[Bug 978458] Re: CVE-2012-1182: "root" credential remote code execution

[Tyler Hicks]

Thanks Jelmer! You've probably already noticed, but jdstrand has
sponsored it.

I was wondering if we could generate the PIDL generated code at build
time, but I decided against it for sake of making cherry-picking from
upstream stable branches easy in the future. Upstream has reran the PIDL
compiler and committed that as a change, so any new security backports
that they do will be based upon the regenerated code. It seems like it
would be in our best interest to follow what upstream did. Any thoughts?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/978458

Title:
  CVE-2012-1182: "root" credential remote code execution

Status in “samba” package in Ubuntu:
  In Progress
Status in “samba” source package in Lucid:
  In Progress
Status in “samba” source package in Natty:
  In Progress
Status in “samba” source package in Oneiric:
  In Progress
Status in “samba” source package in Precise:
  In Progress
Status in “samba” source package in Hardy:
  In Progress
Status in “samba” package in CentOS:
  Unknown
Status in “samba” package in Debian:
  New
Status in “samba” package in Fedora:
  Unknown

Bug description:
  CVE-2012-1182 was recently made public for a remote, unauthenticated,
  root code execution flaw in most samba versions 3.0+:

  https://www.samba.org/samba/security/CVE-2012-1182

  I believe Ubuntu's packages to be vulnerable.  As the CVE is already
  public and patches are in the wild, I am flagging this as a security
  vulnerability but will un-privatize it shortly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions