SUSE: 2016:0905-1 Critical: Samba ACL Permissions Issue
suse
March 29, 2016
An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes An update that solves one vulnerability and has three fixes ...
Summary
This update for samba fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); (bsc#968222). Bugs fixed: - Fix leaking memory in libsmbclient: Add missing talloc stackframe; (bso#11177); (bsc#967017). - Ensure samlogon fallback requests are rerouted after kerberos failure; (bsc#953382). - Ensure attempt to ssh into locked account triggers "Your account is disabled....." to the console; (bsc#953382). - Make the winbind package depend on the matching libwbclient version and vice versa; (bsc#936909). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS:
Topics Covered
References
#936909 #953382 #967017 #968222
Cross- CVE-2015-7560
Affected Products:
SUSE Linux Enterprise Server 11-SP2-LTSS
SUSE Linux Enterprise Debuginfo 11-SP2
https://www.suse.com/security/cve/CVE-2015-7560.html
https://bugzilla.suse.com/936909
https://bugzilla.suse.com/953382
https://bugzilla.suse.com/967017
https://bugzilla.suse.com/968222
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2016:0905-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!