enterprise-support team mailing list archive
-
enterprise-support team
-
Mailing list archive
-
Message #05992
[Bug 1659707] Re: Please merge with Debian unstable 2:4.5.4+dfsg-1
This bug was fixed in the package samba - 2:4.5.4+dfsg-1ubuntu1
---------------
samba (2:4.5.4+dfsg-1ubuntu1) zesty; urgency=medium
* Merge from Debian unstable (LP: #1659707, LP: #1639962). Remaining
changes:
+ debian/VERSION.patch: Update vendor string to "Ubuntu".
+ debian/smb.conf;
- Add "(Samba, Ubuntu)" to server string.
- Comment out the default [homes] share, and add a comment about "valid users = %s"
to show users how to restrict access to \\server\username to only username.
+ debian/samba-common.config:
- Do not change prioritiy to high if dhclient3 is installed.
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debia/samb-common-bin.install: install hook.
+ d/p/krb_zero_cursor.patch - apply proposed-upstream fix for
pam_winbind krb5_ccache_type=FILE failure (LP #1310919)
+ debian/patches/winbind_trusted_domains.patch: make sure domain members
can talk to trusted domains DCs.
[ update patch based upon upstream discussion ]
+ d/p/fix-1584485.patch: Make libnss-winbind and libpam-winbind
to be statically linked fixes LP #1584485.
+ d/rules: Compile winbindd/winbindd statically.
* Drop:
- Delete debian/.gitignore
[ Previously undocumented ]
- debian/patches/git_smbclient_cpu.patch:
+ backport upstream patch to fix smbclient users hanging/eating cpu on
trying to contact a machine which is not there (lp #1572260)
[ Fixed upstream ]
- SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
+ debian/patches/CVE-2016-2123.patch: check lengths in
librpc/ndr/ndr_dnsp.c.
+ CVE-2016-2123
[ Fixed in Debian ]
- SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
+ debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
source4/auth/gensec/gensec_gssapi.c.
+ CVE-2016-2125
[ Fixed in Debian ]
- SECURITY UPDATE: privilege elevation in Kerberos PAC validation
+ debian/patches/CVE-2016-2126.patch: only allow known checksum types
in auth/kerberos/kerberos_pac.c.
+ CVE-2016-2126
[ Fixed in Debian ]
-- Nishanth Aravamudan <nish.aravamudan@xxxxxxxxxxxxx> Thu, 26 Jan
2017 17:20:15 -0800
** Changed in: samba (Ubuntu)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2123
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2125
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2126
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1659707
Title:
Please merge with Debian unstable 2:4.5.4+dfsg-1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1659707/+subscriptions
References