el7_2.x86_64.rpm
 samba-test-4.2.10-7.el7_2.x86_64.rpm
 samba-test-devel-4.2.10-7.el7_2.x86_64.rpm
 samba-test-libs-4.2.10-7.el7_2.i686.rpm
 samba-test-libs-4.2.10-7.el7_2.x86_64.rpm
 samba-vfs-glusterfs-4.2.10-7.el7_2.x86_64.rpm
 samba-winbind-krb5-locator-4.2.10-7.el7_2.x86_64.rpm
 noarch
 samba-common-4.2.10-7.el7_2.noarch.rpm
 samba-pidl-4.2.10-7.el7_2.noarch.rpm

- Scientific Linux Development Team

Related News

Your message here