lp:ubuntu/edgy-security/samba
- Get this branch:
- bzr branch lp:ubuntu/edgy-security/samba
Branch merges
Branch information
Recent revisions
- 19. By Kees Cook
-
* SECURITY UPDATE: remote code execution via GETDC mailslot request.
* Add security-CVE-2007- 6015.patch: thanks to Steve Langasek.
* References
CVE-2007-6015 - 18. By Jamie Strandboge
-
* removed debian/
patches/ security_ CVE-2007- 4572.patch as it
caused regressions. This is believed to be a non-exploitable
DoS, but will provide updated packages when a suitable fix
is found.
* References:
LP #163042
LP #163116
https://bugzilla. samba.org/ show_bug. cgi?id= 5087 - 17. By Jamie Strandboge
-
* SECURITY UPDATE: buffer overrun in nmbd when processing crafted GETDC
mailslot requests
* debian/patches/ security_ CVE-2007- 4572.patch: check return values and
sizeof strings in charcnv.c, ntlmssp_parse.c, nmbd_processlogon.c
* SECURITY UPDATE: arbitrary code execution in nmbd when configured as
a WINS server when processing name registration and name query requests
* debian/patches/ security_ CVE-2007- 5398.patch: properly check len in
nmbd_packets.c
* References
CVE-2007-4572
CVE-2007-5398 - 16. By Kees Cook
-
* SECURITY UPDATE: remote heap overflows, remote command execution.
* security_ndr-heap- overflows. patch: upstream fixes (CVE-2007-2446)
* security_remote- command- execution. patch: upstream fixed (CVE-2007-2447) - 15. By Kees Cook
-
* SECURITY UPDATE: priv escalation via crafted AFS share filenames,
denial of service when renaming a file in deferred open queue.
* Add 'debian/patches/ ubuntu- fix-open- loop.patch' : fix infinite loop,
taken from upstream patch.
- CVE-2007-0452
* Add 'debian/patches/ ubuntu- fix-afsacl. patch': fix format string
overflow, taken from upstrem patch.
- CVE-2007-0454 - 14. By Martin Pitt
-
* SECURITY UPDATE: Remote DoS.
* Add debian/patches/ track_connectio n_dos.patch:
- Limit active connections to 2048 to avoid DoS due to unbound array
growing when tracking active connections.
- CVE-2006-3403 - 13. By Adam Conrad
-
* Config file changes only in this upload; no destabilising code changes.
* Comment out the default [homes] shares and add more verbose comments to
explain what they do and how they work (closes: launchpad.net/27608)
* Add a "valid users = %S" stanza to the commented-out [homes] section, to
show users how to restrict access to \\server\username to only username.
* Change the (commented-out) "printer admin" example to use "@lpadmin"
instead of "@ntadmin", since the lpadmin group is used for spool admin. - 12. By Adam Conrad
-
* After much faff about fixing this properly and getting fixes
submitted upstream (some of which has happened), I've concluded
that getting every case_tables usage in the code nailed down
before release just isn't going to happen, so applying a more
global bandaid (ubuntu-setlocale- fixes.patch) instead to stop
the SEGVs completely (closes: launchpad.net/{39990, 39484,39956} )
* Snag a patch from upstream SVN to stop winbindd from panicking
when not joined to a domain (closes: launchpad.net/32614)
* Mangle patch fuzz for previous patch to make it apply cleanly. - 11. By Adam Conrad
-
* Sync with Debian's new upstream (UVF exception granted by mdz) to
resolve the information disclosure vuln reported in CVE-2006-1059
* Make the panic-action script check for 'mail' before it goes about
trying to backtrace crashes and mail to root (launchpad.net/32987)
* Include patch from upstream to purge setlocale calls from the client
library, so we don't break the desktop locale (launchpad.net/28603)
* Make the samba and winbind init scripts more robust in the face of a
tmpfs /var/run, creating directories as we go (launchpad.net/33389)
* Fix up syntax error in the default config file (launchpad.net/37965) - 10. By Martin Pitt
-
* SECURITY UPDATE: Password leakage.
* Add debian/patches/ winbind- cleartext- password. patch:
- Do not expose the machine account credentials in winbind log files.
- Patch taken from stable version 3.0.22.
* References:
CVE-2006-1059
http://us1.samba. org/samba/ security/ CAN-2006- 1059.html
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/samba