group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1755059] Re: Samba [Bug 13272] [SECURITY] CVE-2018-1057

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1755059@xxxxxxxxxxxxxxxxxx>
Date: Mon, 19 Mar 2018 12:54:22 -0000
Reply-to: Bug 1755059 <1755059@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package samba - 2:4.7.6+dfsg~ubuntu-0ubuntu1

---------------
samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium

  * New upstream version:
    - Fix database corruption bug when upgrading from samba 4.6 or lower
      AD controllers (LP: #1755057)
    - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059)
  * Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
        anonymously
      + d/t/control, d/t/smbclient-authenticated-share-list: list available
        shares using an authenticated connection
      + d/t/control, d/t/smbclient-share-access: create a share and download a
        file from it
    - d/samba-common.dhcp: If systemctl is available, use it to query the
      status of the smbd service before trying to reload it. Otherwise,
      keep the same check as before and reload the service based on the
      existence of the initscript. (LP #1579597)
    - d/control, d/rules: Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247

 -- Andreas Hasenack <andreas@xxxxxxxxxxxxx>  Tue, 13 Mar 2018 16:58:49
-0300

** Changed in: samba (Ubuntu Bionic)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1050

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1057

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1755059

Title:
  Samba [Bug 13272] [SECURITY] CVE-2018-1057

Status in samba package in Ubuntu:
  Fix Released
Status in samba source package in Trusty:
  Fix Released
Status in samba source package in Xenial:
  Fix Released
Status in samba source package in Artful:
  Fix Released
Status in samba source package in Bionic:
  Fix Released

Bug description:
  Please ensure that Ubuntu includes the fixes for
  https://bugzilla.samba.org/show_bug.cgi?id=13272 urgently as soon as
  the embargo is lifted.  This is a serious issue.

  Ideally also ensure that for the 4.7 series in 18.04 that you pick up
  the new 4.7.6 tarball and so avoid shipping
  https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1755057 (rather
  than just applying the patch).

  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1755059/+subscriptions