[ubuntu/trusty-security] samba 2:4.3.8+dfsg-0ubuntu0.14.04.2 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Apr 18 11:52:01 UTC 2016

samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
    - CVE-2015-5370: Multiple errors in DCE-RPC code
    - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
    - CVE-2016-2111: NETLOGON Spoofing Vulnerability
    - CVE-2016-2112: The LDAP client and server don't enforce integrity
    - CVE-2016-2113: Missing TLS certificate validation allows man in the
      middle attacks
    - CVE-2016-2114: "server signing = mandatory" not enforced
    - CVE-2016-2115: SMB client connections for IPC traffic are not
      integrity protected
    - CVE-2016-2118: SAMR and LSA man in the middle attacks possible
  * Backported most packaging changes from (2:4.3.6+dfsg-1ubuntu1) in
    Ubuntu 16.04 LTS, except for the following:
    - Don't remove samba-doc package
    - Don't remove libpam-smbpass package
    - Don't remove libsmbsharemodes0 and libsmbsharemodes-dev packages
    - Don't build with dh-systemd
    - Don't build ctdb and cluster support
    - Restore recommends for the separate libnss-winbind and libpam-winbind
    - Use correct epoch for ldb
    - Don't remove samba init script in postinst
  * debian/patches/fix_pam_smbpass.patch: fix double free in pam_smbpass.
  * debian/patches/winbind_trusted_domains.patch: make sure domain members
    can talk to trusted domains DCs.

Date: 2016-04-12 12:17:14.143790+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list