Ubuntu
samba package

samba security regression tracking bug

Bug #1577739 reported by Marc Deslauriers on 2016-05-03

280

This bug affects 5 people

	Status	Importance	Assigned to
samba (Ubuntu)	Fix Released	Undecided	Marc Deslauriers
Precise	Fix Released	Undecided	Marc Deslauriers
Trusty	Fix Released	Undecided	Marc Deslauriers
Wily	Fix Released	Undecided	Marc Deslauriers
Xenial	Fix Released	Undecided	Marc Deslauriers
Yakkety	Fix Released	Undecided	Marc Deslauriers

Bug Description

The samba fixes for badlock introduced a number of regressions.

This bug tracks the update to 4.3.9 and the further backported fixes into 3.6.

See original description

Marc Deslauriers (mdeslaur) on 2016-05-03

Changed in samba (Ubuntu Precise):
status:	New → Confirmed
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in samba (Ubuntu Trusty):
status:	New → Confirmed
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in samba (Ubuntu Wily):
status:	New → Confirmed
Changed in samba (Ubuntu Xenial):
status:	New → Confirmed
Changed in samba (Ubuntu Yakkety):
status:	New → Confirmed
Changed in samba (Ubuntu Wily):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in samba (Ubuntu Xenial):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in samba (Ubuntu Yakkety):
assignee:	nobody → Marc Deslauriers (mdeslaur)
description:	updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-05-04:

This bug was fixed in the package samba - 2:3.6.25-0ubuntu0.12.04.3

---------------
samba (2:3.6.25-0ubuntu0.12.04.3) precise-security; urgency=medium

  * SECURITY REGRESSION: Add additional backported commits to fix
    regressions in the previous security updates. (LP: #1577739)
    - debian/patches/security_trailer_regression.patch: fix a regression
      verifying the security trailer in source3/rpc_server/srv_pipe.c.
    - debian/patches/bug9669_regression.patch: fix a crash when running
      net rpc join against an older Samba PDC in
      source3/rpc_client/cli_pipe.c.
    - debian/patches/netlogon_credentials_regression.patch: fix updating
      netlogon credentials in source3/rpc_client/cli_pipe.c.
    - Thanks to Andreas Schneider for the additional backports to
      Samba 3.6!

-- Marc Deslauriers <email address hidden> Tue, 03 May 2016 12:51:09 -0400

Changed in samba (Ubuntu Precise):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-05-04:

This bug was fixed in the package samba - 2:4.3.9+dfsg-0ubuntu0.15.10.1

---------------
samba (2:4.3.9+dfsg-0ubuntu0.15.10.1) wily-security; urgency=medium

  * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
    the previous security updates. (LP: #1577739)
    - debian/control: bump tevent Build-Depends to 0.9.28.

-- Marc Deslauriers <email address hidden> Tue, 03 May 2016 09:55:17 -0400

Changed in samba (Ubuntu Wily):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-05-04:

This bug was fixed in the package samba - 2:4.3.9+dfsg-0ubuntu0.16.04.1

---------------
samba (2:4.3.9+dfsg-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
    the previous security updates. (LP: #1577739)
    - debian/control: bump tevent Build-Depends to 0.9.28.

-- Marc Deslauriers <email address hidden> Tue, 03 May 2016 07:48:23 -0400

Changed in samba (Ubuntu Xenial):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-05-04:

This bug was fixed in the package samba - 2:4.3.9+dfsg-0ubuntu0.14.04.1

---------------
samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
    the previous security updates. (LP: #1577739)
    - debian/control: bump tevent Build-Depends to 0.9.28.

-- Marc Deslauriers <email address hidden> Tue, 03 May 2016 09:58:20 -0400

Changed in samba (Ubuntu Trusty):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-05-27:

This bug was fixed in the package samba - 2:4.3.9+dfsg-0ubuntu1

---------------
samba (2:4.3.9+dfsg-0ubuntu1) yakkety; urgency=medium

  * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
    the previous security updates. (LP: #1577739)
    - debian/control: bump tevent Build-Depends to 0.9.28.
  * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
    - debian/patches/samba-bug11912.patch: let msrpc_parse() return
      talloc'ed empty strings in libcli/auth/msrpc_parse.c.
    - debian/patches/samba-bug11914.patch: make
      ntlm_auth_generate_session_info() more complete in
      source3/utils/ntlm_auth.c.

-- Marc Deslauriers <email address hidden> Wed, 25 May 2016 09:29:15 -0400

Changed in samba (Ubuntu Yakkety):
status:	Confirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntusamba package

samba security regression tracking bug

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
samba package