FIxed by: samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium
* SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues - CVE-2015-5370: Multiple errors in DCE-RPC code - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP - CVE-2016-2111: NETLOGON Spoofing Vulnerability - CVE-2016-2112: The LDAP client and server don't enforce integrity protection - CVE-2016-2113: Missing TLS certificate validation allows man in the middle attacks - CVE-2016-2114: "server signing = mandatory" not enforced - CVE-2016-2115: SMB client connections for IPC traffic are not integrity protected - CVE-2016-2118: SAMR and LSA man in the middle attacks possible * debian/patches/winbind_trusted_domains.patch: make sure domain members can talk to trusted domains DCs. -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 12 Apr 2016 07:26:29 -0400 ** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5370 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2110 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2111 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2112 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2113 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2114 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2115 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2118 ** Changed in: samba (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1566348 Title: Patch the Badlock bug in the initial release of Ubuntu 16.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1566348/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs