Created by James Westby on 2010-02-19 and last modified on 2011-02-24
Get this branch:
bzr branch lp:ubuntu/dapper-security/samba
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

27. By Marc Deslauriers on 2011-02-24

* SECURITY UPDATE: denial of service via missing range checks on file
  - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous
    file descriptors.
  - CVE-2011-0719

26. By Marc Deslauriers on 2010-09-09

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via large number of SID sub authorities
  - debian/patches/security-CVE-2010-3069.patch: limit number of SID
    sub authorities in source3/lib/util_sid.c, source/libads/ldap.c,
    source/libsmb/cliquota.c, source/smbd/nttrans.c.
  - CVE-2010-3069

25. By Kees Cook on 2010-06-14

* SECURITY UPDATE: arbitrary remote code execution.
  - debian/patches/security-CVE-2010-2063.patch: upstream fixes.

24. By Marc Deslauriers on 2010-03-18

* SECURITY UPDATE: arbitrary file disclosure via wide links
  - debian/patches/security-CVE-2010-0926.patch: disable wide links when
    UNIX extensions are enabled in source/param/loadparm.c,
    source/smbd/service.c, source/smbd/trans2.c, source/smbd/vfs.c,
    docs/htmldocs/manpages/smb.conf.5.html, docs/manpages/smb.conf.5.
  - CVE-2010-0926
* WARNING: This changes the default samba behaviour. For security
  reasons, it is no longer possible to use wide links and UNIX
  extensions at the same time. After applying this security update, wide
  links will be disabled automatically as UNIX extensions are turned on
  by default. If wide links are required, you may re-enable them by
  adding "unix extensions = no" to the [global] section of
  the /etc/samba/smb.conf configuration file.

23. By Marc Deslauriers on 2010-01-26

* SECURITY UPDATE: privilege escalation via mount.cifs race
  - debian/patches/security-CVE-2009-3297.patch: validate mount point and
    perform mount in "." to prevent race in source/client/mount.cifs.c.
  - CVE-2009-3297

22. By Marc Deslauriers on 2009-10-01

* SECURITY UPDATE: whole filesystem share via user with no home directory
  - debian/patches/security-CVE-2009-2813.patch: make sure home directory
    is set in source/param/loadparm.c, source/smbd/service.c.
  - CVE-2009-2813
* SECURITY UPDATE: credentials file disclosure and unauthorized usage via
  setuid mount.cifs
  - debian/patches/security-CVE-2009-2948.patch: don't open credentials
    file if user doesn't have permission, and don't print password when
    using verbose option in source/client/mount.cifs.c.
  - CVE-2009-2948
* SECURITY UPDATE: denial of service via unexpected oplock break
  notification reply
  - debian/patches/security-CVE-2009-2906.patch: track messages already
    processed in source/include/smb.h, source/smbd/process.c.
  - CVE-2009-2906

21. By Jamie Strandboge on 2008-06-28

* RELIABILITY UPDATE: the patch for CVE-2008-1105 introduced a regression
  with certain client and server interactions with large file sizes.
* debian/patches/security-CVE-2008-1105_pt2.patch: adjust cli_negprot()
  to properly calculate buffer sizes
* References
  LP: #241448

20. By Jamie Strandboge on 2008-06-16

* SECURITY UPDATE: heap overflow when processing crafted SMB responses
* debian/patches/security-CVE-2008-1105.patch: update util_sock.c to require
  specifying the buffer size and update client.c, smbctool.c, smbfilter.c,
  and process.c for these changes
* SECURITY UPDATE: buffer overrun in nmbd when processing crafted GETDC
  mailslot requests
* debian/patches/security_CVE-2007-4572.patch: check return values and
  sizeof strings in charcnv.c, ntlmssp_parse.c, nmbd_processlogon.c.
  Backport regression fixes from upstream.
* References:
  LP: #235912

19. By Kees Cook on 2007-12-14

* SECURITY UPDATE: remote code execution via GETDC mailslot request.
* Add security-CVE-2007-6015.patch: thanks to Steve Langasek.
* References

18. By Jamie Strandboge on 2007-11-16

* removed debian/patches/security_CVE-2007-4572.patch as it
  caused regressions. This is believed to be a non-exploitable
  DoS, but will provide updated packages when a suitable fix
  is found.
* References:
  LP #163042
  LP #163116

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.