[ubuntu/artful-proposed] samba 2:4.6.7+dfsg-1ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Sep 21 14:28:19 UTC 2017


samba (2:4.6.7+dfsg-1ubuntu3) artful; urgency=medium

  * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
    they should
    - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username
      into a specified one in source3/include/auth_info.h,
      source3/lib/popt_common.c, source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
      source3/lib/util_cmdline.c.
    - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
      source3/libsmb/pylibsmb.c.
    - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to
      libgpo/gpo_fetch.c.
    - debian/patches/CVE-2017-12150-5.patch: add check for
      NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
    - debian/patches/CVE-2017-12150-6.patch: add
      smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
    - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if
      authentication was not requested in source3/libsmb/clidfs.c.
    - CVE-2017-12150
  * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
    redirects
    - debian/patches/CVE-2017-12151-1.patch: add
      cli_state_is_encryption_on() helper function to
      source3/libsmb/clientgen.c, source3/libsmb/proto.h.
    - debian/patches/CVE-2017-12151-2.patch: make use of
      cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
      source3/libsmb/libsmb_context.c.
    - CVE-2017-12151
  * SECURITY UPDATE: Server memory information leak over SMB1
    - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
      from writing server memory to file in source3/smbd/reply.c.
    - CVE-2017-12163

Date: Thu, 21 Sep 2017 08:10:03 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/samba/2:4.6.7+dfsg-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 21 Sep 2017 08:10:03 -0400
Source: samba
Binary: samba samba-libs samba-common samba-common-bin smbclient samba-testsuite registry-tools libparse-pidl-perl samba-dev python-samba samba-dsdb-modules samba-vfs-modules libsmbclient libsmbclient-dev winbind libpam-winbind libnss-winbind libwbclient0 libwbclient-dev ctdb
Architecture: source
Version: 2:4.6.7+dfsg-1ubuntu3
Distribution: artful
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 ctdb       - clustered database to store temporary data
 libnss-winbind - Samba nameservice integration plugins
 libpam-winbind - Windows domain authentication integration plugin
 libparse-pidl-perl - IDL compiler written in Perl
 libsmbclient - shared library for communication with SMB/CIFS servers
 libsmbclient-dev - development files for libsmbclient
 libwbclient-dev - Samba winbind client library - development files
 libwbclient0 - Samba winbind client library
 python-samba - Python bindings for Samba
 registry-tools - tools for viewing and manipulating the Windows registry
 samba      - SMB/CIFS file, print, and login server for Unix
 samba-common - common files used by both the Samba server and client
 samba-common-bin - Samba common files used by both the server and the client
 samba-dev  - tools for extending Samba
 samba-dsdb-modules - Samba Directory Services Database
 samba-libs - Samba core libraries
 samba-testsuite - test suite from Samba
 samba-vfs-modules - Samba Virtual FileSystem plugins
 smbclient  - command-line SMB/CIFS clients for Unix
 winbind    - service to resolve user and group information from Windows NT ser
Changes:
 samba (2:4.6.7+dfsg-1ubuntu3) artful; urgency=medium
 .
   * SECURITY UPDATE: SMB1/2/3 connections may not require signing where
     they should
     - debian/patches/CVE-2017-12150-1.patch: don't turn a guessed username
       into a specified one in source3/include/auth_info.h,
       source3/lib/popt_common.c, source3/lib/util_cmdline.c.
     - debian/patches/CVE-2017-12150-2.patch: add SMB_SIGNING_REQUIRED to
       source3/lib/util_cmdline.c.
     - debian/patches/CVE-2017-12150-3.patch: add SMB_SIGNING_REQUIRED to
       source3/libsmb/pylibsmb.c.
     - debian/patches/CVE-2017-12150-4.patch: add SMB_SIGNING_REQUIRED to
       libgpo/gpo_fetch.c.
     - debian/patches/CVE-2017-12150-5.patch: add check for
       NTLM_CCACHE/SIGN/SEAL to auth/credentials/credentials.c.
     - debian/patches/CVE-2017-12150-6.patch: add
       smbXcli_conn_signing_mandatory() to libcli/smb/smbXcli_base.*.
     - debian/patches/CVE-2017-12150-7.patch: only fallback to anonymous if
       authentication was not requested in source3/libsmb/clidfs.c.
     - CVE-2017-12150
   * SECURITY UPDATE: SMB3 connections don't keep encryption across DFS
     redirects
     - debian/patches/CVE-2017-12151-1.patch: add
       cli_state_is_encryption_on() helper function to
       source3/libsmb/clientgen.c, source3/libsmb/proto.h.
     - debian/patches/CVE-2017-12151-2.patch: make use of
       cli_state_is_encryption_on() in source3/libsmb/clidfs.c,
       source3/libsmb/libsmb_context.c.
     - CVE-2017-12151
   * SECURITY UPDATE: Server memory information leak over SMB1
     - debian/patches/CVE-2017-12163.patch: prevent client short SMB1 write
       from writing server memory to file in source3/smbd/reply.c.
     - CVE-2017-12163
Checksums-Sha1:
 aabdd40b492d5efd1b58f491f2c46c2fd79e4d61 4212 samba_4.6.7+dfsg-1ubuntu3.dsc
 116ebf8f80a6f6decccd43355c99952fcdb29ca0 235648 samba_4.6.7+dfsg-1ubuntu3.debian.tar.xz
 3e435d757f246fd696ac6dc0688210c7ab1eab10 11778 samba_4.6.7+dfsg-1ubuntu3_source.buildinfo
Checksums-Sha256:
 ddf1177d018ca48a08b620edee1cc82ea72647eef425977d08c0e836c4dad0da 4212 samba_4.6.7+dfsg-1ubuntu3.dsc
 48dbe623e1149c40c7ad8600022617ec9e465b19bad8175ef7ace99d320a7b03 235648 samba_4.6.7+dfsg-1ubuntu3.debian.tar.xz
 f4e503dd1134b5a8d7cc1e88371aed7ac4c3a5f7a9b02879e1757065f3a0ab34 11778 samba_4.6.7+dfsg-1ubuntu3_source.buildinfo
Files:
 1faf6f28dc655de5f92a9c1188c740c7 4212 net optional samba_4.6.7+dfsg-1ubuntu3.dsc
 0b1f9cd654c9c06937093608c626c28d 235648 net optional samba_4.6.7+dfsg-1ubuntu3.debian.tar.xz
 1f2d0c090ea45b451f8942daa2800c6f 11778 net optional samba_4.6.7+dfsg-1ubuntu3_source.buildinfo
Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJZw8tqAAoJEGVp2FWnRL6TM+4P/jBhsXcy5kCHQ62XsGf3bgs/
n/DYO6YaizR+wcik5V/2qAHOvLTmBDqQWoD9NrpPi6/co7XKX6IEJcYC4cq9EUbY
R1BYzigRvljTciyunZ2JNdpPSfXnSgEGb+zHlNmaascnn3eIHA2IZ4h2K4I/LEyC
llHU2IS5n7379MqKdbCg1xBrzJlbeAXreCbf+7zE1X/YkkWHLQ4HjYwD7A5jRdGx
pRxayzKCRikMKY5PSwvp2Q5s8BKzevHZR2PR6c7BIcjNnI0KuP7Fmat442O2gBcX
uRg/OdTYhEc0rfNCdWGIZ9BFkuSf98B5S0YpDhiOmKYb28yM0CKEbJOcsC3HBsUJ
UYERYHNq1E/e4shChF9NZs1h3qAWWism49nqPAw+1YWpayGivQO1PqyuFjmInjYl
BycXmPN2gjTY+aSy1KS0CPkcTnljCjr8h8DRyXLgjUZ1+w6U4KIn76RF2bJiXX2d
y2+IeKMfZngcacWdYlvpNsbgBQj0DBcjYctMtithlDf7LW9Gk2SyWO4GmTb9Qvh/
68DaVdk02qdCOAt0XFMcOsZ2mTbS6XmQrh5BSjr3bo3jy89j7RIuy2iPjnvdilyQ
phizXz5gU3jcLlEw48ndx5XwV2IaNPWv03Z5AsuqHSeIGXFNOKvT8IbeWOK2eR9m
7F2DUaiPyt4p3EgQlBo8
=uyqU
-----END PGP SIGNATURE-----


More information about the Artful-changes mailing list