samba-4.2.3-11.el7

エラータID: AXSA:2016-023:01

Release date: 
Monday, January 11, 2016 - 15:01
Subject: 
samba-4.2.3-11.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Security issues fixed with this release:

CVE-2015-3223
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24,
as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before
4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which
allows remote attackers to cause a denial of service (infinite loop)
via crafted packets.
CVE-2015-5252
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7,
and 4.3.x before 4.3.3, when share names with certain substring
relationships exist, allows remote attackers to bypass intended
file-access restrictions via a symlink that points outside of a share.
CVE-2015-5296
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before
4.3.3 supports connections that are encrypted but unsigned, which
allows man-in-the-middle attackers to conduct encrypted-to-unencrypted
downgrade attacks by modifying the client-server data stream, related
to clidfs.c, libsmb_server.c, and smbXcli_base.c.
CVE-2015-5299
The shadow_copy2_get_shadow_copy_data function in
modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x
before 4.2.7, and 4.3.x before 4.3.3 does not verify that the
DIRECTORY_LIST access right has been granted, which allows remote
attackers to access snapshots by visiting a shadow copy directory.
CVE-2015-7540
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22
does not check return values to ensure successful ASN.1 memory
allocation, which allows remote attackers to cause a denial of service
(memory consumption and daemon crash) via crafted packets.

Solution: 

Update packages.

CVEs: 
CVE-2015-3223
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
CVE-2015-5252
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
CVE-2015-5296
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
CVE-2015-5299
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
CVE-2015-7540
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.
Additional Info: 

N/A

Download: 

SRPMS
  1. samba-4.2.3-11.el7.src.rpm
    MD5: bdb06b3a953751912638347e9f5dbafc
    SHA-256: f99d559f1119e1b1b09507a3a96ddbf1a47a29991e339c5b7befd386c11fe438
    Size: 14.06 MB

Asianux Server 7 for x86_64
  1. ctdb-4.2.3-11.el7.x86_64.rpm
    MD5: 3902c13fbca2e20ce1224286417e3674
    SHA-256: 6a7c5381fbd2f7302066e7301e9609d1b09b8f20ccc0f58b965c2d87277a3362
    Size: 470.07 kB
  2. ctdb-devel-4.2.3-11.el7.x86_64.rpm
    MD5: 6fb5939930f82534dd2d729cafd7e017
    SHA-256: b6e6a1fd293450157dbc9671c9198fa09f30ada31d44f121f978c1c46ab9cd16
    Size: 95.83 kB
  3. ctdb-tests-4.2.3-11.el7.x86_64.rpm
    MD5: 87cf8b13559c281aa471fe17fda7e7d7
    SHA-256: ce8ba988582369ff6d551c3898ff9f3392ea3ea5b5de42e1027791899d769250
    Size: 658.86 kB
  4. libsmbclient-4.2.3-11.el7.x86_64.rpm
    MD5: b52cc16d9e7afeeb2275a0a96e880189
    SHA-256: aa05bf02e9ea4c51ee8e55af5632108a84c2d2a8b589edef72046d4d4f8dcc98
    Size: 117.45 kB
  5. libwbclient-4.2.3-11.el7.x86_64.rpm
    MD5: f6e9951c368fc70681eb445a9825f0c9
    SHA-256: d4a0043c9e5fe957b627e04ff1c856ac0fcc98f9747ac20a6f43e7c0f81d9c7d
    Size: 94.25 kB
  6. samba-4.2.3-11.el7.x86_64.rpm
    MD5: 6f0fd23250ac75155046fa9198ee4105
    SHA-256: 655d4d8e2e89517ed55261fb3149d701b1d64dd0d4c4bcc07a3455f8e6c1e26a
    Size: 600.67 kB
  7. samba-client-4.2.3-11.el7.x86_64.rpm
    MD5: 98bd1a25b91d4fb35f05a7590856bd31
    SHA-256: ee51208f36e9852d6f9cd7c1dd79bcaf449a83c54bbba6ddbcfe51a7d4ecccb6
    Size: 495.08 kB
  8. samba-client-libs-4.2.3-11.el7.x86_64.rpm
    MD5: b7649dc96c58cf1aba334562f275e67d
    SHA-256: 34d1d578710cc6c1b82ea26ec38e4f8b01efb8abc77c1ba88cef75a93b600599
    Size: 4.30 MB
  9. samba-common-4.2.3-11.el7.noarch.rpm
    MD5: 2f1c23459b094f0d16a2c6b258d3783b
    SHA-256: 79175c23306c995dbcabf2e07a45d23cafb00688644dc56af584386d4dac7bbe
    Size: 268.24 kB
  10. samba-common-libs-4.2.3-11.el7.x86_64.rpm
    MD5: 9ad0796bca54cbba32112628c3aec1ed
    SHA-256: a5dd31f879d2140939e3a81fe5d324cad2a3a9bb4d2cbe7a1c75b3f3953aac2b
    Size: 154.69 kB
  11. samba-common-tools-4.2.3-11.el7.x86_64.rpm
    MD5: eccfd489deb26fb49ee3db374b1d2f78
    SHA-256: ae731569c2117d6b8b8e138370c76b4d4bb9b139f1bfaba10dea8bdc3fe51dc4
    Size: 442.16 kB
  12. samba-libs-4.2.3-11.el7.x86_64.rpm
    MD5: 9e55954942fe4dd1e941a911a46f7d9e
    SHA-256: aa2c86ab747b6eb0bf523458e152a11b7f8d6f3853cf5e386d929aee4129ce7a
    Size: 257.91 kB
  13. samba-python-4.2.3-11.el7.x86_64.rpm
    MD5: 4015834a8532c3f1939e4a99229b1ea5
    SHA-256: 2b06e592f0b5086d9f48b4fed442352ae17d6c30fa9391844ddd906b46fa5258
    Size: 2.00 MB
  14. samba-winbind-4.2.3-11.el7.x86_64.rpm
    MD5: 61420766ac96de49fde721cbb3984887
    SHA-256: 0523ddbd20ae0e04605300e403d6bd36d50e8be54a4d8b87da97bae443a75702
    Size: 461.98 kB
  15. samba-winbind-clients-4.2.3-11.el7.x86_64.rpm
    MD5: 5d54b7d5ea7edf50a6308be9e62fe6b9
    SHA-256: 4721ed1d7cb88636439634e2263e0a73afb21b68f6243df33cdeb20fd1fed5b8
    Size: 122.02 kB
  16. samba-winbind-modules-4.2.3-11.el7.x86_64.rpm
    MD5: e543aef662423f5f67d24e38d475841a
    SHA-256: eb765b8e6da2751ed47ead653a85489faa4589a253d98d85180a382bb17b11f7
    Size: 103.53 kB
  17. ctdb-devel-4.2.3-11.el7.i686.rpm
    MD5: 1c40a14c83cfeab72d394e852a92bbe6
    SHA-256: 52802987ee2320512de6ebd3c631430b8286db746a249a4b5883df2f9da6a09e
    Size: 95.88 kB
  18. libsmbclient-4.2.3-11.el7.i686.rpm
    MD5: b22b08829d30c469dd0835ea17538810
    SHA-256: a14a7d825b4687130de2b4f81840a19ac77194d263dff72734ad75676e207638
    Size: 117.65 kB
  19. libwbclient-4.2.3-11.el7.i686.rpm
    MD5: 82ad8fca2cc8ae76d95655e96a38dbac
    SHA-256: 9d903f3937dde3530d09828b28070a893ac95b37d2311ed0514a1003a991bf3e
    Size: 95.18 kB
  20. samba-client-libs-4.2.3-11.el7.i686.rpm
    MD5: b1e8c99181a51793a668008bc3a6141a
    SHA-256: 72a852185ebd8e2950818c53947026d2ab5ee52cd659ed08f7e7777441df1a38
    Size: 4.32 MB
  21. samba-libs-4.2.3-11.el7.i686.rpm
    MD5: 8dd2a7ea54291bb97ba502cf42e191b1
    SHA-256: 9f0ed87acd3781cbd2aa725748227435cf9764c48807c61caf1db5026cb87ac8
    Size: 261.19 kB
  22. samba-winbind-modules-4.2.3-11.el7.i686.rpm
    MD5: 99c9fc446f8880ac207c4e7ee7b392a7
    SHA-256: 953860ed4aab6d5064f7c8a3ad91eb49961e9bc2dfeed696d4f181e5998d744b
    Size: 103.79 kB