Bug 41193 - Regressions regarding NTLMSSP hardening of CVE-2016-2110 in Samba 4.3.7 (4.1)
Regressions regarding NTLMSSP hardening of CVE-2016-2110 in Samba 4.3.7 (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-2-errata
Assigned To: Arvid Requate
Felix Botner
:
Depends on:
Blocks: 41194
  Show dependency treegraph
 
Reported: 2016-05-03 19:54 CEST by Arvid Requate
Modified: 2016-10-05 12:46 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Troubleshooting
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2016-05-03 19:54:41 CEST
Regressions regarding the NTLMSSP hardening of CVE-2016-2110 in Samba 4.3.7 have been fixed upstream:

* https://bugzilla.samba.org/show_bug.cgi?id=11849
* https://bugzilla.samba.org/show_bug.cgi?id=11852
* see also https://bugzilla.samba.org/show_bug.cgi?id=11889
Comment 2 Arvid Requate univentionstaff 2016-05-09 21:01:15 CEST
The package has been rebuilt with the upstream patches for:

* https://bugzilla.samba.org/show_bug.cgi?id=11849
* https://bugzilla.samba.org/show_bug.cgi?id=11852

Advisory: samba.yaml
Comment 3 Arvid Requate univentionstaff 2016-05-10 20:00:30 CEST
Rebuilt with additional patch https://bugzilla.samba.org/show_bug.cgi?id=11912

ucs-test -s samba-common -s samba4 -E dangerous was successful on my system.
Comment 4 Felix Botner univentionstaff 2016-05-18 17:41:30 CEST
OK - YAML
OK - ucs-test

OK - windows join
OK - user sync
OK - password change
OK - share access

OK - version
     2:4.3.7-1.830.201605101118 0
        500 http://192.168.0.10/build2/ ucs_4.1-0-errata4.1-2/amd64/ Packages
     2:4.3.7-1.829.201605101206 0
        500 http://192.168.0.10/build2/ ucs_4.0-0-errata4.0-5/amd64/ Packages
     2:4.3.7-1.828.201605101154 0
        500 http://192.168.0.10/build2/ ucs_3.3-0/amd64/ Packages
     2:4.3.7-1.827.201605101142 0
        500 http://192.168.0.10/build2/ ucs_3.2-0-errata3.2-8/amd64/ Packages
Comment 5 Arvid Requate univentionstaff 2016-05-19 14:09:53 CEST
Additional patches have been published:
 https://bugzilla.samba.org/show_bug.cgi?id=11744#c43
Comment 6 Arvid Requate univentionstaff 2016-05-25 20:12:32 CEST
The package has bee rebuilt with the additional patches.
Comment 7 Felix Botner univentionstaff 2016-06-01 14:44:50 CEST
OK - built with patches
OK - installation/update
OK - simple tests (join, password change, share access)
OK - ucs-tests
OK - samba.yaml
Comment 8 Janek Walkenhorst univentionstaff 2016-06-08 14:28:32 CEST
<http://errata.software-univention.de/ucs/4.1/193.html>