[ubuntu/lucid-security] samba 2:3.4.7~dfsg-1ubuntu3.13 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Dec 11 13:00:54 UTC 2013
samba (2:3.4.7~dfsg-1ubuntu3.13) lucid-security; urgency=low
* SECURITY UPDATE: file restrictions bypass via alternate data streams
- debian/patches/CVE-2013-4475.patch: properly check base file access
in source3/smbd/open.c.
- CVE-2013-4475
* SECURITY UPDATE: pam_winbind access restriction bypass via invalid
group names
- debian/patches/CVE-2012-6150.patch: ensure valid groups in
nsswitch/pam_winbind.c.
- CVE-2012-6150
* SECURITY UPDATE: arbitrary code execution via incorrect DCE-RPC
fragment length field checking
- debian/patches/CVE-2013-4408.patch: apply massive upstream fix to
lib/async_req/async_sock.c, libcli/util/ntstatus.h,
source3/lib/netapi/{group,localgroup,user}.c,
source3/libnet/libnet_join.c, source3/libsmb/nterr.c,
source3/rpc_client/{cli_lsarpc,cli_pipe}.c,
source3/rpc_server/{srv_pipe,srv_pipe_hnd}.c,
source3/rpcclient/cmd_samr.c, source3/smbd/lanman.c,
source3/utils/{net_rpc,net_rpc_join}.c,
source3/winbindd/winbindd_rpc.c,
source4/libcli/util/{clilsa,nterr}.c,
source4/libnet/{groupinfo,groupman,libnet_join,libnet_lookup,
libnet_passwd,userinfo,userman}.c,
source4/librpc/rpc/{dcerpc,dcerpc_smb,dcerpc_smb2,dcerpc_sock}.c,
source4/winbind/wb_async_helpers.c.
- CVE-2013-4408
Date: 2013-12-09 21:47:16.901504+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/lucid/+source/samba/2:3.4.7~dfsg-1ubuntu3.13
-------------- next part --------------
Sorry, changesfile not available.
More information about the Lucid-changes
mailing list