Errata overview
Errata ID 374
Date 2015-12-16
Source package samba
Fixed in version 2:4.2.3-1.822.201512142149
This update addresses the following issues:
* In certain situations samba restart left samba in a non-functional state.
* When closing sessions the smbd server processes exited with a memory
  corruption error
* Samba may expose Windows DCs to MS15-096 Denial of service via the
  creation of multiple machine accounts. Pure Samba domains as in UCS
  are not affected directly (CVE-2015-2535)
* Malicious request can cause Samba LDAP server to hang consuming CPU time
* Insufficient symlink verification (file access outside of share)
* Samba client requesting encryption vulnerable to downgrade attack
* Missing access control check in the VFS shadow_copy2 module could allow
  unauthorized users to access snapshots (CVE-2015-5299)
* Remote read of uninitialized memory from Samba LDAP server (CVE-2015-5330)
Additional notes
CVE ID CVE-2015-2535
UCS Bug number #39217