[ubuntu/xenial-updates] samba 2:4.3.11+dfsg-0ubuntu0.16.04.32 (Accepted)

[Ubuntu Archive Robot]

samba (2:4.3.11+dfsg-0ubuntu0.16.04.32) xenial-security; urgency=medium

  * SECURITY UPDATE: Missing handle permissions check in ChangeNotify
    - debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
      get set unless the directory handle is open for SEC_DIR_LIST in
      source4/torture/smb2/notify.c, source3/smbd/notify.c.
    - CVE-2020-14318
  * SECURITY UPDATE: Unprivileged user can crash winbind
    - debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
      source3/winbindd/winbindd_lookupsids.c,
      source4/torture/winbind/struct_based.c.
    - CVE-2020-14323
  * SECURITY UPDATE: DNS server crash via invalid records
    - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
      with NULL  and do not crash when additional data not found in
      source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
    - CVE-2020-14383

Date: 2020-10-28 12:00:18.631742+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.32
-------------- next part --------------
Sorry, changesfile not available.