Scientific Linux: SLSA-2016:1487-1 Moderate: samba4 DoS Risk

Date: Tue, 26 Jul 2016 19:26:35 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: Security ERRATA Moderate: samba4 on SL6.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20160726192635.2865.93534@slpackages.fnal.gov>

Synopsis: Moderate: samba4 security update
Advisory ID: SLSA-2016:1487-1
Issue Date: 2016-07-26
CVE Numbers: CVE-2016-2119
--

Security Fix(es):

* A flaw was found in the way Samba initiated signed DCE/RPC connections.
A man-in-the-middle attacker could use this flaw to downgrade the
connection to not use signing and therefore impersonate the server.
(CVE-2016-2119)
--

SL6
 x86_64
 samba4-4.2.10-7.el6_8.x86_64.rpm
 samba4-client-4.2.10-7.el6_8.x86_64.rpm
 samba4-common-4.2.10-7.el6_8.x86_64.rpm
 samba4-dc-4.2.10-7.el6_8.x86_64.rpm
 samba4-dc-libs-4.2.10-7.el6_8.x86_64.rpm
 samba4-debuginfo-4.2.10-7.el6_8.x86_64.rpm
 samba4-devel-4.2.10-7.el6_8.x86_64.rpm
 samba4-libs-4.2.10-7.el6_8.x86_64.rpm
 samba4-pidl-4.2.10-7.el6_8.x86_64.rpm
 samba4-python-4.2.10-7.el6_8.x86_64.rpm
 samba4-test-4.2.10-7.el6_8.x86_64.rpm
 samba4-winbind-4.2.10-7.el6_8.x86_64.rpm
 samba4-winbind-clients-4.2.10-7.el6_8.x86_64.rpm
 samba4-winbind-krb5-locator-4.2.10-7.el6_8.x86_64.rpm
 i386
 samba4-4.2.10-7.el6_8.i686.rpm
 samba4-client-4.2.10-7.el6_8.i686.rpm
 samba4-common-4.2.10-7.el6_8.i686.rpm
 samba4-dc-4.2.10-7.el6_8.i686.rpm
 samba4-dc-libs-4.2.10-7.el6_8.i686.rpm
 samba4-debuginfo-4.2.10-7.el6_8.i686.rpm
 samba4-devel-4.2.10-7.el6_8.i686.rpm
 samba4-libs-4.2.10-7.el6_8.i686.rpm
 samba4-pidl-4.2.10-7.el6_8.i686.rpm
 samba4-python-4.2.10-7.el6_8.i686.rpm
 samba4-test-4.2.10-7.el6_8.i686.rpm
 samba4-winbind-4.2.10-7.el6_8.i686.rpm
 samba4-winbind-clients-4.2.10-7.el6_8.i686.rpm
 samba4-winbind-krb5-locator-4.2.10-7.el6_8.i686.rpm

- Scientific Linux Development Team