[Bug 1566348] Re: Patch the Badlock bug in the initial release of Ubuntu 16.04

[Marc Deslauriers]

FIxed by:

samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium

  * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
- CVE-2015-5370: Multiple errors in DCE-RPC code
- CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
- CVE-2016-2111: NETLOGON Spoofing Vulnerability
- CVE-2016-2112: The LDAP client and server don't enforce integrity
  protection
- CVE-2016-2113: Missing TLS certificate validation allows man in the
  middle attacks
- CVE-2016-2114: "server signing = mandatory" not enforced
- CVE-2016-2115: SMB client connections for IPC traffic are not
  integrity protected
- CVE-2016-2118: SAMR and LSA man in the middle attacks possible
  * debian/patches/winbind_trusted_domains.patch: make sure domain members
can talk to trusted domains DCs.

 -- Marc Deslauriers   Tue, 12 Apr 2016
07:26:29 -0400


** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5370

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2110

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2111

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2112

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2113

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2114

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2115

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2118

** Changed in: samba (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1566348

Title:
  Patch the Badlock bug in the initial release of Ubuntu 16.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1566348/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1566348] Re: Patch the Badlock bug in the initial release of Ubuntu 16.04

[rpr nospam]

No, this is not a duplicate of #1569497, which "is for tracking
regressions while the updated packages are in the security team PPA".

I reported this bug to make sure the new samba packages which patch
Badlock will be included in the initial release of Ubuntu 16.04.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1566348

Title:
  Patch the Badlock bug in the initial release of Ubuntu 16.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1566348/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1566348] Re: Patch the Badlock bug in the initial release of Ubuntu 16.04

[Russell Jones]

Dupe of https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1569497 ?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1566348

Title:
  Patch the Badlock bug in the initial release of Ubuntu 16.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1566348/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1566348] Re: Patch the Badlock bug in the initial release of Ubuntu 16.04

[rpr nospam]

** This bug is no longer a duplicate of bug 1569497
   Badlock security update tracking bug

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1566348

Title:
  Patch the Badlock bug in the initial release of Ubuntu 16.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1566348/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1566348] Re: Patch the Badlock bug in the initial release of Ubuntu 16.04

[Dmitry G.]

*** This bug is a duplicate of bug 1569497 ***
https://bugs.launchpad.net/bugs/1569497

** This bug has been marked a duplicate of bug 1569497
   Badlock security update tracking bug

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1566348

Title:
  Patch the Badlock bug in the initial release of Ubuntu 16.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1566348/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1566348] Re: Patch the Badlock bug in the initial release of Ubuntu 16.04

[ChristianEhrhardt]

** Changed in: samba (Ubuntu)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1566348

Title:
  Patch the Badlock bug in the initial release of Ubuntu 16.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1566348/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1566348] Re: Patch the Badlock bug in the initial release of Ubuntu 16.04

[Ryan Harper]

** Changed in: samba (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1566348

Title:
  Patch the Badlock bug in the initial release of Ubuntu 16.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1566348/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs