A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
www.securityfocus.com/bid/100917
www.securitytracker.com/id/1039401
access.redhat.com/errata/RHSA-2017:2790
access.redhat.com/errata/RHSA-2017:2858
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151
security.netapp.com/advisory/ntap-20170921-0001/
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us
www.debian.org/security/2017/dsa-3983
www.samba.org/samba/security/CVE-2017-12151.html