| Errata ID | 389 |
|---|---|
| Date | 2015-12-16 |
| Source package | samba |
| Fixed in version | 2:4.1.0-1.821.201512142147 |
| Description | This update addresses the following issues: * Samba may expose Windows DCs to MS15-096 Denial of Service via the creation of multiple machine accounts. Pure Samba domains as in UCS are not affected directly (CVE-2015-2535) * Malicious request can cause Samba LDAP server to hang consuming CPU time (CVE-2015-3223) * Insufficient symlink verification (file access outside of share) (CVE-2015-5252) * Samba client requesting encryption vulnerable to downgrade attack (CVE-2015-5296) * Missing access control check in the VFS shadow_copy2 module could allow unauthorized users to access snapshots (CVE-2015-5299) * Remote read of uninitialized memory from Samba LDAP server (CVE-2015-5330) * Remote Denial of Service in Samba/AD LDAP server (CVE-2015-7540) |
| Additional notes | |
| CVE ID | CVE-2015-2535 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-7540 |
| UCS Bug number | #40223 |
