Red Hat Product Errata RHSA-2016:0016 - Security Advisory

Issued:: 2016-01-08
Updated:: 2016-01-08

RHSA-2016:0016 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: samba security update

Type/Severity

Security Advisory: Moderate

Topic

Updated samba packages that fix multiple security issues are now available
for Red Hat Gluster Storage 3.1 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Description

Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.

A man-in-the-middle vulnerability was found in the way "connection signing"
was implemented by Samba. A remote attacker could use this flaw to
downgrade an existing Samba client connection and force the use of plain
text. (CVE-2015-5296)

A missing access control flaw was found in Samba. A remote, authenticated
attacker could use this flaw to view the current snapshot on a Samba share,
despite not having DIRECTORY_LIST access rights. (CVE-2015-5299)

Multiple buffer over-read flaws were found in the way Samba handled
malformed inputs in certain encodings. An authenticated, remote attacker
could possibly use these flaws to disclose portions of the server memory.
(CVE-2015-5330)

An access flaw was found in the way Samba verified symbolic links when
creating new files on a Samba share. A remote attacker could exploit this
flaw to gain access to files outside of Samba's share path. (CVE-2015-5252)

Red Hat would like to thank the Samba project for reporting these issues.
Upstream acknowledges Stefan Metzmacher of the Samba Team and Sernet.de as
the original reporters of CVE-2015-5296, partha@exablox.com as the original
reporter of CVE-2015-5299, Jan "Yenya" Kasprzak and the Computer Systems
Unit team at Faculty of Informatics, Masaryk University as the original
reporters of CVE-2015-5252 flaws, and Douglas Bagnall as the original
reporter of CVE-2015-5330.

All samba users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the smb service will be restarted automatically.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Gluster Storage Server for On-premise 3 for RHEL 7 x86_64

Fixes

BZ - 1276126 - CVE-2015-5299 Samba: Missing access control check in shadow copy code
BZ - 1281326 - CVE-2015-5330 samba, libldb: remote memory read in the Samba LDAP server
BZ - 1290288 - CVE-2015-5252 samba: Insufficient symlink verification in smbd
BZ - 1290292 - CVE-2015-5296 samba: client requesting encryption vulnerable to downgrade attack

CVEs

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Gluster Storage Server for On-premise 3 for RHEL 7

SRPM
samba-4.2.4-9.1.el7rhgs.src.rpm	SHA-256: 55003547af2242342a36181da542992549b7e95f736d823b35dc1f4299b5aa3b
x86_64
ctdb-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: 7473557c2fc7cd8d854d69e55934e811d7c2a1127f3b60f84270378a7989f00a
ctdb-devel-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: d2135f0d4801ee35180385f49b4fdc15e45ceea0deb8796b131c54d7d48faccf
ctdb-tests-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: 7338023038ae9b5e2054d764474aea4f39ed069b6a814a308a04106b4219d6ee
libsmbclient-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: babfba9632d2f0678678bddfde7ac7ae272aa536127398b2f300b90c1ea5d599
libsmbclient-devel-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: 3e262c3de2d1f97fa65a37d51d9cef05734f77bb46464e7ef5a7cdf752118831
libwbclient-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: c218a5687375aff7b25c88f5ab737e9c46331fcbc01a90c650a24c4f018c571b
libwbclient-devel-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: 12b2be473e81ef3c71c91a2e4091a7a4cb0b600b387874ee61c9eddd23820459
samba-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: 5af7c37c47b859e14e0ef252d6701727aab8522e79b25cc542a3866ebe52cc71
samba-client-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: d06f74664ca155035c251ff89bfb3a170192cc9c7011b6dcc905a42b5fcf1fca
samba-client-libs-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: f141787414549e999cb881c604d430624ff3451e2cef1b857e36b8367ef860a2
samba-common-4.2.4-9.1.el7rhgs.noarch.rpm	SHA-256: dbec09d9c4ff874e98f672849d5b7bd1d96ce34833ea0361e5d08921e404cf97
samba-common-libs-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: a73f65000296aed0c71cf47e2f75787ba8a17d28ecf32cef8f46fab016058819
samba-common-tools-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: fe5be1d30e0bf254ad0a33f4f7e2a10905be9095ccec746dd2c3f2914175bc05
samba-dc-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: d4658b1f0440464e7694970cfead03172e2ed53922370fc5e9fc22555af53dee
samba-dc-libs-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: 0b844d68d8b22b0579add6fc1523e68d2d03bcd31752a095009f96f8a4d002c1
samba-debuginfo-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: e8bfb5fbfae1f98245335f748dc6b7b91b9e745a74fa25a2aee07b217efc2f84
samba-devel-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: 18ae148d69a1cb6e58ef0c2613234bab03d792e6b52c35fa6486aef08beb2504
samba-libs-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: de08c97b466aa90848cfb46e0f187d196e174d3dcee34d62238cc10d770aa235
samba-pidl-4.2.4-9.1.el7rhgs.noarch.rpm	SHA-256: 69ccff5bd5cd6619a1629f4090a3c1be35526b88477deee390e9425ddb6700fc
samba-python-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: ca173049b30aa80b583a3adb6c36a54745192567140217d0762f108577691124
samba-test-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: c8971510918a15c84c527b8c2b65bd5b17935d557f68bdc8c93bcd974f4b8e2f
samba-test-devel-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: cd985f5250fb754c642053eac7dea20a8f005fde22e5ee15b98ca3ff566204f9
samba-test-libs-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: 07d033fa1502f57d91431793315860ffa83e51f88f8817d82fa8350a50300ffd
samba-vfs-glusterfs-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: 079528a883d01ac5c5990500534166abc7b6873acee457d0a7d48dc5fdfbffc1
samba-winbind-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: 0fc45ba15996809570d18006a0af7a69ab65b42772b20aff0534de44be8e7087
samba-winbind-clients-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: 039f4915d43db094f39b70c0dcca0fb9034488a6f8d3b9c5333a8165785e59e5
samba-winbind-krb5-locator-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: d2ea0a9becd1da7f02133480f2a74c7cf92a93ae88b7c05c65f579d4e7830189
samba-winbind-modules-4.2.4-9.1.el7rhgs.x86_64.rpm	SHA-256: 38832173ccf390ae0d1ca79dd402e7734d2f3a00b26cae249db854999a46f8db

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories