-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2016.0951.3
                           samba security update
                                6 June 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           samba
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
                   Debian GNU/Linux 8
Impact/Access:     Root Compromise                -- Existing Account      
                   Access Privileged Data         -- Remote/Unauthenticated
                   Modify Arbitrary Files         -- Remote/Unauthenticated
                   Provide Misleading Information -- Remote/Unauthenticated
                   Denial of Service              -- Existing Account      
                   Reduced Security               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-2118 CVE-2016-2115 CVE-2016-2114
                   CVE-2016-2113 CVE-2016-2112 CVE-2016-2111
                   CVE-2016-2110 CVE-2015-5370 CVE-2015-0005

Reference:         ESB-2016.0947
                   ESB-2016.0946
                   ESB-2016.0940
                   ESB-2016.0931
                   ESB-2015.0563.2

Original Bulletin: 
   http://www.debian.org/security/2016/dsa-3548

Revision History:  June   6 2016: The upgrade to Samba 4.2 issued as DSA-3548-1 introduced several upstream regressions
                   April 15 2016: The upgrade to Samba 4.2 issued as DSA-3548-1 introduced a packaging regression
                   April 14 2016: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3548-3                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 05, 2016                         https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : samba
Debian Bug     : 821002 822937

The upgrade to Samba 4.2 issued as DSA-3548-1 introduced several
upstream regressions and as well a packaging regression causing errors
on upgrading the packages. Updated packages are now available to address
these problems.

For the stable distribution (jessie), these problems have been fixed in
version 2:4.2.10+dfsg-0+deb8u3.

We recommend that you upgrade your samba packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXVDeBAAoJEAVMuPMTQ89EvPsP/1fV8LRDc9zXqJlRzUcsDH8Z
OKTQFlMxDGxJnHRmLa5G2aLf+VqvsHjKJDRehTgoARknuwoMU5gZSm2nCSDPwhtT
a34Hmvil9jagurNtYmL4kSfyjFwXAlZiaIHRn4OBcNR1H7Z+PV4ge+pMPKJmfAoF
AcpMbSOYJGwosX1DtIlhAn8o4mDuNxAZXgNB7ZLNDSObDUdIHnLLJ6NJYle9T2Qe
lFNqcZT+FRqb1P54V1fzt0sRWIp3KVOxbUGwUw8pyanOCNiP2HYCGAVUzgewRRac
yaMIbWAjtZ9Uh5G4G3BtUWf3b3xYrP+nObkLc41xJRrarTfwu+VomU9lgiU58mHn
6D7THGtqq7sLt76w5llntOuDeiHCaWJR2Oy6wm1u9hnVFr9IY5g0e0nu5/Wa1VQm
twM0TBMUIY8XtVYhV1wdcrI29lqMSPPp8o9Gs2JD3gUyQUmlnggPTOiqih38RAdD
woAHBoZUrnonWKxnHQUclFgEqInHXNn9YWl08iklcm9mYep+JxOmXFwcAydfG6N6
beJx9T/xkA0uPmKkwS1LH5mXdhP26T8hwgu9nkRZlt+VLNkC8Mf7Cz2FsqEoyTzH
BlfWqjcc6lWFbLltFEQqCUV6A5TOV+a6dfez8p3kTPwWiN9MwDNq3RTkFMbAvDVC
XKwHg6dq9dUvrZ8Xg0gT
=qE2s
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3548-2                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 14, 2016                        https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : samba
Debian Bug     : 820947

The upgrade to Samba 4.2 issued as DSA-3548-1 introduced a packaging
regression causing an additional dependency on the samba binary package
for the samba-libs, samba-common-bin, python-samba and samba-vfs-modules
binary packages. Updated packages are now available to address this
problem.

For the stable distribution (jessie), this problem has been fixed in
version 2:4.2.10+dfsg-0+deb8u2.

We recommend that you upgrade your samba packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXD3eLAAoJEAVMuPMTQ89ECIwP/A4Qk/kdCVUzzbJXg36YPJnH
XtCPMxAhII2+7H0F+ZJIG0HTcVNGX634oxyIMPIh5bdmcP17F3H/Sf6X6SLxJHow
sBlCi9aKeIzrYS+iZ2D7UI5lPeqsZnYRaRZo/n5JrMW3gLu6IHoYCOk8LYm9DcAD
JVjcvpNmMl4+jcoY7clAzmEi/xdqMW3s2e5c5ndhPS69uAOVEI3D2gWYUd28DP0G
haatQBzLSRubtqhvUBDl0ET1FGZPuaUg20gtg8MLCN/kEw0S2Mag0EFKxoPn1JoW
mu9SfxQu6d6eTPBlkcGAeHPqhFXxRayg8gGcLuC3fdReRYV6DarilxhXPLzYnHe0
BfBMXB7MWyuUfmVjV7avI1o7/gxOcvm1Y6RAbogEIUScx4absFBZNSNWt26GUMNI
fCgIbXl6TVDa6TTqGWDaZQPT2SnR85LvXGQHmXiGSeiF63FDUCb/TUuXC9cppGFx
eoZHgEBsJFYabxwg9YBoiyrTp9k8xpW1kvpC0INDclREohnJWdGiG3MhcMm3EhBe
nezgYyi6rQMPNZ1SH57ne2nUa3rqqablUYuDC1Ba7PhkWjeNPeAotopd2iCy+4Wa
D9uSlgdY/YJoj/BwTIZ3k8mEDnYmGBTAlN+CrMfbHPfHmkF4VviNvgFThSyzdsUb
WF+ApwrZ/HQW8V+I9uH+
=hT/2
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3548-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 13, 2016                        https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : samba
CVE ID         : CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112
                 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server for Unix. The Common Vulnerabilities and
Exposures project identifies the following issues:

CVE-2015-5370

    Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC
    code which can lead to denial of service (crashes and high cpu
    consumption) and man-in-the-middle attacks.

CVE-2016-2110

    Stefan Metzmacher of SerNet and the Samba Team discovered that the
    feature negotiation of NTLMSSP does not protect against downgrade
    attacks.

CVE-2016-2111

    When Samba is configured as domain controller, it allows remote
    attackers to spoof the computer name of a secure channel's endpoint,
    and obtain sensitive session information. This flaw corresponds to
    the same vulnerability as CVE-2015-0005 for Windows, discovered by
    Alberto Solino from Core Security.

CVE-2016-2112

    Stefan Metzmacher of SerNet and the Samba Team discovered that a
    man-in-the-middle attacker can downgrade LDAP connections to avoid
    integrity protection.

CVE-2016-2113

    Stefan Metzmacher of SerNet and the Samba Team discovered that
    man-in-the-middle attacks are possible for client triggered LDAP
    connections and ncacn_http connections.

CVE-2016-2114

    Stefan Metzmacher of SerNet and the Samba Team discovered that Samba
    does not enforce required smb signing even if explicitly configured.

CVE-2016-2115

    Stefan Metzmacher of SerNet and the Samba Team discovered that SMB
    connections for IPC traffic are not integrity-protected.

CVE-2016-2118

    Stefan Metzmacher of SerNet and the Samba Team discovered that a
    man-in-the-middle attacker can intercept any DCERPC traffic between
    a client and a server in order to impersonate the client and obtain
    the same privileges as the authenticated user account.

For the oldstable distribution (wheezy), these problems have been fixed
in version 2:3.6.6-6+deb7u9. The oldstable distribution is not affected
by CVE-2016-2113 and CVE-2016-2114.

For the stable distribution (jessie), these problems have been fixed in
version 2:4.2.10+dfsg-0+deb8u1. The issues were addressed by upgrading
to the new upstream version 4.2.10, which includes additional changes
and bugfixes. The depending libraries ldb, talloc, tdb and tevent
required as well an update to new upstream versions for this update.

For the unstable distribution (sid), these problems have been fixed in
version 2:4.3.7+dfsg-1.

Please refer to

  https://www.samba.org/samba/latest_news.html#4.4.2
  https://www.samba.org/samba/history/samba-4.2.0.html
  https://www.samba.org/samba/history/samba-4.2.10.html

for further details (in particular for new options and defaults).

We'd like to thank Andreas Schneider and Guenther Deschner (Red Hat),
Stefan Metzmacher and Ralph Boehme (SerNet) and Aurelien Aptel (SUSE)
for the massive backporting work required to support Samba 3.6 and Samba
4.2 and Andrew Bartlett (Catalyst), Jelmer Vernooij and Mathieu Parent
for their help in preparing updates of Samba and the underlying
infrastructure libraries.

We recommend that you upgrade your samba packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXDq7QAAoJEAVMuPMTQ89EFD0QAJton3j2Boy5mh2UzSi5mAzk
jfyDcHzRf1WeCgNvXQeB6mZd0c/IYPrgEjQowLPBuggPrL4d2lME0VI8YIQlJGri
pM4a4OfozY6vHbkWR+6SwQYeXm3022l5oIr0R9s16kn7KeLMt6AzCJ0SIMRJ2eIU
FW5LD7Bpft61GWauuXA+7kUENoSeDFutXFi17aXonaTTX6mO7b14F74FspcwLo2b
QPxpsmLutgGhMDQeuET7y+5gxcweDOujB7WgSsaYkZ2PvUYL0HHO16ec3FrnOvYC
izC4Sn/q/SnfnIsfwPerCWIDf4IOky3nFW2E6ZKdS6xsAkS2/8B2a0sJYH1jCC2L
/Q+56WhJaURRnXGTbgrTAJQmX9izNYrB59Xfy9YxS84inA/UcReQnPI0OmcO9nye
qS2N6SfOluuat8kjnjVt4E5KjMuDGUuVaYXUvFAQ8YwW+0pRBht3N/JMfEyv3C4R
S62vgehEJ335lK4Gx03Twqc9gxN7CIGfE1gDhFPadrbna4ur9PCAoGpR9XcOSHwV
6q4i1BKyyl9oiZHlwEI0b4lYAvmJ9GQFS388DYEZJRCzPdlY/sK75BHzoXIYKfH2
NhGkF+JSroOzUZeP/2Zah9AjokCgkBg3k9dI6IZqJHBIZs7MryP6+wdFUn64OXc2
kI9XbdB93Qgd6XhHF7s6
=a3Oh
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV1TPVYx+lLeg9Ub1AQjYPg/8DhJK5InfkaW+rpNkP4OMdE/kYnhSbFeM
cFVfLsIKqhhbKLjQbVIdETNIXVrqxustvajckkvpfhECAtIKK/f8+4OQc/zxzkI2
2jfDX/egX96qhFvJ/BmyIA3SXecM8CHBd3E81nlrwg6+X/tRlioeMAg784QECrQ2
OnlI33y2jzR9JYuxcLasqgdhAaP+ib+chre4CBTkzVikwWERw+JRgidvAFrPnLJ0
b5q778PbN0VD1r7B5XijsXhwK8usnB2SS+dHiCt6mDWy2+FirmumMdBTtvmQfmeu
ILPeWZy7Zg08xLYElbVPvr8iv/kxuZ5pPF6VZQ7VDFqex0/rB1pPKsHz67M6P3WG
cqv3/lTwBjStx8WxwmxwSlKgLyA5XIhpdAMxNfPZBJJJ4p1T0HTmVIjCQRLVc7oy
akRFk9Q7UizAkixKmWvIZrkhTBGBa7ClvploTcelcTt1np645BwOMQo4fk+NrPyz
oCx/dJuSEIf5s7xN1UaxwZWLIECrkfi1bfFyuDZjzkIGZfIdcsHbCFvdpH7n6nDl
yM1u+l5DG5Aj0PsYx5tE59UVGS0Zj62vLFXeazEehwYk1iecFHb/cqLX2Yoy3pD6
n9y5bkvOchxsKspvjw4GjUjX6QjAohetpZAniIKuWRZb7vkZFTc5Yldzkw2IX6RE
Z09cwaZ7lQc=
=oQcM
-----END PGP SIGNATURE-----