FEDORA-2016-be53260726 created by gd 5 years ago for Fedora 23
stable

Security fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118

How to install

sudo dnf upgrade --advisory=FEDORA-2016-be53260726

This update has been submitted for testing by gd.

5 years ago
User Icon asn commented & provided feedback 5 years ago
karma

Still works! Thanks for all the work!

BZ#1309987 CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check
BZ#1311893 CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication
BZ#1311902 CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured
BZ#1311903 CVE-2016-2112 samba: Missing downgrade detection
BZ#1311910 CVE-2016-2113 samba: Server certificates not validated at client side
BZ#1312082 CVE-2016-2114 samba: Samba based active directory domain controller does not enforce smb signing
BZ#1312084 CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage
BZ#1317990 CVE-2016-2118 samba: SAMR and LSA man in the middle attacks
BZ#1326453 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]
User Icon abbra provided feedback 5 years ago
karma
BZ#1309987 CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check
BZ#1311893 CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication
BZ#1311902 CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured
BZ#1311903 CVE-2016-2112 samba: Missing downgrade detection
BZ#1311910 CVE-2016-2113 samba: Server certificates not validated at client side
BZ#1312082 CVE-2016-2114 samba: Samba based active directory domain controller does not enforce smb signing
BZ#1312084 CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage
BZ#1317990 CVE-2016-2118 samba: SAMR and LSA man in the middle attacks
BZ#1326453 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]
User Icon siddharths provided feedback 5 years ago
karma
BZ#1309987 CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check
BZ#1311893 CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication
BZ#1311902 CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured
BZ#1311903 CVE-2016-2112 samba: Missing downgrade detection
BZ#1311910 CVE-2016-2113 samba: Server certificates not validated at client side
BZ#1312082 CVE-2016-2114 samba: Samba based active directory domain controller does not enforce smb signing
BZ#1312084 CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage
BZ#1317990 CVE-2016-2118 samba: SAMR and LSA man in the middle attacks
BZ#1326453 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]

gd edited this update.

5 years ago

This update has been pushed to testing.

5 years ago

This update has been submitted for stable by bodhi.

5 years ago
User Icon nb commented & provided feedback 5 years ago
karma

works, thanks

BZ#1309987 CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check
BZ#1311893 CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication
BZ#1311902 CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured
BZ#1311903 CVE-2016-2112 samba: Missing downgrade detection
BZ#1311910 CVE-2016-2113 samba: Server certificates not validated at client side
BZ#1312082 CVE-2016-2114 samba: Samba based active directory domain controller does not enforce smb signing
BZ#1312084 CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage
BZ#1317990 CVE-2016-2118 samba: SAMR and LSA man in the middle attacks
BZ#1326453 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]

This update has been pushed to stable.

5 years ago

Please login to add feedback.

Metadata
Type
security
Severity
urgent
Karma
4
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
modified
5 years ago
BZ#1309987 CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check
0
4
BZ#1311893 CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication
0
4
BZ#1311902 CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured
0
4
BZ#1311903 CVE-2016-2112 samba: Missing downgrade detection
0
4
BZ#1311910 CVE-2016-2113 samba: Server certificates not validated at client side
0
4
BZ#1312082 CVE-2016-2114 samba: Samba based active directory domain controller does not enforce smb signing
0
4
BZ#1312084 CVE-2016-2115 samba: Smb signing not required by default when smb client connection is used for ipc usage
0
4
BZ#1317990 CVE-2016-2118 samba: SAMR and LSA man in the middle attacks
0
4
BZ#1326453 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [fedora-all]
0
4

Automated Test Results

Test Cases

0 3 Test Case desktop network smb