samba (2:3.6.9-1ubuntu1.2) raring-security; urgency=low
* SECURITY UPDATE: file restrictions bypass via alternate data streams
- debian/patches/CVE-2013-4475.patch: properly check base file access
in source3/smbd/open.c.
- CVE-2013-4475
* SECURITY UPDATE: pam_winbind access restriction bypass via invalid
group names
- debian/patches/CVE-2012-6150.patch: ensure valid groups in
nsswitch/pam_winbind.c.
- CVE-2012-6150
* SECURITY UPDATE: arbitrary code execution via incorrect DCE-RPC
fragment length field checking
- debian/patches/CVE-2013-4408.patch: apply massive upstream fix to
lib/async_req/async_sock.c, libcli/util/tstream.c,
librpc/idl/dcerpc.idl, librpc/rpc/dcerpc_util.c,
librpc/rpc/rpc_common.h, nsswitch/libwbclient/wbc_sid.c,
nsswitch/wbinfo.c, source3/lib/netapi/{group,localgroup,user}.c,
source3/lib/util_tsock.c, source3/libnet/libnet_join.c,
source3/librpc/rpc/dcerpc_helpers.c,
source3/rpc_client/{cli_lsarpc,cli_pipe}.c,
source3/rpc_server/netlogon/srv_netlog_nt.c,
source3/rpcclient/{cmd_lsarpc,cmd_samr}.c, source3/smbd/lanman.c,
source3/utils/net_rpc.c, source3/utils/net_rpc_join.c,
source3/winbindd/{wb_lookupsids,winbindd_msrpc,winbindd_rpc}.c,
source4/libcli/util/clilsa.c, source4/libnet/{groupinfo,groupman,
libnet_join,libnet_lookup,libnet_passwd,userinfo,userman}.c,
source4/librpc/rpc/{dcerpc,dcerpc_smb,dcerpc_smb2,dcerpc_sock}.c,
source4/winbind/wb_async_helpers.c.
- CVE-2013-4408
-- Marc Deslauriers <email address hidden> Mon, 09 Dec 2013 10:32:37 -0500
samba (2:3.6.9-1ubuntu1) raring; urgency=low
* Merge from Debian experimental, remaining changes:
+ debian/patches/VERSION.patch:
- set SAMBA_VERSION_SUFFIX to Ubuntu.
+ debian/smb.conf:
- add "(Samba, Ubuntu)" to server string.
- comment out the default [homes] share, and add a comment about
"valid users = %S" to show users how to restrict access to
\\server\username to only username.
+ debian/samba-common.config:
- Do not change priority to high if dhclient3 is installed.
- Use priority medium instead of high for the workgroup question.
+ debian/control:
- Don't build against or suggest ctdb.
- Add dependency on samba-common-bin to samba.
+ Add ufw integration:
- Created debian/samba.ufw.profile
- debian/rules, debian/samba.install: install profile.
- debian/control: have samba suggest ufw.
+ Add apport hook:
- Created debian/source_samba.py.
- debian/rules, debian/samba-common-bin.install: install hook.
+ Switch to upstart:
- Added debian/samba.{nmbd,smbd}.upstart.
- Added debian/winbind.upstart.
- debian/samba.logrotate, debian/samba-common.dhcp, debian/samba.if-up:
Make upstart compatible.
+ d/rules: Drop explicit configuration options for ctdb.
* Dropped changes; included upstream:
+ d/patches/cups-1.6.1_compat.patch: Cherry picked patch from upstream VCS
for compatibility with cups >= 1.6.
+ Change "net share allowedusers" to use RPC call that works with
Microsoft Windows 2008 r2.
samba (2:3.6.9-1) experimental; urgency=low
* New upstream release
samba (2:3.6.8-1) experimental; urgency=low
* New upstream release.
samba (2:3.6.7-1) experimental; urgency=low
* New upstream release.
-- James Page <email address hidden> Fri, 23 Nov 2012 14:34:04 +0000