[Pkg-samba-maint] What is blocking the security releases of Samba?
Andrew Bartlett
abartlet at samba.org
Thu Dec 31 19:33:55 UTC 2015
On Thu, 2015-12-31 at 14:24 +0000, Jelmer Vernooij wrote:
> On Thu, Dec 31, 2015 at 11:05:27PM +1300, Andrew Bartlett wrote:
> > The major Samba security release in December still hasn't hit
> > Debian.
> >
> > The remote memory read issue in LDB (via the AD DC LDAP server) is
> > quite serious.
> >
> > What are we blocked on?
> >
> > o CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server)
> > o CVE-2015-3223 (Denial of service in Samba Active Directory
> > server)
> > o CVE-2015-5252 (Insufficient symlink verification in smbd)
> > o CVE-2015-5299 (Missing access control check in shadow copy
> > code)
> > o CVE-2015-5296 (Samba client requesting encryption vulnerable
> > to downgrade attack)
> > o CVE-2015-8467 (Denial of service attack against Windows
> > Active Directory server)
> > o CVE-2015-5330 (Remote memory read in Samba LDAP server)
>
> ldb and samba packages have been uploaded to the jessie-security
> queue. I think
> they're still building. Salvatore from the security team is uploading
> packages to wheezy.
Thanks to both of you for doing the updates. Hopefully this also helps
Ubuntu (who should have been able to do this themselves) get their
security release out.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the Pkg-samba-maint
mailing list