Ubuntu
samba package

lp:ubuntu/edgy-security/samba

  1. Edgy (6.10)
  2. edgy-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/edgy-security/samba
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

19. By Kees Cook

* SECURITY UPDATE: remote code execution via GETDC mailslot request.
* Add security-CVE-2007-6015.patch: thanks to Steve Langasek.
* References
  CVE-2007-6015

18. By Jamie Strandboge

* removed debian/patches/security_CVE-2007-4572.patch as it
  caused regressions. This is believed to be a non-exploitable
  DoS, but will provide updated packages when a suitable fix
  is found.
* References:
  LP #163042
  LP #163116
  https://bugzilla.samba.org/show_bug.cgi?id=5087

17. By Jamie Strandboge

* SECURITY UPDATE: buffer overrun in nmbd when processing crafted GETDC
  mailslot requests
* debian/patches/security_CVE-2007-4572.patch: check return values and
  sizeof strings in charcnv.c, ntlmssp_parse.c, nmbd_processlogon.c
* SECURITY UPDATE: arbitrary code execution in nmbd when configured as
  a WINS server when processing name registration and name query requests
* debian/patches/security_CVE-2007-5398.patch: properly check len in
  nmbd_packets.c
* References
  CVE-2007-4572
  CVE-2007-5398

16. By Kees Cook

* SECURITY UPDATE: remote heap overflows, remote command execution.
* security_ndr-heap-overflows.patch: upstream fixes (CVE-2007-2446)
* security_remote-command-execution.patch: upstream fixed (CVE-2007-2447)

15. By Kees Cook

* SECURITY UPDATE: priv escalation via crafted AFS share filenames,
  denial of service when renaming a file in deferred open queue.
* Add 'debian/patches/ubuntu-fix-open-loop.patch': fix infinite loop,
  taken from upstream patch.
  - CVE-2007-0452
* Add 'debian/patches/ubuntu-fix-afsacl.patch': fix format string
  overflow, taken from upstrem patch.
  - CVE-2007-0454

14. By Martin Pitt

* SECURITY UPDATE: Remote DoS.
* Add debian/patches/track_connection_dos.patch:
  - Limit active connections to 2048 to avoid DoS due to unbound array
    growing when tracking active connections.
  - CVE-2006-3403

13. By Adam Conrad

* Config file changes only in this upload; no destabilising code changes.
* Comment out the default [homes] shares and add more verbose comments to
  explain what they do and how they work (closes: launchpad.net/27608)
* Add a "valid users = %S" stanza to the commented-out [homes] section, to
  show users how to restrict access to \\server\username to only username.
* Change the (commented-out) "printer admin" example to use "@lpadmin"
  instead of "@ntadmin", since the lpadmin group is used for spool admin.

12. By Adam Conrad

* After much faff about fixing this properly and getting fixes
  submitted upstream (some of which has happened), I've concluded
  that getting every case_tables usage in the code nailed down
  before release just isn't going to happen, so applying a more
  global bandaid (ubuntu-setlocale-fixes.patch) instead to stop
  the SEGVs completely (closes: launchpad.net/{39990,39484,39956})
* Snag a patch from upstream SVN to stop winbindd from panicking
  when not joined to a domain (closes: launchpad.net/32614)
* Mangle patch fuzz for previous patch to make it apply cleanly.

11. By Adam Conrad

* Sync with Debian's new upstream (UVF exception granted by mdz) to
  resolve the information disclosure vuln reported in CVE-2006-1059
* Make the panic-action script check for 'mail' before it goes about
  trying to backtrace crashes and mail to root (launchpad.net/32987)
* Include patch from upstream to purge setlocale calls from the client
  library, so we don't break the desktop locale (launchpad.net/28603)
* Make the samba and winbind init scripts more robust in the face of a
  tmpfs /var/run, creating directories as we go (launchpad.net/33389)
* Fix up syntax error in the default config file (launchpad.net/37965)

10. By Martin Pitt

* SECURITY UPDATE: Password leakage.
* Add debian/patches/winbind-cleartext-password.patch:
  - Do not expose the machine account credentials in winbind log files.
  - Patch taken from stable version 3.0.22.
* References:
  CVE-2006-1059
  http://us1.samba.org/samba/security/CAN-2006-1059.html

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/samba
This branch contains Public information 
Everyone can see this information.

Subscribers