Updated samba packages fix security vulnerabilities:

In Samba before 3.6.23, the SAMR server neglects to ensure that
attempted password changes will update the bad password count, and does
not set the lockout flags. This would allow a user unlimited attempts
against the password by simply calling ChangePasswordUser2 repeatedly.
This is available without any other authentication (CVE-2013-4496).

Information leak vulnerability in the VFS code, allowing an
authenticated user to retrieve eight bytes of uninitialized memory
when shadow copy is enabled (CVE-2014-0178).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable
to a denial of service on the nmbd NetBIOS name services daemon. A
malformed packet can cause the nmbd server to loop the CPU and prevent
any further NetBIOS ame service (CVE-2014-0244).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected
by a denial of service crash involving overwriting memory on an
authenticated connection to the smbd file server (CVE-2014-3493).

An uninitialized pointer use flaw was found in the Samba daemon
(smbd). A malicious Samba client could send specially crafted netlogon
packets that, when processed by smbd, could potentially lead to
arbitrary code execution with the privileges of the user running smbd
(by default, the root user) (CVE-2015-0240).