Ubuntu
samba package

  1. Bionic (18.04)
  2. Bug #1584485
  3. Comment #42

Comment 42 for bug 1584485

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:4.3.11+dfsg-0ubuntu0.14.04.4

---------------
samba (2:4.3.11+dfsg-0ubuntu0.14.04.4) trusty-security; urgency=medium

  * SECURITY UPDATE: remote code execution via heap overflow in NDR parsing
    - debian/patches/CVE-2016-2123.patch: check lengths in
      librpc/ndr/ndr_dnsp.c.
    - CVE-2016-2123
  * SECURITY UPDATE: unconditional privilege delegation to Kerberos servers
    - debian/patches/CVE-2016-2125.patch: don't use GSS_C_DELEG_FLAG in
      source4/scripting/bin/nsupdate-gss, source3/librpc/crypto/gse.c,
      source4/auth/gensec/gensec_gssapi.c.
    - CVE-2016-2125
  * SECURITY UPDATE: privilege elevation in Kerberos PAC validation
    - debian/patches/CVE-2016-2126.patch: only allow known checksum types
      in auth/kerberos/kerberos_pac.c.
    - CVE-2016-2126

 -- Marc Deslauriers <email address hidden> Mon, 12 Dec 2016 08:40:01 -0500