ubuntu/+source/samba:applied/ubuntu/intrepid-security

Last commit made on 2010-03-24
Get this branch:
git clone -b applied/ubuntu/intrepid-security https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/intrepid-security
Repository:
lp:ubuntu/+source/samba

Recent commits

d37043f... by Marc Deslauriers on 2010-03-18

Import patches-applied version 2:3.2.3-1ubuntu3.8 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 48da7fd167c2b90f742be6786bef74618baca11e
Unapplied parent: 4d07c9369fc041de1bd750d535deebc925dc559f

New changelog entries:
  * SECURITY UPDATE: arbitrary file disclosure via wide links
    - debian/patches/security-CVE-2010-0926.patch: disable wide links when
      UNIX extensions are enabled in source/param/loadparm.c,
      source/smbd/service.c, source/smbd/trans2.c, source/smbd/vfs.c,
      docs/htmldocs/manpages/smb.conf.5.html and docs/manpages/smb.conf.5.
    - CVE-2010-0926
  * WARNING: This changes the default samba behaviour. For security
    reasons, it is no longer possible to use wide links and UNIX
    extensions at the same time. After applying this security update, wide
    links will be disabled automatically as UNIX extensions are turned on
    by default. If wide links are required, you may re-enable them by
    adding "unix extensions = no" to the [global] section of
    the /etc/samba/smb.conf configuration file.

4d07c93... by Marc Deslauriers on 2010-03-18

Import patches-unapplied version 2:3.2.3-1ubuntu3.8 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 95f1532cd63027ba2936789bbac2b5b8ef933cc4

New changelog entries:
  * SECURITY UPDATE: arbitrary file disclosure via wide links
    - debian/patches/security-CVE-2010-0926.patch: disable wide links when
      UNIX extensions are enabled in source/param/loadparm.c,
      source/smbd/service.c, source/smbd/trans2.c, source/smbd/vfs.c,
      docs/htmldocs/manpages/smb.conf.5.html and docs/manpages/smb.conf.5.
    - CVE-2010-0926
  * WARNING: This changes the default samba behaviour. For security
    reasons, it is no longer possible to use wide links and UNIX
    extensions at the same time. After applying this security update, wide
    links will be disabled automatically as UNIX extensions are turned on
    by default. If wide links are required, you may re-enable them by
    adding "unix extensions = no" to the [global] section of
    the /etc/samba/smb.conf configuration file.

48da7fd... by Marc Deslauriers on 2010-01-26

Import patches-applied version 2:3.2.3-1ubuntu3.7 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: eabb62f6f0c2e3bf5986845fd9f4a315eeb18605
Unapplied parent: 95f1532cd63027ba2936789bbac2b5b8ef933cc4

New changelog entries:
  * SECURITY UPDATE: privilege escalation via mount.cifs race
    - debian/patches/security-CVE-2009-3297.patch: validate mount point and
      perform mount in "." to prevent race in source/client/mount.cifs.c.
    - CVE-2009-3297

95f1532... by Marc Deslauriers on 2010-01-26

Import patches-unapplied version 2:3.2.3-1ubuntu3.7 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 23b1790d72543d5dab920c876b4deaa490a2ca55

New changelog entries:
  * SECURITY UPDATE: privilege escalation via mount.cifs race
    - debian/patches/security-CVE-2009-3297.patch: validate mount point and
      perform mount in "." to prevent race in source/client/mount.cifs.c.
    - CVE-2009-3297

eabb62f... by Marc Deslauriers on 2009-10-01

Import patches-applied version 2:3.2.3-1ubuntu3.6 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 529e7d0bba4e7c457141df36a081fc487189f1e0
Unapplied parent: 23b1790d72543d5dab920c876b4deaa490a2ca55

New changelog entries:
  * SECURITY UPDATE: denial of service via string vulnerabilities in
    smbclient
    - debian/patches/security-CVE-2009-1886.patch: fix string format
      vulnerabilities in source/client/client.c.
    - CVE-2009-1886
  * SECURITY UPDATE: access control list modification when dos filemode is
    enabled
    - debian/patches/security-CVE-2009-1888.patch: fix group checking in
      acl_group_override in source/smbd/posix_acls.c.
    - CVE-2009-1888
  * SECURITY UPDATE: whole filesystem share via user with no home directory
    - debian/patches/security-CVE-2009-2813.patch: make sure home directory
      is set in source/param/loadparm.c, source/smbd/service.c.
    - CVE-2009-2813
  * SECURITY UPDATE: credentials file disclosure and unauthorized usage via
    setuid mount.cifs
    - debian/patches/security-CVE-2009-2948.patch: don't open credentials
      file if user doesn't have permission, and don't print password when
      using verbose option in source/client/mount.cifs.c.
    - CVE-2009-2948
  * SECURITY UPDATE: denial of service via unexpected oplock break
    notification reply
    - debian/patches/security-CVE-2009-2906.patch: track messages already
      processed in source/include/smb.h, source/smbd/process.c.
    - CVE-2009-2906

23b1790... by Marc Deslauriers on 2009-10-01

Import patches-unapplied version 2:3.2.3-1ubuntu3.6 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 1f74b1acfe97a49ad6eacc1825feffa7dc7e1606

New changelog entries:
  * SECURITY UPDATE: denial of service via string vulnerabilities in
    smbclient
    - debian/patches/security-CVE-2009-1886.patch: fix string format
      vulnerabilities in source/client/client.c.
    - CVE-2009-1886
  * SECURITY UPDATE: access control list modification when dos filemode is
    enabled
    - debian/patches/security-CVE-2009-1888.patch: fix group checking in
      acl_group_override in source/smbd/posix_acls.c.
    - CVE-2009-1888
  * SECURITY UPDATE: whole filesystem share via user with no home directory
    - debian/patches/security-CVE-2009-2813.patch: make sure home directory
      is set in source/param/loadparm.c, source/smbd/service.c.
    - CVE-2009-2813
  * SECURITY UPDATE: credentials file disclosure and unauthorized usage via
    setuid mount.cifs
    - debian/patches/security-CVE-2009-2948.patch: don't open credentials
      file if user doesn't have permission, and don't print password when
      using verbose option in source/client/mount.cifs.c.
    - CVE-2009-2948
  * SECURITY UPDATE: denial of service via unexpected oplock break
    notification reply
    - debian/patches/security-CVE-2009-2906.patch: track messages already
      processed in source/include/smb.h, source/smbd/process.c.
    - CVE-2009-2906

529e7d0... by Chuck Short on 2009-01-12

Import patches-applied version 2:3.2.3-1ubuntu3.5 to applied/ubuntu/intrepid-proposed

Imported using git-ubuntu import.

Changelog parent: 35d43865fd39597361a52e90e03e0865525e9503
Unapplied parent: 1f74b1acfe97a49ad6eacc1825feffa7dc7e1606

New changelog entries:
  * debian/patches/fix-libnss-sigabrt.patch: Fix sigabort when using
    wins client. Taken from upstream. (LP: #286119)
  * debian/patches/ Fix sigsev when using old NAS devices. Taken
    from upstream. Thanks to Thierry Carrez for tracking this down.
    (LP: #264943)

1f74b1a... by Chuck Short on 2009-01-12

Import patches-unapplied version 2:3.2.3-1ubuntu3.5 to ubuntu/intrepid-proposed

Imported using git-ubuntu import.

Changelog parent: c5c1282c1cf134c59cad8ec72ad0032131700ed0

New changelog entries:
  * debian/patches/fix-libnss-sigabrt.patch: Fix sigabort when using
    wins client. Taken from upstream. (LP: #286119)
  * debian/patches/ Fix sigsev when using old NAS devices. Taken
    from upstream. Thanks to Thierry Carrez for tracking this down.
    (LP: #264943)

35d4386... by Marc Deslauriers on 2009-01-05

Import patches-applied version 2:3.2.3-1ubuntu3.4 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 809bac74c266fd216f09b405eb2252a40066e063
Unapplied parent: c5c1282c1cf134c59cad8ec72ad0032131700ed0

New changelog entries:
  * SECURITY UPDATE: potential access to the root filesystem when using an
    empty string share name.
    - debian/patches/security-CVE-2009-0022.patch: make sure a non-empty share
      name is used in load_registry_service() in source/smbd/service.c.
    - CVE-2009-0022

c5c1282... by Marc Deslauriers on 2009-01-05

Import patches-unapplied version 2:3.2.3-1ubuntu3.4 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 0d8bfefa1ead6cd632c10e413dde43d646782624

New changelog entries:
  * SECURITY UPDATE: potential access to the root filesystem when using an
    empty string share name.
    - debian/patches/security-CVE-2009-0022.patch: make sure a non-empty share
      name is used in load_registry_service() in source/smbd/service.c.
    - CVE-2009-0022