samba was updated to fix seven security issues.
These security issues were fixed:
- CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).
- CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).
- CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).
- CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).
- CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
- CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).
- CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965).
These non-security issues were fixed:
- bsc#974629: Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call.
- bsc#973832: Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel.
- bsc#972197: Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it.
- Getting and setting Windows ACLs on symlinks can change permissions on link
- bsc#924519: Upgrade on-disk FSRVP server state to new version.
- bsc#968973: Only obsolete but do not provide gplv2/3 package names.
- bso#6482: s3:utils/smbget: Fix recursive download.
- bso#10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support.
- bso#11643: docs: Add example for domain logins to smbspool man page.
- bso#11690: s3-client: Add a KRB5 wrapper for smbspool.
- bso#11708: loadparm: Fix memory leak issue.
- bso#11714: lib/tsocket: Work around sockets not supporting FIONREAD.
- bso#11719: ctdb-scripts: Drop use of 'smbcontrol winbindd ip-dropped ...'.
- bso#11727: s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file.
- bso#11732: param: Fix str_list_v3 to accept ';' again.
- bso#11740: Real memeory leak(buildup)...