[Pkg-samba-maint] What is blocking the security releases of Samba?
Andrew Bartlett
abartlet at samba.org
Thu Dec 31 10:05:27 UTC 2015
The major Samba security release in December still hasn't hit Debian.
The remote memory read issue in LDB (via the AD DC LDAP server) is
quite serious.
What are we blocked on?
o CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server)
o CVE-2015-3223 (Denial of service in Samba Active Directory
server)
o CVE-2015-5252 (Insufficient symlink verification in smbd)
o CVE-2015-5299 (Missing access control check in shadow copy
code)
o CVE-2015-5296 (Samba client requesting encryption vulnerable
to downgrade attack)
o CVE-2015-8467 (Denial of service attack against Windows
Active Directory server)
o CVE-2015-5330 (Remote memory read in Samba LDAP server)
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the Pkg-samba-maint
mailing list