{"affected":[{"ecosystem_specific":{"binaries":[{"ldapsmb":"1.34b-56.1","libldb1":"3.6.3-56.1","libsmbclient0":"3.6.3-56.1","libsmbclient0-32bit":"3.6.3-56.1","libtalloc2":"3.6.3-56.1","libtalloc2-32bit":"3.6.3-56.1","libtdb1":"3.6.3-56.1","libtdb1-32bit":"3.6.3-56.1","libtevent0":"3.6.3-56.1","libtevent0-32bit":"3.6.3-56.1","libwbclient0":"3.6.3-56.1","libwbclient0-32bit":"3.6.3-56.1","samba":"3.6.3-56.1","samba-32bit":"3.6.3-56.1","samba-client":"3.6.3-56.1","samba-client-32bit":"3.6.3-56.1","samba-doc":"3.6.3-56.1","samba-krb-printing":"3.6.3-56.1","samba-winbind":"3.6.3-56.1","samba-winbind-32bit":"3.6.3-56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP2-LTSS","name":"samba","purl":"pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.6.3-56.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ldapsmb":"1.34b-56.1","libldb1":"3.6.3-56.1","libsmbclient0":"3.6.3-56.1","libsmbclient0-32bit":"3.6.3-56.1","libtalloc2":"3.6.3-56.1","libtalloc2-32bit":"3.6.3-56.1","libtdb1":"3.6.3-56.1","libtdb1-32bit":"3.6.3-56.1","libtevent0":"3.6.3-56.1","libtevent0-32bit":"3.6.3-56.1","libwbclient0":"3.6.3-56.1","libwbclient0-32bit":"3.6.3-56.1","samba":"3.6.3-56.1","samba-32bit":"3.6.3-56.1","samba-client":"3.6.3-56.1","samba-client-32bit":"3.6.3-56.1","samba-doc":"3.6.3-56.1","samba-krb-printing":"3.6.3-56.1","samba-winbind":"3.6.3-56.1","samba-winbind-32bit":"3.6.3-56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP2-LTSS","name":"samba-doc","purl":"pkg:rpm/suse/samba-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.6.3-56.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update for samba provides the following fixes:\n\nSecurity issues fixed:\n\n- CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441)\n- CVE-2016-2126: Prevent denial of service due to a client triggered crash in the winbindd\n  parent process. (bsc#1014442)\n\nNon security issues fixed:\n\n- Allow SESSION KEY setup without signing. (bsc#1009711)\n- Fix crash bug in tevent_queue_immediate_trigger(). (bsc#1003731)\n- Don't fail when using default domain with user@domain.com format. (bsc#997833)\n- Prevent core, make sure response->extra_data.data is always cleared out. (bsc#993692)\n- Honor smb.conf socket options in winbind. (bsc#975131)\n- Fix crash with net rpc join. (bsc#978898)\n- Fix a regression verifying the security trailer. (bsc#978898)\n- Fix updating netlogon credentials. (bsc#978898)\n","id":"SUSE-SU-2016:3300-1","modified":"2016-12-29T19:46:53Z","published":"2016-12-29T19:46:53Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20163300-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1003731"},{"type":"REPORT","url":"https://bugzilla.suse.com/1009711"},{"type":"REPORT","url":"https://bugzilla.suse.com/1014441"},{"type":"REPORT","url":"https://bugzilla.suse.com/1014442"},{"type":"REPORT","url":"https://bugzilla.suse.com/975131"},{"type":"REPORT","url":"https://bugzilla.suse.com/978898"},{"type":"REPORT","url":"https://bugzilla.suse.com/993692"},{"type":"REPORT","url":"https://bugzilla.suse.com/997833"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2125"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2126"}],"related":["CVE-2016-2125","CVE-2016-2126"],"summary":"Security update for samba","upstream":["CVE-2016-2125","CVE-2016-2126"]}