Univention Bugzilla – Bug 40988
samba: multiple issues (4.1)
Last modified: 2023-10-05 10:14:24 CEST
Samba 4.3.7 fixes a couple of security issues.
* /etc/univention/ssl/ucsCA/crl/crl.pem is only available on master and backup * after univention-install univention-s4connector libtalloc2, python-tdb, libtdb1, libtevent0, python-talloc are not up-to-date apt-get -s dist-upgrade Paketlisten werden gelesen... Fertig Abhängigkeitsbaum wird aufgebaut. Statusinformationen werden eingelesen.... Fertig Paketaktualisierung (Upgrade) wird berechnet... Fertig Die folgenden Pakete werden aktualisiert (Upgrade): libtalloc2 libtdb1 libtevent0 python-talloc python-tdb 5 aktualisiert, 0 neu installiert, 0 zu entfernen und 0 nicht aktualisiert. Inst libtalloc2 [2.1.2-3.33.201505181902] (2.1.5-1.51.201604041348 192.168.0.10 [amd64]) Inst python-tdb [1.3.6-1.50.201507161446] (1.3.8-1.66.201604041353 192.168.0.10 [amd64]) [] Inst libtdb1 [1.3.6-1.50.201507161446] (1.3.8-1.66.201604041353 192.168.0.10 [amd64]) Inst libtevent0 [0.9.25-1.30.201507161435] (0.9.26-1.43.201604041350 192.168.0.10 [amd64]) Inst python-talloc [2.1.2-3.33.201505181902] (2.1.5-1.51.201604041348 192.168.0.10 [amd64]) Conf libtalloc2 (2.1.5-1.51.201604041348 192.168.0.10 [amd64]) Conf libtdb1 (1.3.8-1.66.201604041353 192.168.0.10 [amd64]) Conf python-tdb (1.3.8-1.66.201604041353 192.168.0.10 [amd64]) Conf libtevent0 (0.9.26-1.43.201604041350 192.168.0.10 [amd64]) Conf python-talloc (2.1.5-1.51.201604041348 192.168.0.10 [amd64]) maybe we need a versionized dependency? Installation worked find though.
Done: • for p in ldb samba; do repo_admin.py -F -r 4.1-0-0-ucs -s errata4.1-1 -p $p b41-scope errata4.1-1 $p done • svn cp ucs-school-4.1/univention-ldb-modules ucs-4.1-1/services/ • Dependency adjusted for Samba 3.2.7 ldb version • build ucs_4.1-0-errata4.1-1 ucs-4.1-1/services/univention-ldb-modules • b41-scope errata4.1-1 winexe • univention-samba4 smb.conf options adjusted for Samba 4.3.7 Current version matrix: talloc: 2.1.5-1.37.201604061642: ucs_3.1-0-extsec3.1 2.1.5-1.38.201604061644: ucs_3.2-0-errata3.2-8 2.1.5-1.39.201604061650: ucs_3.3-0 2.1.5-1.40.201604061653: ucs_4.0-0-errata4.0-5 2.1.5-1.41.201512111354: ucs_4.1-0-errata4.1-0 # no update tevent: 0.9.26-1.29.201604061703: ucs_3.1-0-extsec3.1 0.9.26-1.30.201604061703: ucs_3.2-0-errata3.2-8 0.9.26-1.31.201604061703: ucs_3.3-0 0.9.26-1.32.201604061703: ucs_4.0-0-errata4.0-5 0.9.26-1.33.201512111415: ucs_4.1-0-errata4.1-0 # no update tdb: 1.3.8-1.50.201604061726: ucs_3.1-0-extsec3.1 1.3.8-1.51.201604061726: ucs_3.2-0-errata3.2-8 1.3.8-1.52.201604061744: ucs_3.3-0 1.3.8-1.53.201604061726: ucs_4.0-0-errata4.0-5 1.3.8-1.54.201512111342: ucs_4.1-0-errata4.1-0 # no update ldb: Version: 2:1.1.25-1.68.201604061731: ucs_3.1-0-extsec3.1 Version: 2:1.1.25-1.69.201604061731: ucs_3.2-0-errata3.2-8 Version: 2:1.1.25-1.70.201604061731: ucs_3.3-0 Version: 2:1.1.25-1.71.201604061731: ucs_4.0-0-errata4.0-5 Version: 2:1.1.25-1.72.201604061731: ucs_4.1-0-errata4.1-1 samba: Version: 2:4.3.7-1.826.201604061853: ucs_3.1-0-extsec3.1 Version: 2:4.3.7-1.827.201604061853: ucs_3.2-0-errata3.2-8 Version: 2:4.3.6-1.874.201604011331: ucs_3.3-0 ## TODO Version: 2:4.3.7-1.829.201604062049: ucs_4.0-0-errata4.0-5 Version: 2:4.3.7-1.830.201604062051: ucs_4.1-0-errata4.1-1
Resolved for final QA and release stage.
Tests, see http://bladis.knut.univention.de/71iBVhOsGa OK - Install OK - Update OK - samba.yaml OK - ldb.yaml OK - univention-ldb-modules.yaml OK - univention-samba4.yaml (missing entry for 40383)
<http://errata.software-univention.de/ucs/4.1/141.html> <http://errata.software-univention.de/ucs/4.1/142.html> <http://errata.software-univention.de/ucs/4.1/143.html> <http://errata.software-univention.de/ucs/4.1/144.html>
Fixes: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118