[ubuntu/groovy-proposed] samba 2:4.12.5+dfsg-3ubuntu4 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Sep 28 15:39:13 UTC 2020
samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium
* SECURITY UPDATE: Unauthenticated domain controller compromise by
subverting Netlogon cryptography (ZeroLogon)
- debian/patches/zerologon-*.patch: backport upstream patches:
+ For compatibility reasons, allow specifying an insecure netlogon
configuration per machine. See the following link for examples:
https://www.samba.org/samba/security/CVE-2020-1472.html
+ Add additional server checks for the protocol attack in the
client-specified challenge to provide some protection when
'server schannel = no/auto' and avoid the false-positive results
when running the proof-of-concept exploit.
- CVE-2020-1472
Date: Mon, 28 Sep 2020 09:46:49 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/samba/2:4.12.5+dfsg-3ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 28 Sep 2020 09:46:49 -0400
Source: samba
Architecture: source
Version: 2:4.12.5+dfsg-3ubuntu4
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium
.
* SECURITY UPDATE: Unauthenticated domain controller compromise by
subverting Netlogon cryptography (ZeroLogon)
- debian/patches/zerologon-*.patch: backport upstream patches:
+ For compatibility reasons, allow specifying an insecure netlogon
configuration per machine. See the following link for examples:
https://www.samba.org/samba/security/CVE-2020-1472.html
+ Add additional server checks for the protocol attack in the
client-specified challenge to provide some protection when
'server schannel = no/auto' and avoid the false-positive results
when running the proof-of-concept exploit.
- CVE-2020-1472
Checksums-Sha1:
03b9f27cd0c98f6177ecd95a903a7163fc1db4b9 4382 samba_4.12.5+dfsg-3ubuntu4.dsc
29b35c00beab3399a9c48900e30999ace5df0222 265392 samba_4.12.5+dfsg-3ubuntu4.debian.tar.xz
e3ab8d305f95006e202311af5878a0bc18258f7a 12119 samba_4.12.5+dfsg-3ubuntu4_source.buildinfo
Checksums-Sha256:
0679005811f9122ede88623a42cbdb0e697bf0ded8116d6c4f74811e0a90d327 4382 samba_4.12.5+dfsg-3ubuntu4.dsc
b1d1f6622aa6a73e39e4fcaa9a672399d111bebf430028c0b2d925c0c029b0be 265392 samba_4.12.5+dfsg-3ubuntu4.debian.tar.xz
03f0b8909794f1e30a248952f07e50709a00744f94fa8f3912983bdb2d289c70 12119 samba_4.12.5+dfsg-3ubuntu4_source.buildinfo
Files:
86a82f720b0ccd9b91a016d9bb0aa1e6 4382 net optional samba_4.12.5+dfsg-3ubuntu4.dsc
72ea0e9bc9a27eefb39c725ba5cc32a5 265392 net optional samba_4.12.5+dfsg-3ubuntu4.debian.tar.xz
42c2580fc09aaab086e4e3877bca1814 12119 net optional samba_4.12.5+dfsg-3ubuntu4_source.buildinfo
Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl9yAo8ACgkQZWnYVadE
vpPcWg//XFsBCfEDO2Q5Ru7+ISJqBfNNsvUqXglXufr2YgPUgRdzejsne/zIAVjz
heY2UAb5EZgzaoSwZiFTFaO2jcIyzQEJh0cLxvJVRLE3DxcFs4gSzJ/fWYNBum/s
LiG5BhDsLwBZFb4+K1SbOMvyEYZVtC3pEgNfPzCvROnd/YMvh5TrYmDnc6+ZyASt
q7UNTiQGIhZRhJjTW+m8zetazmXDhDIdsfgTNPE5ehogsASnwaeyPxHfKXdgLx7P
O5yxiAElB8O4ab/yfgA+8to2S054WfK7LCgvePXKPAa4vBjdwnBCzusbtMz4sqmf
D23iK9Kqt0PgMPuoFklMjXPIS8ri9Pt39gytgkl2L7Rk7bSb1QxBuWRiQ7Yn5V2q
faA3OxDjwVVQXskL1/re74zDUdQ0cOLefLbjNOlbQYg1Y9e4GZur48shjKsMR6ur
yLQYsjR/g3dqRC8in+bL56AwFtrVip2aeeFQO2kiJwgjE1RuTrpxAXZiQlj715BZ
xHtXOBbiHJCSRVc3hDo0HEKN2B9NVo00Bh9YQU1Gb98dgZ/J0YcfdGrYjsCrR38B
+S0djkmwq9VzlAYqcs3T14R6uM6pWTS6/HN8+YO4ca3lxnMx+gv4+8WYpnQH0Uez
9catj6BfeOABpvWf3LbdWAwUnxCjet0LU0P3ucjDJfVlp7Q8F70=
=jhCH
-----END PGP SIGNATURE-----
More information about the Groovy-changes
mailing list