FIxed by:
samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium
* SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
- CVE-2015-5370: Multiple errors in DCE-RPC code
- CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
- CVE-2016-2111: NETLOGON Spoofing Vulnerability
- CVE-2016-2112: The LDAP client and server don't enforce integrity
protection
- CVE-2016-2113: Missing TLS certificate validation allows man in the
middle attacks
- CVE-2016-2114: "server signing = mandatory" not enforced
- CVE-2016-2115: SMB client connections for IPC traffic are not
integrity protected
- CVE-2016-2118: SAMR and LSA man in the middle attacks possible
* debian/patches/winbind_trusted_domains.patch: make sure domain members
can talk to trusted domains DCs.
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 12 Apr 2016
07:26:29 -0400
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5370
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2110
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2111
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2112
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2113
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2114
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2115
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2118
** Changed in: samba (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1566348
Title:
Patch the Badlock bug in the initial release of Ubuntu 16.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1566348/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
