Synopsis: Moderate: samba security and bug fix update Advisory ID: SLSA-2017:0662-1 Issue Date: 2017-03-21 CVE Numbers: CVE-2016-2125 CVE-2016-2126 -- Security Fix(es): * It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) * A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) -- SL6 x86_64 libsmbclient-3.6.23-41.el6.i686.rpm libsmbclient-3.6.23-41.el6.x86_64.rpm samba-client-3.6.23-41.el6.x86_64.rpm samba-common-3.6.23-41.el6.i686.rpm samba-common-3.6.23-41.el6.x86_64.rpm samba-debuginfo-3.6.23-41.el6.i686.rpm samba-debuginfo-3.6.23-41.el6.x86_64.rpm samba-winbind-3.6.23-41.el6.x86_64.rpm samba-winbind-clients-3.6.23-41.el6.i686.rpm samba-winbind-clients-3.6.23-41.el6.x86_64.rpm libsmbclient-devel-3.6.23-41.el6.i686.rpm libsmbclient-devel-3.6.23-41.el6.x86_64.rpm samba-3.6.23-41.el6.x86_64.rpm samba-doc-3.6.23-41.el6.x86_64.rpm samba-domainjoin-gui-3.6.23-41.el6.x86_64.rpm samba-glusterfs-3.6.23-41.el6.x86_64.rpm samba-swat-3.6.23-41.el6.x86_64.rpm samba-winbind-devel-3.6.23-41.el6.i686.rpm samba-winbind-devel-3.6.23-41.el6.x86_64.rpm samba-winbind-krb5-locator-3.6.23-41.el6.x86_64.rpm i386 libsmbclient-3.6.23-41.el6.i686.rpm samba-client-3.6.23-41.el6.i686.rpm samba-common-3.6.23-41.el6.i686.rpm samba-debuginfo-3.6.23-41.el6.i686.rpm samba-winbind-3.6.23-41.el6.i686.rpm samba-winbind-clients-3.6.23-41.el6.i686.rpm libsmbclient-devel-3.6.23-41.el6.i686.rpm samba-3.6.23-41.el6.i686.rpm samba-doc-3.6.23-41.el6.i686.rpm samba-domainjoin-gui-3.6.23-41.el6.i686.rpm samba-swat-3.6.23-41.el6.i686.rpm samba-winbind-devel-3.6.23-41.el6.i686.rpm samba-winbind-krb5-locator-3.6.23-41.el6.i686.rpm - Scientific Linux Development Team