ubuntu/+source/samba:ubuntu/hardy-security

Last commit made on 2012-04-12
Get this branch:
git clone -b ubuntu/hardy-security https://git.launchpad.net/ubuntu/+source/samba
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/hardy-security
Repository:
lp:ubuntu/+source/samba

Recent commits

57452de... by Tyler Hicks on 2012-04-12

Import patches-unapplied version 3.0.28a-1ubuntu4.18 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 337fdd5d06d02f9e91545a4949f5a72c15517f64

New changelog entries:
  [ Steve Beattie ]
  * SECURITY UPDATE: unauthenticated remote code execution via
    RPC calls (LP: #978458)
    - debian/patches/security-CVE-2012-1182.patch: make variable length
      check be consistent with memory allocation size computation.
    - CVE-2012-1182

337fdd5... by Marc Deslauriers on 2012-02-24

Import patches-unapplied version 3.0.28a-1ubuntu4.17 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 425016ddb03b680382170b4afc0e0c27b06e7c4f

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via AndX requests
    - debian/patches/security-CVE-2012-0870.patch: perform additional
      sanity checks in source/smbd/process.c.
    - CVE-2012-0870

425016d... by Marc Deslauriers on 2011-09-30

Import patches-unapplied version 3.0.28a-1ubuntu4.16 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 1ad0e9279145ae38ff7feced1c2ab00cc467f17c

New changelog entries:
  * Improve mtab locking support to prevent mtab corruption
    - debian/patches/security-mtab-locking.patch: backport mtab locking
      logic from newer releases in source/client/{mount.cifs.c,mount.h,
      mtab.c,umount.cifs.c}, source/Makefile.in.
  * SECURITY UPDATE: denial of service via stale mtab lockfile
    - debian/patches/security-mask-signals.patch: mask signals while
      updating the mtab file in source/client/mount.cifs.c.
    - CVE-2011-3585
  * SECURITY UPDATE: mtab corruption via resource limits
    - debian/patches/CVE-2011-1678.patch: truncate mtab file if updating it
      failed in source/client/{mount.cifs.c,mount.h,mtab.c}.
    - CVE-2011-1678

1ad0e92... by Marc Deslauriers on 2011-07-28

Import patches-unapplied version 3.0.28a-1ubuntu4.15 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 2a74d4bc48b810d0da48c117b99bfe1ff3964b7e

New changelog entries:
  * SECURITY UPDATE: cross-site scripting in SWAT
    - debian/patches/security-CVE-2011-2694.patch: don't display username
      in source/web/swat.c.
    - CVE-2011-2694
  * SECURITY UPDATE: cross-site request forgery in SWAT
    - debian/patches/security-CVE-2011-2522.patch: implement nonce in
      source/web/{cgi.c,statuspage.c,swat.c}.
    - CVE-2011-2522

2a74d4b... by Marc Deslauriers on 2011-02-23

Import patches-unapplied version 3.0.28a-1ubuntu4.14 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: d352750991c43761365314daf6560046f6785016

New changelog entries:
  * SECURITY UPDATE: denial of service via missing range checks on file
    descriptors
    - debian/patches/security-CVE-2011-0719.patch: validate miscellaneous
      file descriptors.
    - CVE-2011-0719

d352750... by Marc Deslauriers on 2010-09-09

Import patches-unapplied version 3.0.28a-1ubuntu4.13 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 9d4ea6e241fdd16536249f354e7d77ca7b2c9cb0

New changelog entries:
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via large number of SID sub authorities
    - debian/patches/security-CVE-2010-3069.patch: limit number of SID
      sub authorities in source3/lib/util_sid.c, source/libads/ldap.c,
      source/libsmb/cliquota.c, source/smbd/nttrans.c.
    - CVE-2010-3069

9d4ea6e... by Kees Cook on 2010-06-15

Import patches-unapplied version 3.0.28a-1ubuntu4.12 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: fb14d2140eb40528f64dc0007ec388206795953f

New changelog entries:
  * SECURITY UPDATE: arbitrary remote code execution.
    - debian/patches/security-CVE-2010-2063.patch: upstream fixes.

fb14d21... by Marc Deslauriers on 2010-03-18

Import patches-unapplied version 3.0.28a-1ubuntu4.11 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 1e14f8198986cb09e26d8846f4978974eee2e065

New changelog entries:
  * SECURITY UPDATE: arbitrary file disclosure via wide links
    - debian/patches/security-CVE-2010-0926.patch: disable wide links when
      UNIX extensions are enabled in source/param/loadparm.c,
      source/smbd/service.c, source/smbd/trans2.c, source/smbd/vfs.c,
      docs/htmldocs/manpages/smb.conf.5.html, docs/manpages/smb.conf.5.
    - CVE-2010-0926
  * WARNING: This changes the default samba behaviour. For security
    reasons, it is no longer possible to use wide links and UNIX
    extensions at the same time. After applying this security update, wide
    links will be disabled automatically as UNIX extensions are turned on
    by default. If wide links are required, you may re-enable them by
    adding "unix extensions = no" to the [global] section of
    the /etc/samba/smb.conf configuration file.

1e14f81... by Marc Deslauriers on 2010-01-26

Import patches-unapplied version 3.0.28a-1ubuntu4.10 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 2097c115dd591dba30ec530bd00c917e355602a5

New changelog entries:
  * SECURITY UPDATE: privilege escalation via mount.cifs race
    - debian/patches/security-CVE-2009-3297.patch: validate mount point and
      perform mount in "." to prevent race in source/client/mount.cifs.c.
    - CVE-2009-3297

2097c11... by Marc Deslauriers on 2009-10-01

Import patches-unapplied version 3.0.28a-1ubuntu4.9 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: f22e8985cc970925b3e251158a8a1e0ea0e1e7f8

New changelog entries:
  * SECURITY UPDATE: whole filesystem share via user with no home directory
    - debian/patches/security-CVE-2009-2813.patch: make sure home directory
      is set in source/param/loadparm.c, source/smbd/service.c.
    - CVE-2009-2813
  * SECURITY UPDATE: credentials file disclosure and unauthorized usage via
    setuid mount.cifs
    - debian/patches/security-CVE-2009-2948.patch: don't open credentials
      file if user doesn't have permission, and don't print password when
      using verbose option in source/client/mount.cifs.c.
    - CVE-2009-2948
  * SECURITY UPDATE: denial of service via unexpected oplock break
    notification reply
    - debian/patches/security-CVE-2009-2906.patch: track messages already
      processed in source/include/smb.h, source/smbd/process.c.
    - CVE-2009-2906