| Errata ID | 35 |
|---|---|
| Date | 2015-12-16 |
| Source package | samba |
| Fixed in version | 2:4.3.3-1.812.201512111459 |
| Description | This updates Samba to version 4.3.3 and addresses the following issues: * Samba 4.3.3 fixes a couple of security issues, see CVE list * In certain situations samba restart left samba in a non-functional state. * When closing sessions the smbd server processes exited with a memory corruption error. * Samba could expose Windows DCs to MS15-096 Denial of service via the creation of multiple machine accounts. Pure Samba domains as in UCS are not affected directly (CVE-2015-2535) * Malicious request can cause Samba LDAP server to hang consuming CPU time (CVE-2015-3223) * Insufficient symlink verification (file access outside of share) (CVE-2015-5252) * Samba client requesting encryption vulnerable to downgrade attack (CVE-2015-5296) * Missing access control check in the VFS shadow_copy2 module could allow unauthorized users to access snapshots (CVE-2015-5299) * Remote read of uninitialized memory from Samba LDAP server (CVE-2015-5330) |
| Additional notes | |
| CVE ID | CVE-2015-2535 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 |
| UCS Bug number | #40132 #40131 #40221 |
