enterprise-support team mailing list archive

Thread
Date

[Bug 1566348] Re: Patch the Badlock bug in the initial release of Ubuntu 16.04

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Thu, 14 Apr 2016 11:10:28 -0000
Reply-to: Bug 1566348 <1566348@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

FIxed by:

samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium

  * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
    - CVE-2015-5370: Multiple errors in DCE-RPC code
    - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
    - CVE-2016-2111: NETLOGON Spoofing Vulnerability
    - CVE-2016-2112: The LDAP client and server don't enforce integrity
      protection
    - CVE-2016-2113: Missing TLS certificate validation allows man in the
      middle attacks
    - CVE-2016-2114: "server signing = mandatory" not enforced
    - CVE-2016-2115: SMB client connections for IPC traffic are not
      integrity protected
    - CVE-2016-2118: SAMR and LSA man in the middle attacks possible
  * debian/patches/winbind_trusted_domains.patch: make sure domain members
    can talk to trusted domains DCs.

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Tue, 12 Apr 2016
07:26:29 -0400


** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5370

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2110

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2111

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2112

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2113

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2114

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2115

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2118

** Changed in: samba (Ubuntu)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1566348

Title:
  Patch the Badlock bug in the initial release of Ubuntu 16.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1566348/+subscriptions