samba (SL6)

By Scientific Linux Team on January 8, 2016

Synopsis: Moderate: samba security update
Advisory ID: SLSA-2016:0011-1
Issue Date: 2016-01-07
CVE Numbers: CVE-2015-5299
CVE-2015-5252
CVE-2015-5296

A man-in-the-middle vulnerability was found in the way “connection
signing” was implemented by Samba. A remote attacker could use this flaw
to downgrade an existing Samba client connection and force the use of
plain text. (CVE-2015-5296)

A missing access control flaw was found in Samba. A remote, authenticated
attacker could use this flaw to view the current snapshot on a Samba
share, despite not having DIRECTORY_LIST access rights. (CVE-2015-5299)

An access flaw was found in the way Samba verified symbolic links when
creating new files on a Samba share. A remote attacker could exploit this
flaw to gain access to files outside of Samba’s share path.
(CVE-2015-5252)

After installing this update, the smb service will be restarted
automatically.

SL6
x86_64
libsmbclient-3.6.23-24.el6_7.i686.rpm
libsmbclient-3.6.23-24.el6_7.x86_64.rpm
samba-client-3.6.23-24.el6_7.x86_64.rpm
samba-common-3.6.23-24.el6_7.i686.rpm
samba-common-3.6.23-24.el6_7.x86_64.rpm
samba-debuginfo-3.6.23-24.el6_7.i686.rpm
samba-debuginfo-3.6.23-24.el6_7.x86_64.rpm
samba-winbind-3.6.23-24.el6_7.x86_64.rpm
samba-winbind-clients-3.6.23-24.el6_7.i686.rpm
samba-winbind-clients-3.6.23-24.el6_7.x86_64.rpm
libsmbclient-devel-3.6.23-24.el6_7.i686.rpm
libsmbclient-devel-3.6.23-24.el6_7.x86_64.rpm
samba-3.6.23-24.el6_7.x86_64.rpm
samba-doc-3.6.23-24.el6_7.x86_64.rpm
samba-domainjoin-gui-3.6.23-24.el6_7.x86_64.rpm
samba-glusterfs-3.6.23-24.el6_7.x86_64.rpm
samba-swat-3.6.23-24.el6_7.x86_64.rpm
samba-winbind-devel-3.6.23-24.el6_7.i686.rpm
samba-winbind-devel-3.6.23-24.el6_7.x86_64.rpm
samba-winbind-krb5-locator-3.6.23-24.el6_7.x86_64.rpm
i386
libsmbclient-3.6.23-24.el6_7.i686.rpm
samba-client-3.6.23-24.el6_7.i686.rpm
samba-common-3.6.23-24.el6_7.i686.rpm
samba-debuginfo-3.6.23-24.el6_7.i686.rpm
samba-winbind-3.6.23-24.el6_7.i686.rpm
samba-winbind-clients-3.6.23-24.el6_7.i686.rpm
libsmbclient-devel-3.6.23-24.el6_7.i686.rpm
samba-3.6.23-24.el6_7.i686.rpm
samba-doc-3.6.23-24.el6_7.i686.rpm
samba-domainjoin-gui-3.6.23-24.el6_7.i686.rpm
samba-swat-3.6.23-24.el6_7.i686.rpm
samba-winbind-devel-3.6.23-24.el6_7.i686.rpm
samba-winbind-krb5-locator-3.6.23-24.el6_7.i686.rpm

– Scientific Linux Development Team