samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium
* SECURITY UPDATE: Unauthenticated domain controller compromise by
subverting Netlogon cryptography (ZeroLogon)
- debian/patches/zerologon-*.patch: backport upstream patches:
+ For compatibility reasons, allow specifying an insecure netlogon
configuration per machine. See the following link for examples:
https://www.samba.org/samba/security/CVE-2020-1472.html
+ Add additional server checks for the protocol attack in the
client-specified challenge to provide some protection when
'server schannel = no/auto' and avoid the false-positive results
when running the proof-of-concept exploit.
- CVE-2020-1472
-- Marc Deslauriers <email address hidden> Mon, 28 Sep 2020 09:46:49 -0400