samba security regression tracking bug

Bug #1577739 reported by Marc Deslauriers on 2016-05-03
280
This bug affects 5 people
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Undecided
Marc Deslauriers
Precise
Undecided
Marc Deslauriers
Trusty
Undecided
Marc Deslauriers
Wily
Undecided
Marc Deslauriers
Xenial
Undecided
Marc Deslauriers
Yakkety
Undecided
Marc Deslauriers

Bug Description

The samba fixes for badlock introduced a number of regressions.

This bug tracks the update to 4.3.9 and the further backported fixes into 3.6.

Changed in samba (Ubuntu Precise):
status: New → Confirmed
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in samba (Ubuntu Trusty):
status: New → Confirmed
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in samba (Ubuntu Wily):
status: New → Confirmed
Changed in samba (Ubuntu Xenial):
status: New → Confirmed
Changed in samba (Ubuntu Yakkety):
status: New → Confirmed
Changed in samba (Ubuntu Wily):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in samba (Ubuntu Xenial):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in samba (Ubuntu Yakkety):
assignee: nobody → Marc Deslauriers (mdeslaur)
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:3.6.25-0ubuntu0.12.04.3

---------------
samba (2:3.6.25-0ubuntu0.12.04.3) precise-security; urgency=medium

  * SECURITY REGRESSION: Add additional backported commits to fix
    regressions in the previous security updates. (LP: #1577739)
    - debian/patches/security_trailer_regression.patch: fix a regression
      verifying the security trailer in source3/rpc_server/srv_pipe.c.
    - debian/patches/bug9669_regression.patch: fix a crash when running
      net rpc join against an older Samba PDC in
      source3/rpc_client/cli_pipe.c.
    - debian/patches/netlogon_credentials_regression.patch: fix updating
      netlogon credentials in source3/rpc_client/cli_pipe.c.
    - Thanks to Andreas Schneider for the additional backports to
      Samba 3.6!

 -- Marc Deslauriers <email address hidden> Tue, 03 May 2016 12:51:09 -0400

Changed in samba (Ubuntu Precise):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:4.3.9+dfsg-0ubuntu0.15.10.1

---------------
samba (2:4.3.9+dfsg-0ubuntu0.15.10.1) wily-security; urgency=medium

  * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
    the previous security updates. (LP: #1577739)
    - debian/control: bump tevent Build-Depends to 0.9.28.

 -- Marc Deslauriers <email address hidden> Tue, 03 May 2016 09:55:17 -0400

Changed in samba (Ubuntu Wily):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:4.3.9+dfsg-0ubuntu0.16.04.1

---------------
samba (2:4.3.9+dfsg-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
    the previous security updates. (LP: #1577739)
    - debian/control: bump tevent Build-Depends to 0.9.28.

 -- Marc Deslauriers <email address hidden> Tue, 03 May 2016 07:48:23 -0400

Changed in samba (Ubuntu Xenial):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:4.3.9+dfsg-0ubuntu0.14.04.1

---------------
samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
    the previous security updates. (LP: #1577739)
    - debian/control: bump tevent Build-Depends to 0.9.28.

 -- Marc Deslauriers <email address hidden> Tue, 03 May 2016 09:58:20 -0400

Changed in samba (Ubuntu Trusty):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:4.3.9+dfsg-0ubuntu1

---------------
samba (2:4.3.9+dfsg-0ubuntu1) yakkety; urgency=medium

  * SECURITY REGRESSION: Updated to 4.3.9 to fix multiple regressions in
    the previous security updates. (LP: #1577739)
    - debian/control: bump tevent Build-Depends to 0.9.28.
  * SECURITY REGRESSION: NTLM authentication issues (LP: #1578576)
    - debian/patches/samba-bug11912.patch: let msrpc_parse() return
      talloc'ed empty strings in libcli/auth/msrpc_parse.c.
    - debian/patches/samba-bug11914.patch: make
      ntlm_auth_generate_session_info() more complete in
      source3/utils/ntlm_auth.c.

 -- Marc Deslauriers <email address hidden> Wed, 25 May 2016 09:29:15 -0400

Changed in samba (Ubuntu Yakkety):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers