Cross-References: CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________
An update that solves four vulnerabilities and has 8 fixes is now available.
Description:
This update for Samba fixes the following security issues:
- CVE-2015-5330: Remote read memory exploit in LDB (bnc#958586). - CVE-2015-5252: Insufficient symlink verification (file access outside the share) (bnc#958582). - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the client side (bnc#958584). - CVE-2015-5299: Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2) (bnc#958583).
Non-security issues fixed:
- Prevent null pointer access in samlogon fallback when security credentials are null (bnc#949022). - Address unrecoverable winbind failure: "key length too large" (bnc#934299). - Take resource group sids into account when caching netsamlogon data (bnc#912457). - Use domain name if search by domain SID fails to send SIDHistory lookups to correct idmap backend (bnc#773464). - Remove deprecated base_rid example from idmap_rid manpage (bnc#913304). - Purge printer name cache on spoolss SetPrinter change (bnc#901813). - Fix lookup of groups with "Local Domain" scope from Active Directory (bnc#948244).
Patch Instructions:
To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP2-LTSS:
zypper in -t patch slessp2-samba-12297=1
- SUSE Linux Enterprise Debuginfo 11-SP2:
zypper in -t patch dbgsp2-samba-12297=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64):