[ubuntu/precise-security] samba 2:3.6.3-2ubuntu2.13 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jan 5 18:26:09 UTC 2016


samba (2:3.6.3-2ubuntu2.13) precise-security; urgency=medium

  * SECURITY UPDATE: file-access restrictions bypass via symlink
    - debian/patches/CVE-2015-5252.patch: validate matching component in
      source3/smbd/vfs.c.
    - CVE-2015-5252
  * SECURITY UPDATE: man-in-the-middle attack via encrypted-to-unencrypted
    downgrade
    - debian/patches/CVE-2015-5296.patch: force signing in
      source3/libsmb/clidfs.c, source3/libsmb/libsmb_server.c.
    - CVE-2015-5296
  * SECURITY UPDATE: snapshot access via shadow copy directory
    - debian/patches/CVE-2015-5299.patch: fix missing access checks in
      source3/modules/vfs_shadow_copy2.c.
    - CVE-2015-5299
  * SECURITY UPDATE: information leak via incorrect string length handling
    - debian/patches/CVE-2015-5330.patch: fix string length handling in
      lib/util/charset/charset.h, lib/util/charset/codepoints.c,
      lib/util/charset/util_unistr.c, source3/lib/util_str.c.
    - CVE-2015-5330

Date: 2016-01-04 20:53:13.881345+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/samba/2:3.6.3-2ubuntu2.13
-------------- next part --------------
Sorry, changesfile not available.


More information about the Precise-changes mailing list