SUSE: 2016:1105-1 Important: Samba Authentication Issues
suse
April 19, 2016
An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one errata is no...
Summary
Samba was updated to fix three security issues.
These security issues were fixed:
* CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP
authentication (bso#11688, bsc#973031).
* CVE-2016-2111: Domain controller netlogon member computer could have
been spoofed (bso#11749, bsc#973032).
* CVE-2015-5252: Insufficient symlink verification (allowed file access
outside the share) (bso#11395, bnc#958582).
This non-security issue was fixed:
* Allow "delete readonly = yes" to correctly override deletion of a
file (bsc#913087, bso#5073)
Security Issues:
* CVE-2016-2110
References
#913087 #958582 #973031 #973032
Cross- CVE-2015-5252 CVE-2016-2110 CVE-2016-2111
Affected Products:
SUSE Linux Enterprise Server 10 SP4 LTSS
https://www.suse.com/security/cve/CVE-2015-5252.html
https://www.suse.com/security/cve/CVE-2016-2110.html
https://www.suse.com/security/cve/CVE-2016-2111.html
https://bugzilla.suse.com/913087
https://bugzilla.suse.com/958582
https://bugzilla.suse.com/973031
https://bugzilla.suse.com/973032
https://scc.suse.com:443/patches/?keywords=7a8b86525db490aaf0868ada97807c68
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2016:1105-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!