Univention Bugzilla – Bug 43145
Samba: Multiple issues (3.3)
Last modified: 2016-12-19 14:44:17 CET
+++ This bug was initially created as a clone of Bug #43144 +++ A security update for Samba is planned for Monday, December 19: * NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2016-2123) * Unconditional privilege delegation to Kerberos servers in trusted realms (CVE-2016-2125) * Flaws in Kerberos PAC validation can trigger privilege elevation (CVE-2016-2126)
Rebuilt with patch. Advisory doesn't contain details yet.
Another patch was added a couple of minutes ago, which hadn't been included in the upstream backport patch for Samba 4.3. The package is building again now. Advisory is adjusted.
The patch for Bug 41729 hadn't been backport to UCS 3.3, I've included that too now. That required some shuffling with the patches because there was no space after 99_... Package is building, Advisory is adjusted.
OK - patches OK - window client join (win7, win8) OK - windows logon OK - univention-s4search, drs repl OK - kerberos OK - GPO's OK - share access OK - samba update in 3.3-0 OK - update to 4.0-1
<http://errata.software-univention.de/ucs/3.3/28.html>