Univention Bugzilla – Bug 40990
samba: multiple issues (3.2)
Last modified: 2016-04-12 19:49:18 CEST
Samba 4.2.10 (and 4.3.7) fixes a couple of security issues.
Done: • for p in talloc tevent tdb ldb samba; do repo_admin.py --cherrypick --release 4.1-0 --source errata4.1-1 \ --releasedest 3.2-0 --dest errata3.2-8 --package $p; b32-scope errata3.2-8 $p done • patches merged from 2:4.1.0-1-errata3.2-8 to 2:4.3.7-1-errata3.2-8: 01_multiarch.patch 02_compat.patch 05_dependencies.patch 06_symbols.patch 15_add_samba4_init.patch 16_remove_upstart_support.patch • Additional patches for Samba 4.3.7: 20_ldap_server_require_strong_auth.patch 20_tls_verify_peer.patch • svn cp ucs-school-3.2r2/univention-ldb-modules ucs-3.2-8/services/ • Dependency adjusted for Samba 3.2.7 package names & ldb version • univention-ldb-modules/modules: Backport from ucs-school-4.1 package version 4.0.0-2: relax strict version checks in ldb modules • build ucs_3.2-0-errata3.2-8 ucs-3.2-8/services/univention-ldb-modules • b32-scope errata3.2-8 winexe • Selective backport from errata4.2-5 for: univention-samba univention-samba4 Current version matrix: talloc: 2.1.5-1.37.201604061642: ucs_3.1-0-extsec3.1 2.1.5-1.38.201604061644: ucs_3.2-0-errata3.2-8 2.1.5-1.39.201604061650: ucs_3.3-0 2.1.5-1.40.201604061653: ucs_4.0-0-errata4.0-5 2.1.5-1.41.201512111354: ucs_4.1-0-errata4.1-0 # no update tevent: 0.9.26-1.29.201604061703: ucs_3.1-0-extsec3.1 0.9.26-1.30.201604061703: ucs_3.2-0-errata3.2-8 0.9.26-1.31.201604061703: ucs_3.3-0 0.9.26-1.32.201604061703: ucs_4.0-0-errata4.0-5 0.9.26-1.33.201512111415: ucs_4.1-0-errata4.1-0 # no update tdb: 1.3.8-1.50.201604061726: ucs_3.1-0-extsec3.1 1.3.8-1.51.201604061726: ucs_3.2-0-errata3.2-8 1.3.8-1.52.201604061744: ucs_3.3-0 1.3.8-1.53.201604061726: ucs_4.0-0-errata4.0-5 1.3.8-1.54.201512111342: ucs_4.1-0-errata4.1-0 # no update ldb: Version: 2:1.1.25-1.68.201604061731: ucs_3.1-0-extsec3.1 Version: 2:1.1.25-1.69.201604061731: ucs_3.2-0-errata3.2-8 Version: 2:1.1.25-1.70.201604061731: ucs_3.3-0 Version: 2:1.1.25-1.71.201604061731: ucs_4.0-0-errata4.0-5 Version: 2:1.1.25-1.72.201604061731: ucs_4.1-0-errata4.1-1 samba: Version: 2:4.3.7-1.826.201604061853: ucs_3.1-0-extsec3.1 Version: 2:4.3.7-1.827.201604061853: ucs_3.2-0-errata3.2-8 Version: 2:4.3.6-1.874.201604011331: ucs_3.3-0 ## TODO Version: 2:4.3.7-1.829.201604062049: ucs_4.0-0-errata4.0-5 Version: 2:4.3.7-1.830.201604062051: ucs_4.1-0-errata4.1-1
Sorry, typo: • Selective backport from errata4.0-5 for: univention-samba univention-samba4 unvention-s4-connector
The 96_dnsupdate_exclude_interfaces.patch from errata4.1-1 has not been merged.
Resolved for final QA and release stage.
Tests, see http://bladis.knut.univention.de/71iBVhOsGa OK - Install OK - Update OK - ldb.yaml OK - samba.yaml OK - talloc.yaml OK - tdb.yaml OK - tevent.yaml OK - univention-ldb-modules.yaml OK - univention-s4-connector.yaml OK - univention-samba4.yaml OK - univention-samba.yaml
<http://errata.software-univention.de/ucs/3.2/412.html> <http://errata.software-univention.de/ucs/3.2/413.html> <http://errata.software-univention.de/ucs/3.2/414.html> <http://errata.software-univention.de/ucs/3.2/415.html> <http://errata.software-univention.de/ucs/3.2/416.html> <http://errata.software-univention.de/ucs/3.2/417.html> <http://errata.software-univention.de/ucs/3.2/418.html> <http://errata.software-univention.de/ucs/3.2/419.html> <http://errata.software-univention.de/ucs/3.2/420.html>
Fixes: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118