Univention Bugzilla – Bug 43145
Samba: Multiple issues (3.3)
Last modified: 2016-12-19 14:44:17 CET
+++ This bug was initially created as a clone of Bug #43144 +++
A security update for Samba is planned for Monday, December 19:
* NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2016-2123)
* Unconditional privilege delegation to Kerberos servers in trusted realms (CVE-2016-2125)
* Flaws in Kerberos PAC validation can trigger privilege elevation (CVE-2016-2126)
Rebuilt with patch. Advisory doesn't contain details yet.
Another patch was added a couple of minutes ago, which hadn't been included in the upstream backport patch for Samba 4.3. The package is building again now.
Advisory is adjusted.
The patch for Bug 41729 hadn't been backport to UCS 3.3, I've included that too now. That required some shuffling with the patches because there was no space after 99_...
Package is building, Advisory is adjusted.
OK - patches
OK - window client join (win7, win8)
OK - windows logon
OK - univention-s4search, drs repl
OK - kerberos
OK - GPO's
OK - share access
OK - samba update in 3.3-0
OK - update to 4.0-1