Back to samba PTS page

Accepted samba 2:4.5.16+dfsg-1+deb9u3 (source) into oldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted samba 2:4.5.16+dfsg-1+deb9u3 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 23 Nov 2020 02:40:12 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1kh1m0-0006Vs-3o@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 21 Nov 2020 21:31:22 -0500
Source: samba
Binary: samba samba-libs samba-common samba-common-bin smbclient samba-testsuite registry-tools libparse-pidl-perl samba-dev python-samba samba-dsdb-modules samba-vfs-modules libsmbclient libsmbclient-dev winbind libpam-winbind libnss-winbind libwbclient0 libwbclient-dev ctdb
Architecture: source
Version: 2:4.5.16+dfsg-1+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
 ctdb       - clustered database to store temporary data
 libnss-winbind - Samba nameservice integration plugins
 libpam-winbind - Windows domain authentication integration plugin
 libparse-pidl-perl - IDL compiler written in Perl
 libsmbclient - shared library for communication with SMB/CIFS servers
 libsmbclient-dev - development files for libsmbclient
 libwbclient-dev - Samba winbind client library - development files
 libwbclient0 - Samba winbind client library
 python-samba - Python bindings for Samba
 registry-tools - tools for viewing and manipulating the Windows registry
 samba      - SMB/CIFS file, print, and login server for Unix
 samba-common - common files used by both the Samba server and client
 samba-common-bin - Samba common files used by both the server and the client
 samba-dev  - tools for extending Samba
 samba-dsdb-modules - Samba Directory Services Database
 samba-libs - Samba core libraries
 samba-testsuite - test suite from Samba
 samba-vfs-modules - Samba Virtual FileSystem plugins
 smbclient  - command-line SMB/CIFS clients for Unix
 winbind    - service to resolve user and group information from Windows NT ser
Changes:
 samba (2:4.5.16+dfsg-1+deb9u3) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2020-10704: An unauthorized user can trigger a denial of service
     via a stack overflow in the AD DC LDAP server
   * Fix CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba
     AD DC LDAP Server with ASQ, VLV and paged_results
   * Fix CVE-2020-10745: Denial of service resulting from abuse of compression
     of replies to NetBIOS over TCP/IP name resolution and DNS packets causing
     excessive CPU load on the Samba AD DC.
   * Fix CVE-2020-10760: The use of the paged_results or VLV controls against
     the Global Catalog LDAP server on the AD DC will cause a use-after-free.
   * Fix CVE-2020-14303: Denial of service resulting from CPU spin and and
     inability to process further requests once the AD DC NBT server receives
     an empty (zero-length) UDP packet to port 137.
   * Fix CVE-2020-1472:
     - Unauthenticated domain controller compromise by subverting Netlogon
       cryptography.
       + switch "client schannel" default to "yes" instead of "auto".
       + switch "server schannel" default to "yes" instead of "auto".
     - Unauthenticated domain controller compromise by subverting Netlogon
       cryptography (ZeroLogon).
       + For compatibility reasons, allow specifying an insecure netlogon
         configuration per machine. See the following link for examples:
         https://www.samba.org/samba/security/CVE-2020-1472.html
       + Add additional server checks for the protocol attack in the
         client-specified challenge to provide some protection when
         'server schannel = no/auto' and avoid the false-positive results
         when running the proof-of-concept exploit.
   * Fix CVE-2020-14318: Missing handle permissions check in ChangeNotify
   * Fix CVE-2020-14323: Unprivileged user can crash winbind via invalid
     lookupsids DoS
   * Fix CVE-2020-14383: DNS server crash via invalid records resulting from
     uninitialized variables
Checksums-Sha1:
 8e8da487e7f57f80e7cba00ac472f191ca0018e7 3978 samba_4.5.16+dfsg-1+deb9u3.dsc
 107ceb75fc284388f5b21f9cfe5ca368c5e6f1c2 301140 samba_4.5.16+dfsg-1+deb9u3.debian.tar.xz
 b21e8475ab47dbcd2801e9046e9b0479ad3fbccb 21142 samba_4.5.16+dfsg-1+deb9u3_amd64.buildinfo
Checksums-Sha256:
 a5ba6558a8486d3b9d1333c6ed841a0bd4d61f4aeb13bfd0f7e7450ad83a32d8 3978 samba_4.5.16+dfsg-1+deb9u3.dsc
 cacedc32248e577a22d99d03a5cddcbd3da61754192adcfac22040ae4b8679df 301140 samba_4.5.16+dfsg-1+deb9u3.debian.tar.xz
 dd47e9d748d4af77d7053eda5f425a52b344dc17937cb44b68069a18af4d4caa 21142 samba_4.5.16+dfsg-1+deb9u3_amd64.buildinfo
Files:
 b0ac1cbc7b7ae28ac3b951273f28782e 3978 net optional samba_4.5.16+dfsg-1+deb9u3.dsc
 4b1575a29dcfe22378aabbb3007cf77c 301140 net optional samba_4.5.16+dfsg-1+deb9u3.debian.tar.xz
 403f5429fe17d39c488461f85a676d7a 21142 net optional samba_4.5.16+dfsg-1+deb9u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAl+50P8ACgkQldFmTdL1
kUKdwQ//cofw0csooHkmE1qgKyZmLOvzKB6F78H+9NKjZgUxJXqfQ0q630QIyZT/
ltpEFsV5o8yfx+zP/HEI9n+ndnWM9vLkKRm5o883ROyA1zruGyejVFnJU8csZ7pR
xdrooilUub2secIq8lsdUf8ul4yjkG2jgH9At55CDI2Zs/RFrtAYcb0im3K83+13
8+ixpxbyDZOaEXmYPCfaTHFsi8dVuELI23SnCN8fda26HUq4XITiS62SBzcR8uaD
pkgspD+bqm1srlZD6KzSESbBDCh6l3M0wU+XOHaDxVxgpF10mi2MC0i3Gp02r0p+
gka0C46uhx19stZJcBty0FYpHaWtQdXvfKoYaRiOydLVWE4KwDBGWr4D8tOtaPGq
tJ/dqXldDnuq+r4X+RUUt6ar6ZmSK5tligy950jTz7BeqXbzVGcC3O9cBo8v/g2W
6ShCP4VkIKjwTyK416ydvBg3axotvllTI2lBN3avHnFI74xNslOMOKYQP4kymoe+
bOobJ5VW4vydmsXhw+hG9M1QJs1z4JC5chPEXAXkPZ9gjrmXBJc+kf0jg6nwm5Dk
rf5L6vj38NsICEHSLQiDe3gvEqu1sspjx9LpBtCJcn+21LOnrfuOZ13e0WaOERdV
AfIqMY9s9W696E3Uw0Pl6YJKFi3fEIaHQm/NsMHP1/GcXFOJxiM=
=s4wC
-----END PGP SIGNATURE-----