UbuntuUpdates.org

Package "samba-dev"

Name: samba-dev

Description:

tools for extending Samba

Latest version: 2:4.3.11+dfsg-0ubuntu0.14.04.20
Release: trusty (14.04)
Level: security
Repository: main
Head package: samba
Homepage: http://www.samba.org

Links


Download "samba-dev"


Other versions of "samba-dev" in Trusty

Repository Area Version
base main 2:4.1.6+dfsg-1ubuntu2
updates main 2:4.3.11+dfsg-0ubuntu0.14.04.20

Changelog

Version: 2:4.3.11+dfsg-0ubuntu0.14.04.12 2017-09-21 18:06:39 UTC
No changelog available yet.
Source diff to previous version

Version: 2:4.3.11+dfsg-0ubuntu0.14.04.10 2017-07-14 21:07:05 UTC

  samba (2:4.3.11+dfsg-0ubuntu0.14.04.10) trusty-security; urgency=medium

  * SECURITY UPDATE: KDC-REP service name impersonation
    - debian/patches/CVE-2017-11103.patch: use encrypted service
      name rather than unencrypted (and therefore spoofable) version
      in heimdal
    - CVE-2017-11103

 -- Steve Beattie <email address hidden> Thu, 13 Jul 2017 14:06:03 -0700

Source diff to previous version
CVE-2017-1110 RESERVED

Version: 2:4.3.11+dfsg-0ubuntu0.14.04.9 2017-07-05 18:06:20 UTC

  samba (2:4.3.11+dfsg-0ubuntu0.14.04.9) trusty-security; urgency=medium

  [ Andreas Hasenack ]
  * d/p/non-wide-symlinks-to-directories-12860.patch: fix a CVE-2017-2619
    regression which breaks symlinks to directories on certain systems
    (LP: #1701073)

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via bad symlink resolution
    - debian/patches/CVE-2017-9461.patch: properly handle dangling symlinks
      in source3/smbd/open.c.
    - CVE-2017-9461

 -- Marc Deslauriers <email address hidden> Tue, 04 Jul 2017 08:01:55 -0400

Source diff to previous version
1701073 CVE-2017-2619 regression breaks symlinks to directories
CVE-2017-9461 smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory

Version: 2:4.3.11+dfsg-0ubuntu0.14.04.8 2017-05-24 14:06:44 UTC

  samba (2:4.3.11+dfsg-0ubuntu0.14.04.8) trusty-security; urgency=medium

  * SECURITY UPDATE: remote code execution from a writable share
    - debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
      slash inside in source3/rpc_server/srv_pipe.c.
    - CVE-2017-7494

 -- Marc Deslauriers <email address hidden> Fri, 19 May 2017 14:18:37 -0400

Source diff to previous version

Version: 2:4.3.11+dfsg-0ubuntu0.14.04.7 2017-03-30 19:07:04 UTC

  samba (2:4.3.11+dfsg-0ubuntu0.14.04.7) trusty-security; urgency=medium

  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
    - debian/patches/CVE-2017-2619/bug12721-*.patch: add fixes from Samba
      bug #12721.
  * Add missing prerequisite for previous update
    - debian/patches/CVE-2017-2619/bug12172.patch: handle non-existant
      files and wildcards in source3/modules/vfs_shadow_copy2.c.

 -- Marc Deslauriers <email address hidden> Tue, 28 Mar 2017 09:28:06 -0400

1675698 Cannot access anything under a subdirectory if symlinks are disallowed



About   -   Send Feedback to @ubuntu_updates