Launchpad.net

CVE 2016-2112

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.

Related bugs and status

CVE-2016-2112 (Candidate) is related to these bugs:

Bug #1566348: Patch the Badlock bug in the initial release of Ubuntu 16.04

Summary				In	Importance	Status
	1566348	Patch the Badlock bug in the initial release of Ubuntu 16.04		samba (Ubuntu)	High	Fix Released

Bug #1984073: autofs: regression on focal->jammy upgrade: SASL binds to Samba AD broken

		In	Importance	Status
1984073	autofs: regression on focal->jammy upgrade: SASL binds to Samba AD broken	autofs (Ubuntu)	High	Fix Released
1984073	autofs: regression on focal->jammy upgrade: SASL binds to Samba AD broken	autofs (Ubuntu Jammy)	Undecided	Opinion
1984073	autofs: regression on focal->jammy upgrade: SASL binds to Samba AD broken	autofs (Ubuntu Kinetic)	Undecided	Opinion
1984073	autofs: regression on focal->jammy upgrade: SASL binds to Samba AD broken	autofs (Ubuntu Lunar)	Undecided	Opinion

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-2112

Related bugs and status

Related bugs

References