Please merge with Debian unstable 2:4.5.4+dfsg-1
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
Fix Released
|
High
|
Nish Aravamudan |
Bug Description
samba (2:4.5.
* Merge from Debian unstable (LP: #, LP: #). Remaining changes:
+ debian/
+ debian/smb.conf;
- Add "(Samba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s"
to show users how to restrict access to \\server\username to only username.
+ debian/
- Do not change prioritiy to high if dhclient3 is installed.
+ Add apport hook:
- Created debian/
- debian/rules, debia/samb-
+ d/p/krb_
pam_winbind krb5_ccache_
+ debian/
can talk to trusted domains DCs.
[ update patch based upon upstream discussion ]
+ d/p/fix-
to be statically linked fixes LP #1584485.
+ d/rules: Compile winbindd/winbindd statically.
* Drop:
- Delete debian/.gitignore
[ Previously undocumented ]
- debian/
+ backport upstream patch to fix smbclient users hanging/eating cpu on
trying to contact a machine which is not there (lp #1572260)
[ Fixed upstream ]
- SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
+ debian/
+ CVE-2016-2123
[ Fixed in Debian ]
- SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
+ debian/
+ CVE-2016-2125
[ Fixed in Debian ]
- SECURITY UPDATE: privilege elevation in Kerberos PAC validation
+ debian/
in auth/kerberos/
+ CVE-2016-2126
[ Fixed in Debian ]
-- Nishanth Aravamudan <email address hidden> Thu, 26 Jan 2017 17:20:15 -0800
Changed in samba (Ubuntu): | |
importance: | Undecided → High |
assignee: | nobody → Nish Aravamudan (nacc) |
status: | New → In Progress |
This bug was fixed in the package samba - 2:4.5.4+ dfsg-1ubuntu1
--------------- 4+dfsg- 1ubuntu1) zesty; urgency=medium
samba (2:4.5.
* Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining VERSION. patch: Update vendor string to "Ubuntu". samba-common. config: source_ samba.py. common- bin.install: install hook. zero_cursor. patch - apply proposed-upstream fix for type=FILE failure (LP #1310919) patches/ winbind_ trusted_ domains. patch: make sure domain members 1584485. patch: Make libnss-winbind and libpam-winbind patches/ git_smbclient_ cpu.patch: patches/ CVE-2016- 2123.patch: check lengths in
librpc/ ndr/ndr_ dnsp.c. patches/ CVE-2016- 2125.patch: don't use GSS_C_DELEG_FLAG in
source4/ scripting/ bin/nsupdate- gss, source3/ librpc/ crypto/ gse.c,
source4/ auth/gensec/ gensec_ gssapi. c. patches/ CVE-2016- 2126.patch: only allow known checksum types kerberos_ pac.c.
changes:
+ debian/
+ debian/smb.conf;
- Add "(Samba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s"
to show users how to restrict access to \\server\username to only username.
+ debian/
- Do not change prioritiy to high if dhclient3 is installed.
+ Add apport hook:
- Created debian/
- debian/rules, debia/samb-
+ d/p/krb_
pam_winbind krb5_ccache_
+ debian/
can talk to trusted domains DCs.
[ update patch based upon upstream discussion ]
+ d/p/fix-
to be statically linked fixes LP #1584485.
+ d/rules: Compile winbindd/winbindd statically.
* Drop:
- Delete debian/.gitignore
[ Previously undocumented ]
- debian/
+ backport upstream patch to fix smbclient users hanging/eating cpu on
trying to contact a machine which is not there (lp #1572260)
[ Fixed upstream ]
- SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
+ debian/
+ CVE-2016-2123
[ Fixed in Debian ]
- SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
+ debian/
+ CVE-2016-2125
[ Fixed in Debian ]
- SECURITY UPDATE: privilege elevation in Kerberos PAC validation
+ debian/
in auth/kerberos/
+ CVE-2016-2126
[ Fixed in Debian ]
-- Nishanth Aravamudan <email address hidden> Thu, 26 Jan 2017 17:20:15 -0800