samba is vulnerable to spoofing and impersonation. It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
rhn.redhat.com/errata/RHSA-2017-0494.html
rhn.redhat.com/errata/RHSA-2017-0495.html
rhn.redhat.com/errata/RHSA-2017-0662.html
rhn.redhat.com/errata/RHSA-2017-0744.html
www.securityfocus.com/bid/94988
www.securitytracker.com/id/1037494
access.redhat.com/errata/RHSA-2017:0495
access.redhat.com/errata/RHSA-2017:1265
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1290514
bugzilla.redhat.com/show_bug.cgi?id=1379591
bugzilla.redhat.com/show_bug.cgi?id=1382287
bugzilla.redhat.com/show_bug.cgi?id=1386227
bugzilla.redhat.com/show_bug.cgi?id=1386230
bugzilla.redhat.com/show_bug.cgi?id=1400948
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125
www.samba.org/samba/security/CVE-2016-2125.html