openSUSE Security Update : samba (openSUSE-2016-399)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for the samba server fixes the following issues :

Security issue fixed :

- CVE-2015-7560: Getting and setting Windows ACLs on
symlinks can change permissions on link target;
(bso#11648); (bsc#968222).

Other bugs fixed :

- Enable clustering (CTDB) support; (bsc#966271).

- s3: smbd: Fix timestamp rounding inside SMB2 create;
(bso#11703); (bsc#964023).

- vfs_fruit: Fix renaming directories with open files;

- Fix MacOS finder error 36 when copying folder to Samba;

- s3:smbd/oplock: Obey kernel oplock setting when
releasing oplocks; (bso#11400).

- Fix copying files with vfs_fruit when using
vfs_streams_xattr without stream prefix and type suffix;

- s3:libsmb: Correctly initialize the list head when
keeping a list of primary followed by DFS connections;

- Reduce the memory footprint of empty string options;

- lib/async_req: Do not install async_connect_send_test;

- docs: Fix typos in man vfs_gpfs; (bso#11641).

- smbd: make 'hide dot files' option work with 'store dos
attributes = yes'; (bso#11645).

- smbcacls: Fix uninitialized variable; (bso#11682).

- s3:smbd: Ignore initial allocation size for directory
creation; (bso#11684).

- Add quotes around path of update-apparmor-samba-profile;

- Prevent access denied if the share path is '/';
(bso#11647); (bsc#960249).

- Ensure samlogon fallback requests are rerouted after
kerberos failure; (bsc#953972).

- samba: winbind crash ->
netlogon_creds_client_authenticator; (bsc#953972)

This update was imported from the SUSE:SLE-12-SP1:Update update

See also :

Solution :

Update the affected samba packages.

Risk factor :

Medium / CVSS Base Score : 4.0

Family: SuSE Local Security Checks

Nessus Plugin ID: 90173 ()

Bugtraq ID:

CVE ID: CVE-2015-7560

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now