[ubuntu/groovy-proposed] samba 2:4.12.5+dfsg-3ubuntu4 (Accepted)

[Marc Deslauriers]

samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium

  * SECURITY UPDATE: Unauthenticated domain controller compromise by
    subverting Netlogon cryptography (ZeroLogon)
    - debian/patches/zerologon-*.patch: backport upstream patches:
      + For compatibility reasons, allow specifying an insecure netlogon
        configuration per machine. See the following link for examples:
        https://www.samba.org/samba/security/CVE-2020-1472.html
      + Add additional server checks for the protocol attack in the
        client-specified challenge to provide some protection when
        'server schannel = no/auto' and avoid the false-positive results
        when running the proof-of-concept exploit.
    - CVE-2020-1472

Date: Mon, 28 Sep 2020 09:46:49 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/samba/2:4.12.5+dfsg-3ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 28 Sep 2020 09:46:49 -0400
Source: samba
Architecture: source
Version: 2:4.12.5+dfsg-3ubuntu4
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 samba (2:4.12.5+dfsg-3ubuntu4) groovy; urgency=medium
 .
   * SECURITY UPDATE: Unauthenticated domain controller compromise by
     subverting Netlogon cryptography (ZeroLogon)
     - debian/patches/zerologon-*.patch: backport upstream patches:
       + For compatibility reasons, allow specifying an insecure netlogon
         configuration per machine. See the following link for examples:
         https://www.samba.org/samba/security/CVE-2020-1472.html
       + Add additional server checks for the protocol attack in the
         client-specified challenge to provide some protection when
         'server schannel = no/auto' and avoid the false-positive results
         when running the proof-of-concept exploit.
     - CVE-2020-1472
Checksums-Sha1:
 03b9f27cd0c98f6177ecd95a903a7163fc1db4b9 4382 samba_4.12.5+dfsg-3ubuntu4.dsc
 29b35c00beab3399a9c48900e30999ace5df0222 265392 samba_4.12.5+dfsg-3ubuntu4.debian.tar.xz
 e3ab8d305f95006e202311af5878a0bc18258f7a 12119 samba_4.12.5+dfsg-3ubuntu4_source.buildinfo
Checksums-Sha256:
 0679005811f9122ede88623a42cbdb0e697bf0ded8116d6c4f74811e0a90d327 4382 samba_4.12.5+dfsg-3ubuntu4.dsc
 b1d1f6622aa6a73e39e4fcaa9a672399d111bebf430028c0b2d925c0c029b0be 265392 samba_4.12.5+dfsg-3ubuntu4.debian.tar.xz
 03f0b8909794f1e30a248952f07e50709a00744f94fa8f3912983bdb2d289c70 12119 samba_4.12.5+dfsg-3ubuntu4_source.buildinfo
Files:
 86a82f720b0ccd9b91a016d9bb0aa1e6 4382 net optional samba_4.12.5+dfsg-3ubuntu4.dsc
 72ea0e9bc9a27eefb39c725ba5cc32a5 265392 net optional samba_4.12.5+dfsg-3ubuntu4.debian.tar.xz
 42c2580fc09aaab086e4e3877bca1814 12119 net optional samba_4.12.5+dfsg-3ubuntu4_source.buildinfo
Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl9yAo8ACgkQZWnYVadE
vpPcWg//XFsBCfEDO2Q5Ru7+ISJqBfNNsvUqXglXufr2YgPUgRdzejsne/zIAVjz
heY2UAb5EZgzaoSwZiFTFaO2jcIyzQEJh0cLxvJVRLE3DxcFs4gSzJ/fWYNBum/s
LiG5BhDsLwBZFb4+K1SbOMvyEYZVtC3pEgNfPzCvROnd/YMvh5TrYmDnc6+ZyASt
q7UNTiQGIhZRhJjTW+m8zetazmXDhDIdsfgTNPE5ehogsASnwaeyPxHfKXdgLx7P
O5yxiAElB8O4ab/yfgA+8to2S054WfK7LCgvePXKPAa4vBjdwnBCzusbtMz4sqmf
D23iK9Kqt0PgMPuoFklMjXPIS8ri9Pt39gytgkl2L7Rk7bSb1QxBuWRiQ7Yn5V2q
faA3OxDjwVVQXskL1/re74zDUdQ0cOLefLbjNOlbQYg1Y9e4GZur48shjKsMR6ur
yLQYsjR/g3dqRC8in+bL56AwFtrVip2aeeFQO2kiJwgjE1RuTrpxAXZiQlj715BZ
xHtXOBbiHJCSRVc3hDo0HEKN2B9NVo00Bh9YQU1Gb98dgZ/J0YcfdGrYjsCrR38B
+S0djkmwq9VzlAYqcs3T14R6uM6pWTS6/HN8+YO4ca3lxnMx+gv4+8WYpnQH0Uez
9catj6BfeOABpvWf3LbdWAwUnxCjet0LU0P3ucjDJfVlp7Q8F70=
=jhCH
-----END PGP SIGNATURE-----