samba-3.6.23-24.AXS4

エラータID: AXSA:2016-013:01

Release date: 
Friday, January 8, 2016 - 11:43
Subject: 
samba-3.6.23-24.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

Samba is the suite of programs by which a lot of PC-related machines
share files, printers, and other information (such as lists of
available files and printers). The Windows NT, OS/2, and Linux
operating systems support this natively, and add-on packages can
enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS,
and more. This package provides an SMB/CIFS server that can be used to
provide network services to SMB/CIFS clients.
Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT
need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.

Security issues fixed with this release:

CVE-2015-5252
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7,
and 4.3.x before 4.3.3, when share names with certain substring
relationships exist, allows remote attackers to bypass intended
file-access restrictions via a symlink that points outside of a share.
CVE-2015-5296
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before
4.3.3 supports connections that are encrypted but unsigned, which
allows man-in-the-middle attackers to conduct encrypted-to-unencrypted
downgrade attacks by modifying the client-server data stream, related
to clidfs.c, libsmb_server.c, and smbXcli_base.c.
CVE-2015-5299
The shadow_copy2_get_shadow_copy_data function in
modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x
before 4.2.7, and 4.3.x before 4.3.3 does not verify that the
DIRECTORY_LIST access right has been granted, which allows remote
attackers to access snapshots by visiting a shadow copy directory.

Solution: 

Update packages.

CVEs: 
CVE-2015-5252
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
CVE-2015-5296
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
CVE-2015-5299
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
Additional Info: 

N/A

Download: 

SRPMS
  1. samba-3.6.23-24.AXS4.src.rpm
    MD5: 7abf74209e0d9df9db93ed035e201240
    SHA-256: e2bf6fb96f5a58e9d7895040488ea4e4ec248e0032b7c3cdc6901744683914dd
    Size: 28.27 MB

Asianux Server 4 for x86
  1. libsmbclient-3.6.23-24.AXS4.i686.rpm
    MD5: 44c8d4f9949c3ff690411e874a6a1e63
    SHA-256: 74f1f0fff4b727b7d5a26093be68454cbf2bd1fcf1f98307d630c671f5a2f024
    Size: 1.56 MB
  2. samba-3.6.23-24.AXS4.i686.rpm
    MD5: 5eefd623d25fcc6623ff62ea087ce7ee
    SHA-256: 6b8239f7660311dac1ede45f876e8a23fe10fb2dfbbd990a58fa5f94b3f5fa2f
    Size: 5.03 MB
  3. samba-client-3.6.23-24.AXS4.i686.rpm
    MD5: bd9ad71f20e49a659c2c32e80fe48f72
    SHA-256: c633fd34db6032b8326657ad9cb06d837448c46378c3478b441e3bfa098db157
    Size: 10.68 MB
  4. samba-common-3.6.23-24.AXS4.i686.rpm
    MD5: 42fe0da02e5cff1c852fcf73525343fa
    SHA-256: 7003d5f71875bac2d75ba4086d24198f848940d95399484c2ef8c8c06b6bc2e1
    Size: 9.93 MB
  5. samba-winbind-3.6.23-24.AXS4.i686.rpm
    MD5: 3e78b5b673cdb0e224972f341a119790
    SHA-256: 8c44d88a77e64b3eb0d18014948c54eb071eb30a3b63459f2ceef02f23663f30
    Size: 2.15 MB
  6. samba-winbind-clients-3.6.23-24.AXS4.i686.rpm
    MD5: 235a8f27062eb140d7f5d80585408b11
    SHA-256: dcf6ea5e2e6515a1f149dfb57d33c80dc8a0c9902d42bcecf74d3f34703927db
    Size: 1.99 MB

Asianux Server 4 for x86_64
  1. libsmbclient-3.6.23-24.AXS4.x86_64.rpm
    MD5: e04723c86b11e2a1a80f32496b1ce8de
    SHA-256: 44b0392d0ba1046f23da312e1bd877f00e89878851fce24144617f62f0aeb1b6
    Size: 1.58 MB
  2. samba-3.6.23-24.AXS4.x86_64.rpm
    MD5: 7e4d80688c22e638a65b3d0bc5631549
    SHA-256: 72e0f57172868342a669af51d3a5adbc8f1fd93969c6ffab289023d61dc3b5ad
    Size: 5.02 MB
  3. samba-client-3.6.23-24.AXS4.x86_64.rpm
    MD5: 9665108a45374307b1b8bd67c32c524e
    SHA-256: 930489ef64547a95774f65928e9ee33dc215f9bf6a37a44949dad59b6c0a56b7
    Size: 10.76 MB
  4. samba-common-3.6.23-24.AXS4.x86_64.rpm
    MD5: 199ee16398985dba63aa8d3e71637fdc
    SHA-256: 3984f848d61b3f4917a3a1cba73d59597b5beab821355c0161f70425ac4c5a94
    Size: 9.97 MB
  5. samba-winbind-3.6.23-24.AXS4.x86_64.rpm
    MD5: feb97a0a77472ef012b04d9e22c4aa14
    SHA-256: 5e9d603bc974880f651f4e7024fa402afd1068bc8b643b149a7a67450e90f05c
    Size: 2.16 MB
  6. samba-winbind-clients-3.6.23-24.AXS4.x86_64.rpm
    MD5: 012ff059830ad635ec6177d64abc2b94
    SHA-256: e89e243febfd68112d83756e3727935d02c2d317533dbf14db95a701b169355c
    Size: 1.99 MB
  7. libsmbclient-3.6.23-24.AXS4.i686.rpm
    MD5: 44c8d4f9949c3ff690411e874a6a1e63
    SHA-256: 74f1f0fff4b727b7d5a26093be68454cbf2bd1fcf1f98307d630c671f5a2f024
    Size: 1.56 MB
  8. samba-common-3.6.23-24.AXS4.i686.rpm
    MD5: 42fe0da02e5cff1c852fcf73525343fa
    SHA-256: 7003d5f71875bac2d75ba4086d24198f848940d95399484c2ef8c8c06b6bc2e1
    Size: 9.93 MB
  9. samba-winbind-clients-3.6.23-24.AXS4.i686.rpm
    MD5: 235a8f27062eb140d7f5d80585408b11
    SHA-256: dcf6ea5e2e6515a1f149dfb57d33c80dc8a0c9902d42bcecf74d3f34703927db
    Size: 1.99 MB