Security Updates（DSA-3548-1 &DSA-3549-1 &DSA-3550-1）

The security updates of samba, chromium-browser and openssh.

Vulnerability Information

DSA-3548-1 samba— Security Update

Security database details:

• CVE-2015-5370: Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial of service (crashes and high cpu consumption) and man-in-the-middle attacks.
• CVE-2016-2110: Stefan Metzmacher of SerNet and the Samba Team discovered that the feature negotiation of NTLMSSP does not protect against downgrade attacks.
• CVE-2016-2111: When Samba is configured as domain controller, it allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information. This flaw corresponds to the same vulnerability as CVE-2015-0005 for Windows, discovered by Alberto Solino from Core Security.
• CVE-2016-2112: Stefan Metzmacher of SerNet and the Samba Team discovered that a man-in-the-middle attacker can downgrade LDAP connections to avoid integrity protection.
• CVE-2016-2113: Stefan Metzmacher of SerNet and the Samba Team discovered that man-in-the-middle attacks are possible for client triggered LDAP connections and ncacn_http connections.
• CVE-2016-2114: Stefan Metzmacher of SerNet and the Samba Team discovered that Samba does not enforce required smb signing even if explicitly configured.
• CVE-2016-2115: Stefan Metzmacher of SerNet and the Samba Team discovered that SMB connections for IPC traffic are not integrity-protected.
• CVE-2016-2118: Stefan Metzmacher of SerNet and the Samba Team discovered that a man-in-the-middle attacker can intercept any DCERPC traffic between a client and a server in order to impersonate the client and obtain the same privileges as the authenticated user account.

DSA-3549-1 chromium-browser— Security Update

Security database details:

• CVE-2016-1651: An out-of-bounds read issue was discovered in the pdfium library.
• CVE-2016-1652: A cross-site scripting issue was discovered in extension bindings.
• CVE-2016-1653: Choongwoo Han discovered an out-of-bounds write issue in the v8 javascript library.
• CVE-2016-1654: Atte Kettunen discovered an uninitialized memory read condition.
• CVE-2016-1655: Rob Wu discovered a use-after-free issue related to extensions.
• CVE-2016-1657: Luan Herrera discovered a way to spoof URLs.
• CVE-2016-1658: Antonio Sanso discovered an information leak related to extensions.
• CVE-2016-1659: The chrome development team found and fixed various issues during internal auditing.

DSA-3550-1 openssh— Security Update

Security database details:

• CVE-2015-8325: Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is enabled and the sshd PAM configuration is configured to read userspecified environment variables and the UseLogin option is enabled, a local user may escalate her privileges to root.

Fixing Status

samba security vulnerabilities have been fixed in version 2:4.3.7+dfsg-1; chromium-browser security vulnerabilities have been fixed in version 50.0.2661.75-1; openssh security vulnerabilities have been fixed in version 1:7.2p2-3.

We recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.