[Bug 1566348] Re: Patch the Badlock bug in the initial release of Ubuntu 16.04

Marc Deslauriers marc.deslauriers at canonical.com
Thu Apr 14 11:10:28 UTC 2016 

FIxed by:

samba (2:4.3.8+dfsg-0ubuntu1) xenial; urgency=medium

  * SECURITY UPDATE: Updated to 4.3.8 to fix multiple security issues
    - CVE-2015-5370: Multiple errors in DCE-RPC code
    - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP
    - CVE-2016-2111: NETLOGON Spoofing Vulnerability
    - CVE-2016-2112: The LDAP client and server don't enforce integrity
      protection
    - CVE-2016-2113: Missing TLS certificate validation allows man in the
      middle attacks
    - CVE-2016-2114: "server signing = mandatory" not enforced
    - CVE-2016-2115: SMB client connections for IPC traffic are not
      integrity protected
    - CVE-2016-2118: SAMR and LSA man in the middle attacks possible
  * debian/patches/winbind_trusted_domains.patch: make sure domain members
    can talk to trusted domains DCs.

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Tue, 12 Apr 2016
07:26:29 -0400


** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5370

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2110

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2111

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2112

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2113

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2114

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2115

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2118

** Changed in: samba (Ubuntu)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1566348

Title:
  Patch the Badlock bug in the initial release of Ubuntu 16.04

Status in samba package in Ubuntu:
  Fix Released

Bug description:
  On 12 April Microsoft and the Samba Team will release patches to fix
  the Badlock bug (see http://badlock.org), a crucial security bug in
  Windows and Samba.

  As the release of Ubuntu 16.04 is scheduled for 21 April it could be
  possible and is highly desirable to include appropriate patches for
  Samba in the initial release of Ubuntu 16.04.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1566348/+subscriptions

More information about the foundations-bugs mailing list