Security Advisory Critical: samba3x security update

Advisory: RHSA-2016:0613-1
Type: Security Advisory
Severity: Critical
Issued on: 2016-04-12
Last updated on: 2016-04-12
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2015-5370
CVE-2016-2110
CVE-2016-2111
CVE-2016-2112
CVE-2016-2115
CVE-2016-2118

Details

An update for samba3x is now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible machines
to share files, printers, and other information.

Security Fix(es):

* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A
remote, authenticated attacker could use these flaws to cause a denial of
service against the Samba server (high CPU load or a crash) or, possibly,
execute arbitrary code with the permissions of the user running Samba (root).
This flaw could also be used to downgrade a secure DCE/RPC connection by a
man-in-the-middle attacker taking control of an Active Directory (AD) object and
compromising the security of a Samba Active Directory Domain Controller (DC).
(CVE-2015-5370)

Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support
running Samba as an AD DC, this flaw applies to all roles Samba implements.

* A protocol flaw, publicly referred to as Badlock, was found in the Security
Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority
(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection
that a client initiates against a server could be used by a man-in-the-middle
attacker to impersonate the authenticated user against the SAMR or LSA service
on the server. As a result, the attacker would be able to get read/write access
to the Security Account Manager database, and use this to reveal all passwords
or any other potentially sensitive information in that database. (CVE-2016-2118)

* Several flaws were found in Samba's implementation of NTLMSSP authentication.
An unauthenticated, man-in-the-middle attacker could use this flaw to clear the
encryption and integrity flags of a connection, causing data to be transmitted
in plain text. The attacker could also force the client or server into sending
data in plain text even if encryption was explicitly requested for that
connection. (CVE-2016-2110)

* It was discovered that Samba configured as a Domain Controller would establish
a secure communication channel with a machine using a spoofed computer name. A
remote attacker able to observe network traffic could use this flaw to obtain
session-related information about the spoofed machine. (CVE-2016-2111)

* It was found that Samba's LDAP implementation did not enforce integrity
protection for LDAP connections. A man-in-the-middle attacker could use this
flaw to downgrade LDAP connections to use no integrity protection, allowing them
to hijack such connections. (CVE-2016-2112)

* It was found that Samba did not enable integrity protection for IPC traffic by
default. A man-in-the-middle attacker could use this flaw to view and modify the
data sent between a Samba server and a client. (CVE-2016-2115)

Red Hat would like to thank the Samba project for reporting these issues.
Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of
CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of
CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted automatically.

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
samba3x-3.6.23-12.el5_11.src.rpm
File outdated by:  RHBA-2016:1294
    MD5: b187372277d94cca7789c5073dbacb80
SHA-256: a27f1b1b0a745aa3fb4c5512048c31384f7731c8c2b5a539a7bab4bc90657fe1
 
IA-32:
samba3x-debuginfo-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: 98a42de10e402a41ffeac5f9babfad79
SHA-256: 8864f97b1a59dfb95dbee24e39601663e49721f52d06678f19331fe02319bff8
samba3x-winbind-devel-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: b1afc981552776528397ae44b695cad1
SHA-256: 4966afa7e8e45c68a03731d94477c1180c6e9a05d7c73c2bef7fc818e3e535d9
 
x86_64:
samba3x-debuginfo-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: 98a42de10e402a41ffeac5f9babfad79
SHA-256: 8864f97b1a59dfb95dbee24e39601663e49721f52d06678f19331fe02319bff8
samba3x-debuginfo-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 766d84f76fb688bbddba0ec48ca61065
SHA-256: fbeb45250101b57f94b521082c2743a25ab7ebc6da61b1d4da86dabe69b83bd0
samba3x-winbind-devel-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: b1afc981552776528397ae44b695cad1
SHA-256: 4966afa7e8e45c68a03731d94477c1180c6e9a05d7c73c2bef7fc818e3e535d9
samba3x-winbind-devel-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: d1121c5d47b4d7734439656019181e0a
SHA-256: 00f506980ebc092c9ad39f31d18dc4976f5e183c10c679ba5ff1c225f4f7290a
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
samba3x-3.6.23-12.el5_11.src.rpm
File outdated by:  RHBA-2016:1294
    MD5: b187372277d94cca7789c5073dbacb80
SHA-256: a27f1b1b0a745aa3fb4c5512048c31384f7731c8c2b5a539a7bab4bc90657fe1
 
IA-32:
samba3x-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: 092825fe08ba15bcfd3116afe798a5d5
SHA-256: 4ebba832f21473ea537e4cf5c28ee2afedc14a88b9a25c12258c3594c5d08474
samba3x-client-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: 1c1f1075902e3a330ee39c40dfff49bf
SHA-256: c036340bb467410a5a97f37125fffd5b25e6855f125585e31a9be4d5d2311e31
samba3x-common-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: d6843f65868b78bc4fca9a1a2ce29419
SHA-256: 9c7d5e9820ca2937fcd1d3ca2146da15244f07af064f7029d5aa7a5fe1a3755a
samba3x-debuginfo-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: 98a42de10e402a41ffeac5f9babfad79
SHA-256: 8864f97b1a59dfb95dbee24e39601663e49721f52d06678f19331fe02319bff8
samba3x-doc-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: 383644b03cabcaf80249f40b1cc5f9bf
SHA-256: 42ec61726556566836273885f965f029d5318f023d4ebc498a22fa5f251a4fea
samba3x-domainjoin-gui-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: c3229870e96bf477f2fc77b089e4c3c6
SHA-256: ca2061cbd165ba17d81cf6aae8c237ead909ff2e690322d02c3d4b382af022f6
samba3x-swat-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: c76d3a4a444bc7f380e195957c948936
SHA-256: 97113481160beed8adc9a92a5cdd7ac4a154e7ecaa1007bfeb9d2745669a5f7d
samba3x-winbind-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: f3dfdcd74e520b9b05f84fdaaf5505c1
SHA-256: 938b6d61d9b98628949c09fc17db31891ecb35e13ddedf970cfdd93fc4528498
samba3x-winbind-devel-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: b1afc981552776528397ae44b695cad1
SHA-256: 4966afa7e8e45c68a03731d94477c1180c6e9a05d7c73c2bef7fc818e3e535d9
 
IA-64:
samba3x-3.6.23-12.el5_11.ia64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 0f95dc2482e675cda504ee42f69b9226
SHA-256: 3bd4366998fc425db91b85597c026e8d7b88000841a4da66f58f1f2a4b4daed9
samba3x-client-3.6.23-12.el5_11.ia64.rpm
File outdated by:  RHBA-2016:1294
    MD5: b071c98f789505454f83287d19ae69c4
SHA-256: 54cc2465a08e24b08e43790809200377032058a5fdaded4c74922330423f8c1c
samba3x-common-3.6.23-12.el5_11.ia64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 476ce142544a1e599760050387e37a5c
SHA-256: c186d9c3ceec89d95e120cb30164bc77216a56733c0f0e857b2d66ea5a3f6ec0
samba3x-debuginfo-3.6.23-12.el5_11.ia64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 0758f3536221c649c711d778ef393d17
SHA-256: eebae09aa48e8906714e9efe43bfa2b9d467f50b7fba4bbe588e2c3fe732cb45
samba3x-doc-3.6.23-12.el5_11.ia64.rpm
File outdated by:  RHBA-2016:1294
    MD5: b045344cf7174906797eb6455e5e9be1
SHA-256: 2f9f45ace3e56a28a8da7b9682be10aaa0fcc9f0847c8d89803ac2470e4c7a74
samba3x-domainjoin-gui-3.6.23-12.el5_11.ia64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 7fa7d178f98772aa79810af7d2fb5e60
SHA-256: 9c12c5e71552d73c01f8048e6518b2c10f94cbe809b119a416fa8adce54110ac
samba3x-swat-3.6.23-12.el5_11.ia64.rpm
File outdated by:  RHBA-2016:1294
    MD5: a38f49c152fb25a4569d1e4a0baa0cb0
SHA-256: ec50bed98202509b41312cf3b8a6808b26db4a89dd6af7cc2e63a29c30fecf94
samba3x-winbind-3.6.23-12.el5_11.ia64.rpm
File outdated by:  RHBA-2016:1294
    MD5: e069bebab3151e2d7cb0a4860a427e16
SHA-256: a9e6374b55da9b4d8967cc68b7b76ccff701c0c0e09076d41039bd860eff83d1
samba3x-winbind-devel-3.6.23-12.el5_11.ia64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 8ed609559c97ce8e5022891e8ace44c6
SHA-256: 576ba7d8c79116f50109767656e1ade688deb7277c484bd67163506a1a2a798b
 
PPC:
samba3x-3.6.23-12.el5_11.ppc.rpm
File outdated by:  RHBA-2016:1294
    MD5: 50ad258fb866e143c7ae75f4bf14ddeb
SHA-256: 320b8aeaafa828c0e820017b47a3811a55450dc25bc6ba3c438997aa716489dd
samba3x-client-3.6.23-12.el5_11.ppc.rpm
File outdated by:  RHBA-2016:1294
    MD5: 98937940600dc50779f0a2a92005f1c6
SHA-256: d5cfe78f9bf52add001ed0bfda88a495554e9c75db3ceac3755871d7ec143707
samba3x-common-3.6.23-12.el5_11.ppc.rpm
File outdated by:  RHBA-2016:1294
    MD5: 84bfa5ea808a4180dd0d69c9688931fa
SHA-256: 94198c2bdac92e1e58a38cd8fd680ca80f4dc99a792cf5a59cf2193f1e0c5e63
samba3x-debuginfo-3.6.23-12.el5_11.ppc.rpm
File outdated by:  RHBA-2016:1294
    MD5: 74ad0a3d3f3a9b14c70b1d8e48caa45c
SHA-256: 04b3a5fd5cb3d999d228f26a2a7c4437d81fb360cf34a8eda0c7c77a0174adaf
samba3x-debuginfo-3.6.23-12.el5_11.ppc64.rpm
File outdated by:  RHBA-2016:1294
    MD5: da44a6dae295c0f949863aa71841aecc
SHA-256: a929b61cae51eabda282e635be6005a504c1d649aaf76c253c3a0885f78c6908
samba3x-doc-3.6.23-12.el5_11.ppc.rpm
File outdated by:  RHBA-2016:1294
    MD5: bd85d1f1464b02704e2878e4b72c74d0
SHA-256: 3de6061d4c899139d4e3fe63c1f750c67dcee87eea67e54a6521f1aa9337f806
samba3x-domainjoin-gui-3.6.23-12.el5_11.ppc.rpm
File outdated by:  RHBA-2016:1294
    MD5: a29ff08e930bafa25a4192fa06a4237f
SHA-256: 05a3277438faa49e1efb03926643e5abf7b7db6dca7c7cf6c86f46728404e545
samba3x-swat-3.6.23-12.el5_11.ppc.rpm
File outdated by:  RHBA-2016:1294
    MD5: be302c5727a1bb4e0af1af7177639b22
SHA-256: dc5e083471b341027745b02fba651d32e1ef783ef7403af865a17d72e5f5c6d3
samba3x-winbind-3.6.23-12.el5_11.ppc.rpm
File outdated by:  RHBA-2016:1294
    MD5: 327a7119f9f0b686b68ed6a6f8e82501
SHA-256: d843b157cd4bb15e51dacb4af383eb4731c6e219fc083edd6449ff504bc13279
samba3x-winbind-3.6.23-12.el5_11.ppc64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 69ececa0080770b105678ef60004e565
SHA-256: cae88b871383593f38b5fcdc83007ab2e9a8f655bcbe3387be1953b15b645df7
samba3x-winbind-devel-3.6.23-12.el5_11.ppc.rpm
File outdated by:  RHBA-2016:1294
    MD5: 9b04f7e19c908fa04e78cad75b26a871
SHA-256: 1c2e3202f2476139d0860a16f6f4a9a6d28bb015966ecb34ac0addea9d4d56eb
samba3x-winbind-devel-3.6.23-12.el5_11.ppc64.rpm
File outdated by:  RHBA-2016:1294
    MD5: c479be96efb85abac17de1ce66ceed34
SHA-256: 1d1770d16d822df5f42e1814b7eaf5dbe7a200103ec750f18e38c21401d95736
 
s390x:
samba3x-3.6.23-12.el5_11.s390x.rpm
File outdated by:  RHBA-2016:1294
    MD5: 7abc3a0c5bfbd6c9496184c682866829
SHA-256: c646c981e531d05ca9ee4f08ebe293eef9fcebd45a72f6eec2292660f8934a5b
samba3x-client-3.6.23-12.el5_11.s390x.rpm
File outdated by:  RHBA-2016:1294
    MD5: 6b3591d6896e8b2584d32f8763142062
SHA-256: 72e434affb226ce455be2294af99292825c1e097583f6bb397730757ec8d22dd
samba3x-common-3.6.23-12.el5_11.s390x.rpm
File outdated by:  RHBA-2016:1294
    MD5: 00a3f36aad86f3728bf258a074044613
SHA-256: 7d8133da07cf4325f14bf2b7000b5717f9dd833622575e10178cb9b239a7f1b8
samba3x-debuginfo-3.6.23-12.el5_11.s390.rpm
File outdated by:  RHBA-2016:1294
    MD5: 54840093f68e5401e3ad753c37e5c2ff
SHA-256: 4802cfd193bf6c769600cfee7539f7d87e3caf9aa548d5edaaf78d76d69f1be3
samba3x-debuginfo-3.6.23-12.el5_11.s390x.rpm
File outdated by:  RHBA-2016:1294
    MD5: 8161e63b59228f6ca9f27ade5742a3ad
SHA-256: 70f3a16d3806e3f370e38ea8786cd70285ef20dd334e073eb688bcf4256924f5
samba3x-doc-3.6.23-12.el5_11.s390x.rpm
File outdated by:  RHBA-2016:1294
    MD5: 99cfd21ceea89cce53a013b28d27c8ea
SHA-256: 47420592854662827538739b93fbc0b82362064984ab553305d5e25209b632de
samba3x-domainjoin-gui-3.6.23-12.el5_11.s390x.rpm
File outdated by:  RHBA-2016:1294
    MD5: 6d1e98ca26921dab6210afb8fb73d56a
SHA-256: 7bf4fbdd2c021dec187dd2193272065d9a57a03b83f2ddb1b3a384f666a4df99
samba3x-swat-3.6.23-12.el5_11.s390x.rpm
File outdated by:  RHBA-2016:1294
    MD5: 240eea8a1db65b67177de52b55dcffdb
SHA-256: 01a6f9f907e0de466d06f18d023d27d8e21174b07b3019d06f6ca23c4bf546ea
samba3x-winbind-3.6.23-12.el5_11.s390.rpm
File outdated by:  RHBA-2016:1294
    MD5: e5484f36562ca6231cde161219ae3716
SHA-256: 9c6feff3ada319b8045993b1042731ad88c9d9c8eb526e534be162fb22ca99fa
samba3x-winbind-3.6.23-12.el5_11.s390x.rpm
File outdated by:  RHBA-2016:1294
    MD5: f7b73e17de37acb7001890864925b0c9
SHA-256: 54fee6789ba147e0703d9d9611d0f7da4e897c855f8009700bf1871bd6e09599
samba3x-winbind-devel-3.6.23-12.el5_11.s390.rpm
File outdated by:  RHBA-2016:1294
    MD5: 4a852719641036ee9dcf3016b66d0174
SHA-256: bbb0f75ab77f4d5e1dbcb61bda2790c1b8a3b4e71d6795f6b661b76ef1db5a2a
samba3x-winbind-devel-3.6.23-12.el5_11.s390x.rpm
File outdated by:  RHBA-2016:1294
    MD5: 0c83f734c372420c52feeaf09c17d55e
SHA-256: 984b80bb330008633989fa889a339cab0a65b41a8d8580dcf06287d9b6384cb7
 
x86_64:
samba3x-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: d3d7c7246e4848dc557ab6acad0fe9ca
SHA-256: 04c5aa7e680751c4c14e69d98e1986b737cbeb034a83ebe52a1d1b0bec3f96f8
samba3x-client-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 0684197c5b41ad5ef984a19b0b289f0d
SHA-256: 22addf2a34e4bcf072a44ea54f87d10ea8cff25fa8d8eb9ccb8ea40227da496f
samba3x-common-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 7b61f1f54474bbdf6cd2c697a50f2c3d
SHA-256: 91af5463323ee0985c45242bea2a02f7a039c214928c9329357ad6a8c066b8c2
samba3x-debuginfo-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: 98a42de10e402a41ffeac5f9babfad79
SHA-256: 8864f97b1a59dfb95dbee24e39601663e49721f52d06678f19331fe02319bff8
samba3x-debuginfo-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 766d84f76fb688bbddba0ec48ca61065
SHA-256: fbeb45250101b57f94b521082c2743a25ab7ebc6da61b1d4da86dabe69b83bd0
samba3x-doc-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: ad3b05b47b080236b3a1f1fb1d8c1e80
SHA-256: e7c97e172436e5bea8ef4558be846837f2eab392aae8d909d3728a984d23b49d
samba3x-domainjoin-gui-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 16e4f86889ff29b01a319bedfada2c6d
SHA-256: 9b16d4c72cdd255bac84b08b7357f48ffb1b79812adb0bf0d0cc48fdaac13017
samba3x-swat-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 8c6e870754b50f315976a94fd3511640
SHA-256: 36182149c5acf9dd7c154fcdd8881425c0042db68eb694e8d49101eb25be4091
samba3x-winbind-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: f3dfdcd74e520b9b05f84fdaaf5505c1
SHA-256: 938b6d61d9b98628949c09fc17db31891ecb35e13ddedf970cfdd93fc4528498
samba3x-winbind-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: ad52f50d20967004a06ffacee8bcc2fb
SHA-256: e2c097dc6d21072545902bdfb7755775e0837f78a661988191dc137b2552cec5
samba3x-winbind-devel-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: b1afc981552776528397ae44b695cad1
SHA-256: 4966afa7e8e45c68a03731d94477c1180c6e9a05d7c73c2bef7fc818e3e535d9
samba3x-winbind-devel-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: d1121c5d47b4d7734439656019181e0a
SHA-256: 00f506980ebc092c9ad39f31d18dc4976f5e183c10c679ba5ff1c225f4f7290a
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
samba3x-3.6.23-12.el5_11.src.rpm
File outdated by:  RHBA-2016:1294
    MD5: b187372277d94cca7789c5073dbacb80
SHA-256: a27f1b1b0a745aa3fb4c5512048c31384f7731c8c2b5a539a7bab4bc90657fe1
 
IA-32:
samba3x-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: 092825fe08ba15bcfd3116afe798a5d5
SHA-256: 4ebba832f21473ea537e4cf5c28ee2afedc14a88b9a25c12258c3594c5d08474
samba3x-client-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: 1c1f1075902e3a330ee39c40dfff49bf
SHA-256: c036340bb467410a5a97f37125fffd5b25e6855f125585e31a9be4d5d2311e31
samba3x-common-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: d6843f65868b78bc4fca9a1a2ce29419
SHA-256: 9c7d5e9820ca2937fcd1d3ca2146da15244f07af064f7029d5aa7a5fe1a3755a
samba3x-debuginfo-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: 98a42de10e402a41ffeac5f9babfad79
SHA-256: 8864f97b1a59dfb95dbee24e39601663e49721f52d06678f19331fe02319bff8
samba3x-doc-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: 383644b03cabcaf80249f40b1cc5f9bf
SHA-256: 42ec61726556566836273885f965f029d5318f023d4ebc498a22fa5f251a4fea
samba3x-domainjoin-gui-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: c3229870e96bf477f2fc77b089e4c3c6
SHA-256: ca2061cbd165ba17d81cf6aae8c237ead909ff2e690322d02c3d4b382af022f6
samba3x-swat-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: c76d3a4a444bc7f380e195957c948936
SHA-256: 97113481160beed8adc9a92a5cdd7ac4a154e7ecaa1007bfeb9d2745669a5f7d
samba3x-winbind-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: f3dfdcd74e520b9b05f84fdaaf5505c1
SHA-256: 938b6d61d9b98628949c09fc17db31891ecb35e13ddedf970cfdd93fc4528498
 
x86_64:
samba3x-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: d3d7c7246e4848dc557ab6acad0fe9ca
SHA-256: 04c5aa7e680751c4c14e69d98e1986b737cbeb034a83ebe52a1d1b0bec3f96f8
samba3x-client-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 0684197c5b41ad5ef984a19b0b289f0d
SHA-256: 22addf2a34e4bcf072a44ea54f87d10ea8cff25fa8d8eb9ccb8ea40227da496f
samba3x-common-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 7b61f1f54474bbdf6cd2c697a50f2c3d
SHA-256: 91af5463323ee0985c45242bea2a02f7a039c214928c9329357ad6a8c066b8c2
samba3x-debuginfo-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: 98a42de10e402a41ffeac5f9babfad79
SHA-256: 8864f97b1a59dfb95dbee24e39601663e49721f52d06678f19331fe02319bff8
samba3x-debuginfo-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 766d84f76fb688bbddba0ec48ca61065
SHA-256: fbeb45250101b57f94b521082c2743a25ab7ebc6da61b1d4da86dabe69b83bd0
samba3x-doc-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: ad3b05b47b080236b3a1f1fb1d8c1e80
SHA-256: e7c97e172436e5bea8ef4558be846837f2eab392aae8d909d3728a984d23b49d
samba3x-domainjoin-gui-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 16e4f86889ff29b01a319bedfada2c6d
SHA-256: 9b16d4c72cdd255bac84b08b7357f48ffb1b79812adb0bf0d0cc48fdaac13017
samba3x-swat-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: 8c6e870754b50f315976a94fd3511640
SHA-256: 36182149c5acf9dd7c154fcdd8881425c0042db68eb694e8d49101eb25be4091
samba3x-winbind-3.6.23-12.el5_11.i386.rpm
File outdated by:  RHBA-2016:1294
    MD5: f3dfdcd74e520b9b05f84fdaaf5505c1
SHA-256: 938b6d61d9b98628949c09fc17db31891ecb35e13ddedf970cfdd93fc4528498
samba3x-winbind-3.6.23-12.el5_11.x86_64.rpm
File outdated by:  RHBA-2016:1294
    MD5: ad52f50d20967004a06ffacee8bcc2fb
SHA-256: e2c097dc6d21072545902bdfb7755775e0837f78a661988191dc137b2552cec5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1309987 - CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check
1311893 - CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication
1311902 - CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured
1311903 - CVE-2016-2112 samba: Missing downgrade detection
1312084 - CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage
1317990 - CVE-2016-2118 samba: SAMR and LSA man in the middle attacks


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/