Thanks, Ryan! We are aware of the issue and we are currently working on
an update.
** Changed in: samba (Ubuntu)
Status: New => Confirmed
** Changed in: samba (Ubuntu)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
** Changed in: samba (Ubuntu)
Importance: Undecided => High
--
** Changed in: samba (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/978458
Title:
CVE-2012-1182: "root" credential remote code execution
To man
** Bug watch added: Red Hat Bugzilla #804093
https://bugzilla.redhat.com/show_bug.cgi?id=804093
** Also affects: samba (CentOS) via
https://bugzilla.redhat.com/show_bug.cgi?id=804093
Importance: Unknown
Status: Unknown
** Bug watch added: Red Hat Bugzilla #811392
https://bugzil
** Also affects: samba (Ubuntu Precise)
Importance: High
Assignee: Tyler Hicks (tyhicks)
Status: Confirmed
** Changed in: samba (Ubuntu Precise)
Milestone: None => ubuntu-12.04
** Changed in: samba (Ubuntu Precise)
Status: Confirmed => In Progress
** Tags added: rls-p-t
** Also affects: samba (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Oneiric)
Importa
Here is my proposed debdiff for Precise. I'll need a sponsor for this to
make it into the release.
I've built a package locally with this debdiff. I sanity checked it
using the 'umt compare-log', 'umt compare-bin', and 'umt check' tools. I
tested it with the reproducers from ZDI, as well as test-s
Hi Tyler,
+1 on the diff, that looks good.
Note that an alternative to shipping the second patch is to update the
generated files from the package itself, so the diff isn't massive; this
would require adding "make -C source3 samba3-idl" as part of the build
step and adding libparse-yapp-perl to t
Thanks Jelmer! You've probably already noticed, but jdstrand has
sponsored it.
I was wondering if we could generate the PIDL generated code at build
time, but I decided against it for sake of making cherry-picking from
upstream stable branches easy in the future. Upstream has reran the PIDL
compil
Ok, now I see that the 3.6 upstream branch places the samba3-idl target
underneath 'make all', so I assume that they are now relying on the code
generation to happen at build time. Can you confirm this, Jelmer?
If that's the case, then we probably do want to follow that convention
in our 3.6.x and
The attachment "samba_3.6.3-2ubuntu2.debdiff" of this bug report has
been identified as being a patch in the form of a debdiff. The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff. In the event that this is in
fact not a patch
** Branch linked: lp:ubuntu/precise-proposed/samba
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/978458
Title:
CVE-2012-1182: "root" credential remote code execution
To manage notif
This bug was fixed in the package samba - 2:3.5.11~dfsg-1ubuntu2.2
---
samba (2:3.5.11~dfsg-1ubuntu2.2) oneiric-security; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compile
This bug was fixed in the package samba - 2:3.5.8~dfsg-1ubuntu2.4
---
samba (2:3.5.8~dfsg-1ubuntu2.4) natty-security; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to
This bug was fixed in the package samba - 2:3.4.7~dfsg-1ubuntu3.9
---
samba (2:3.4.7~dfsg-1ubuntu3.9) lucid-security; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to
This bug was fixed in the package samba - 3.0.28a-1ubuntu4.18
---
samba (3.0.28a-1ubuntu4.18) hardy-security; urgency=low
[ Steve Beattie ]
* SECURITY UPDATE: unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/security-CVE-2012-1182.patch: m
** Branch linked: lp:ubuntu/lucid-security/samba
** Branch linked: lp:ubuntu/oneiric-security/samba
** Branch linked: lp:ubuntu/natty-security/samba
** Branch linked: lp:ubuntu/hardy-security/samba
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is s
This bug was fixed in the package samba - 2:3.6.3-2ubuntu2
---
samba (2:3.6.3-2ubuntu2) precise-proposed; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate co
** Changed in: samba (Debian)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/978458
Title:
CVE-2012-1182: "root" credential remote code execution
T
18 matches
Mail list logo