An update for samba is now available for Red Hat Enterprise Linux 5.6 Long Lifeand Red Hat Enterprise Linux 5.9 Long Life.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.[Updated 13 April 2016]This advisory previously incorrectly listed the CVE-2015-5370 issue as addressedby this update. However, this issue did not affect the samba packages on Red HatEnterprise Linux 5.6 and 5.9 Long Life. No changes have been made to thepackages.[Updated 14 April 2016]This advisory previously incorrectly listed the CVE-2016-2112 issue as addressedby this update. However, this issue did not affect the samba packages on Red HatEnterprise Linux 5.6 and 5.9 Long Life.

The CVE-2016-2115 was also incorrectlylisted as addressed by this update.

This issue does affect the samba packages onRed Hat Enterprise Linux 5.6 and 5.9 Long Life.

Customers are advised to use the”client signing = required” configuration option in the smb.conf file tomitigate CVE-2016-2115. No changes have been made to the packages.
Samba is an open-source implementation of the Server Message Block (SMB)protocol and the related Common Internet File System (CIFS) protocol, whichallow PC-compatible machines to share files, printers, and various information.Security Fix(es):* A protocol flaw, publicly referred to as Badlock, was found in the SecurityAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority(Domain Policy) Remote Protocol (MS-LSAD).

Any authenticated DCE/RPC connectionthat a client initiates against a server could be used by a man-in-the-middleattacker to impersonate the authenticated user against the SAMR or LSA serviceon the server.

As a result, the attacker would be able to get read/write accessto the Security Account Manager database, and use this to reveal all passwordsor any other potentially sensitive information in that database. (CVE-2016-2118)* Several flaws were found in Samba’s implementation of NTLMSSP authentication.An unauthenticated, man-in-the-middle attacker could use this flaw to clear theencryption and integrity flags of a connection, causing data to be transmittedin plain text.

The attacker could also force the client or server into sendingdata in plain text even if encryption was explicitly requested for thatconnection. (CVE-2016-2110)* It was discovered that Samba configured as a Domain Controller would establisha secure communication channel with a machine using a spoofed computer name.

Aremote attacker able to observe network traffic could use this flaw to obtainsession-related information about the spoofed machine. (CVE-2016-2111)Red Hat would like to thank the Samba project for reporting these issues.Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter ofCVE-2016-2118 and CVE-2016-2110.
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258After installing this update, the smb service will be restarted automatically.Red Hat Enterprise Linux Long Life (v. 5.6 server)

SRPMS:
samba-3.0.33-3.30.el5_6.src.rpm
    MD5: 44b4df2c50b0ff616965b87e64877115SHA-256: 683b4c6f7feffde5e1cc9a8f62af73b553c538792373e496f51131ec34101e0a
 
IA-32:
libsmbclient-3.0.33-3.30.el5_6.i386.rpm
    MD5: d401fe096fae49dd5712a15e8e67bab8SHA-256: 7a7e8c69ad188d57bd5a6d6faa20406a363e50b00acc704ebc0c7387d1197d48
libsmbclient-devel-3.0.33-3.30.el5_6.i386.rpm
    MD5: 5dda554a10b9a1478ab03d18b3f52c67SHA-256: ddaa4252e0f8a952a54dbdd69d6087fa644ebf08377c90d3e09774de7801cb89
samba-3.0.33-3.30.el5_6.i386.rpm
    MD5: b05771e9c164a8910a7a4a333a33a94eSHA-256: 32d053caf118e379a2f7b4a1261a81a97b3e94b539a4bc491ee105be276b4045
samba-client-3.0.33-3.30.el5_6.i386.rpm
    MD5: cc1630fea5f4f35170aa22e3d2837509SHA-256: f06f2ef5fc599be01580aebebb6c08f5c2659b25f8107bf2fd4ca6cf0113da22
samba-common-3.0.33-3.30.el5_6.i386.rpm
    MD5: 947078c4058a0aeb07a66d0c8e4e173cSHA-256: 7af4249d8efcd27da915c181764440b873494a4a7023934b5049062e0d83750a
samba-debuginfo-3.0.33-3.30.el5_6.i386.rpm
    MD5: 0eb0d36f7e180c9cf72a6f338f923e73SHA-256: 63cf8b3796479033b9d5f0ebd3e7b835b6939b26855031a8d93aa1ab6e1fbc29
samba-swat-3.0.33-3.30.el5_6.i386.rpm
    MD5: a9877f8f780c573f7f93e3f712900826SHA-256: 1073614d4f7ddb2d89f851f06072fcf116c45b694d3b17719f4a18ff0a3973df
 
IA-64:
libsmbclient-3.0.33-3.30.el5_6.ia64.rpm
    MD5: 0db8c2a5744140f4e5f594f804a150dfSHA-256: af4e5262ffff07e1e84be86b78b7352bc1a7c13a57fb392faeccf3a1390899dc
libsmbclient-devel-3.0.33-3.30.el5_6.ia64.rpm
    MD5: b09129745c165d991d5d113e8af0a9a4SHA-256: cabe4b04652957ef93b857ad423e38eb352b2d4e6c11c352f319993bfb892d8f
samba-3.0.33-3.30.el5_6.ia64.rpm
    MD5: 740b2f4edf8fe38e608c7b2d8b5d9cbeSHA-256: 4371e0fbb10e329c891a35d8ee44bd8843d5f59ba3c3fd169a4610dfefeadded
samba-client-3.0.33-3.30.el5_6.ia64.rpm
    MD5: cbf1190de5a4e02d68a27c7233d866caSHA-256: 5c38e062f914368deb2d2465f88fb5c92f7bc33cdb69873da9bc5faebaf3d1d1
samba-common-3.0.33-3.30.el5_6.ia64.rpm
    MD5: b9b9cc68de1e299440398128fc77ffc5SHA-256: 99f671c4273c49527f2c6cf8fba0d1a2e85ca629fcda63ca88737aed1a5dc2f1
samba-debuginfo-3.0.33-3.30.el5_6.ia64.rpm
    MD5: 3b8682d1f9cf01e6e2c63c31533765eeSHA-256: bdaaf3bd365dd519b81cefbfaa2419f848a8ffdc5cbd2431e6d29c0861883db1
samba-swat-3.0.33-3.30.el5_6.ia64.rpm
    MD5: 2b74d8b2a6fde30f289a5babbd5aa2acSHA-256: f4e8efcee940e5bff0d07ea24bd5af21d31a4c477f7b687575bcdb7c2eb78440
 
x86_64:
libsmbclient-3.0.33-3.30.el5_6.i386.rpm
    MD5: d401fe096fae49dd5712a15e8e67bab8SHA-256: 7a7e8c69ad188d57bd5a6d6faa20406a363e50b00acc704ebc0c7387d1197d48
libsmbclient-3.0.33-3.30.el5_6.x86_64.rpm
    MD5: 7cda737a363b412dd71b69c78afb1df2SHA-256: 1ee5614356e926f48f8a291a971ceb870283fc0f169b19bc17c50289f2c6ee9b
libsmbclient-devel-3.0.33-3.30.el5_6.i386.rpm
    MD5: 5dda554a10b9a1478ab03d18b3f52c67SHA-256: ddaa4252e0f8a952a54dbdd69d6087fa644ebf08377c90d3e09774de7801cb89
libsmbclient-devel-3.0.33-3.30.el5_6.x86_64.rpm
    MD5: a35688d17052b6c82b738672415a461eSHA-256: 6cc0b40146b2666e03ddcb4c66b4e2ec20b3765cc9267f28a6de720ba586282c
samba-3.0.33-3.30.el5_6.x86_64.rpm
    MD5: 05c2c437942c30e4c6958b8a97e2b166SHA-256: df3f150ac415b17997f6ffae661e27c4e461df1e27f9e1878ec96050d47e02de
samba-client-3.0.33-3.30.el5_6.x86_64.rpm
    MD5: a4df959dd1c0803201f04964d4118d05SHA-256: 5c32ce1245ca3091b2b7ee2f65f45a2635c22a84bbd4fbe0c345c305cde21e02
samba-common-3.0.33-3.30.el5_6.i386.rpm
    MD5: 947078c4058a0aeb07a66d0c8e4e173cSHA-256: 7af4249d8efcd27da915c181764440b873494a4a7023934b5049062e0d83750a
samba-common-3.0.33-3.30.el5_6.x86_64.rpm
    MD5: 62691408aa5b09a21358e3ae0513b2e9SHA-256: 059d127faaeb841cac4da148a31392195e0867ab14025b11a98c99dee2f37f78
samba-debuginfo-3.0.33-3.30.el5_6.i386.rpm
    MD5: 0eb0d36f7e180c9cf72a6f338f923e73SHA-256: 63cf8b3796479033b9d5f0ebd3e7b835b6939b26855031a8d93aa1ab6e1fbc29
samba-debuginfo-3.0.33-3.30.el5_6.x86_64.rpm
    MD5: abf1ae4115a6461f7c4eec20795a6227SHA-256: bf2df453c8eb09dfced8151aa6f2e7989669a97e057b7da93923472c8a5cd3fa
samba-swat-3.0.33-3.30.el5_6.x86_64.rpm
    MD5: 27bb04f7962c6525339aa95be10dc9ffSHA-256: 414a24ad2009c30d82c3c1635d8f93c85dae49a9b81b24427b42312cbbf62a11
 
Red Hat Enterprise Linux Long Life (v. 5.9 server)

SRPMS:
samba-3.0.33-3.40.el5_9.src.rpm
    MD5: c57574b35e0c15acbda09b0c1bdbd369SHA-256: 7cbb77133f2fcc7e0ea6fdc6a9997c528f45e78c8ba2c369e2081918a0681846
 
IA-32:
libsmbclient-3.0.33-3.40.el5_9.i386.rpm
    MD5: f9b31eb3221bf97db7451cc659bb58b0SHA-256: 4e461c591f784d33e6ff95bafccc4ebab82f7a55dc5383deccf706eda398a553
libsmbclient-devel-3.0.33-3.40.el5_9.i386.rpm
    MD5: 0823a541f3a3f9845d9494b2432fcbcbSHA-256: 4af0d9fb2cbfd4df2d8df512b51da45c706a9af482758c1e20d10bd195baf2d8
samba-3.0.33-3.40.el5_9.i386.rpm
    MD5: 1f4a457bb30bbe9a68289e5c6198f1e0SHA-256: 71461a262097e850a1ce0862300d86242ae79935901174a63368792f4537abd2
samba-client-3.0.33-3.40.el5_9.i386.rpm
    MD5: f381bd5a902b860629e6c5cd58f44235SHA-256: a99f036b21824e1a6dbec61fd380814c30c89058fb8e1f4ab6da29e635a120cb
samba-common-3.0.33-3.40.el5_9.i386.rpm
    MD5: 26f3a68812d461c575818c3d960d85f6SHA-256: 170b56f0fce26f4c66d1133096de1b32cd5e907352247b36ba783e2f5d613d72
samba-debuginfo-3.0.33-3.40.el5_9.i386.rpm
    MD5: f0493c821dda5a5f5db7edf882707649SHA-256: dceb1fcbb3f9b55a73a355a4f4696509100d76c45e1f718028ee6cd71fad259f
samba-swat-3.0.33-3.40.el5_9.i386.rpm
    MD5: a8ce6d76a45e1133831f2993883e3616SHA-256: c7a0603510434e1059be4cd4e6ddc27a1dc25aa6488668f081d6689939eb19c7
 
IA-64:
libsmbclient-3.0.33-3.40.el5_9.ia64.rpm
    MD5: e0efafcc264de4fcf004dcc8a135c86bSHA-256: e069fd80f43915271c38ee6cf03b9dd748622c3b78d366ff0a25924176c32dd4
libsmbclient-devel-3.0.33-3.40.el5_9.ia64.rpm
    MD5: 2b9f1219fef78d06b256a0c775091868SHA-256: 0c7ec642d4e5cf1ba770f663feb179ed77ccaca6c27e7a13db46788ab398cefe
samba-3.0.33-3.40.el5_9.ia64.rpm
    MD5: f4c756bc40aa46a0fac462df76306f9aSHA-256: 765d6b9966497f4ada4649018611f8785bcdbc2ba0611accfdefa05db30cd741
samba-client-3.0.33-3.40.el5_9.ia64.rpm
    MD5: 9918e99033593f30864b0897819bf397SHA-256: 2727e749cc1d0917c8f02abc6313ee6c2a2cdd42d46a30d9ffd5b156a6a3ec14
samba-common-3.0.33-3.40.el5_9.ia64.rpm
    MD5: d2197d9dc5eb94b68ffda8e387dc1bffSHA-256: a624e1a73dabb66906b990513ca4ba4f9f11950fddda66315b5b5c1680c53d67
samba-debuginfo-3.0.33-3.40.el5_9.ia64.rpm
    MD5: 9fb82d5566a6609c7dc82a969ed3e310SHA-256: 6816f45192cf40458b4f10f82ba4bbfd34a4333dda979b1b596c9a0a214c572e
samba-swat-3.0.33-3.40.el5_9.ia64.rpm
    MD5: d038e42caa5e64dcd5ff4970b6ab3253SHA-256: 17bcbccc24b1c632c89aab9057bae169f95ac7e1869aaca5b307fe56939bd214
 
x86_64:
libsmbclient-3.0.33-3.40.el5_9.i386.rpm
    MD5: f9b31eb3221bf97db7451cc659bb58b0SHA-256: 4e461c591f784d33e6ff95bafccc4ebab82f7a55dc5383deccf706eda398a553
libsmbclient-3.0.33-3.40.el5_9.x86_64.rpm
    MD5: eb1eaa4982a7eeeb75865ab92248d71aSHA-256: c250b0370e0a131e2d62056f74ab5c60bc7b08ef3a73eecc352f6d272f19be7a
libsmbclient-devel-3.0.33-3.40.el5_9.i386.rpm
    MD5: 0823a541f3a3f9845d9494b2432fcbcbSHA-256: 4af0d9fb2cbfd4df2d8df512b51da45c706a9af482758c1e20d10bd195baf2d8
libsmbclient-devel-3.0.33-3.40.el5_9.x86_64.rpm
    MD5: 25160442a22f7b20a7d670e2d58e8387SHA-256: 08f540ed6431c455e33e7401f2db91e79d9544e600ce78b3093270b6beeb0116
samba-3.0.33-3.40.el5_9.x86_64.rpm
    MD5: 66988d7845137edd8de593ed8fcd19a6SHA-256: 644700b1d85caa0ca642bd8583e7346e47649a6641db8a19163462f7affa152f
samba-client-3.0.33-3.40.el5_9.x86_64.rpm
    MD5: 8eda1e26fa2d676131a3c8b4ddb17da0SHA-256: 592ed88ed9b4fc2684d11e1d5197635f8169530337037cb74047a3deb23109fe
samba-common-3.0.33-3.40.el5_9.i386.rpm
    MD5: 26f3a68812d461c575818c3d960d85f6SHA-256: 170b56f0fce26f4c66d1133096de1b32cd5e907352247b36ba783e2f5d613d72
samba-common-3.0.33-3.40.el5_9.x86_64.rpm
    MD5: 6e9eebfa76283eaf5aa6b43e50ca7925SHA-256: cd367a9e43354d7dd88c520bd503eb5383f9104f38a2a6bde970da08edf037ee
samba-debuginfo-3.0.33-3.40.el5_9.i386.rpm
    MD5: f0493c821dda5a5f5db7edf882707649SHA-256: dceb1fcbb3f9b55a73a355a4f4696509100d76c45e1f718028ee6cd71fad259f
samba-debuginfo-3.0.33-3.40.el5_9.x86_64.rpm
    MD5: 69a92eaf6f1ca54716075c4fd186847eSHA-256: bed98fdd73093bb1478230288d7eb1ba9481a1a9a60d88cacc7544310b6a7234
samba-swat-3.0.33-3.40.el5_9.x86_64.rpm
    MD5: e0b7b742cedcc9109a8a92681e168175SHA-256: 78aa9866f8100946af2c6a67b135f820cfe4a32d8b8d617b0338d5677f0112f0
 
(The unlinked packages above are only available from the Red Hat Network)

1311893 – CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication1311902 – CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured1317990 – CVE-2016-2118 samba: SAMR and LSA man in the middle attacks

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: