subject:"Samba CVE\-2018\-1057"

RE: Samba CVE-2018-1057

2018-03-22 Thread Michael Hall


Hi James,

The latest package for xenial appears to be 
4.3.11+dfsg-0ubuntu0.16.04.13, which means it uses the original 
upstream 4.3.11 sources *plus* patches from Ubuntu. This is standard 
practice for Ubuntu release, where you don't get upgraded to new 
versions of your packages, but you do get security fixes applied to 
them.


You can download the Ubuntu packaging source here: 
https://launchpad.net/ubuntu/+archive/primary/+files/samba_4.3.11+dfsg-0ubuntu0.16.04.13.debian.tar.xz


In that, under the /debian/patches/ directory, you will see the patches 
that fix CVE-2018-1057.

--
Michael Hall
mhall...@gmail.com

On Wed, Mar 21, 2018 at 6:17 AM, James Boland <james.bol...@unipart.io> 
wrote:
Sorry Nish, I didn’t realise it was already patched. The newest 
ubuntu package was reporting Samba version 4.3.11 whereas Samba.org 
had 4.8.0 released. I wasn’t aware these were two separate tracks. 
My bad.


Cheers,
James

-Original Message-
From: Nish Aravamudan <nish.aravamu...@canonical.com>
Sent: 20 March 2018 20:32
To: James Boland <james.bol...@unipart.io>
Cc: Ubuntu Core developers <ubuntu-devel-discuss@lists.ubuntu.com>
Subject: Re: Samba CVE-2018-1057

Hi James,

On Tue, Mar 20, 2018 at 4:30 AM, James Boland 
<james.bol...@unipart.io> wrote:

 Hi there,



 Are there any plans to upgrade the current Samba package to mitigate
 again the recent security bug in CVE-2018-1057 ?


https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1057.html

Thanks,
Nish


--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

RE: Samba CVE-2018-1057

2018-03-21 Thread James Boland

Sorry Nish, I didn’t realise it was already patched. The newest ubuntu package 
was reporting Samba version 4.3.11 whereas Samba.org had 4.8.0 released. I 
wasn’t aware these were two separate tracks. My bad.

Cheers,
James

-Original Message-
From: Nish Aravamudan <nish.aravamu...@canonical.com> 
Sent: 20 March 2018 20:32
To: James Boland <james.bol...@unipart.io>
Cc: Ubuntu Core developers <ubuntu-devel-discuss@lists.ubuntu.com>
Subject: Re: Samba CVE-2018-1057

Hi James,

On Tue, Mar 20, 2018 at 4:30 AM, James Boland <james.bol...@unipart.io> wrote:
> Hi there,
>
>
>
> Are there any plans to upgrade the current Samba package to mitigate 
> again the recent security bug in CVE-2018-1057 ?

https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1057.html

Thanks,
Nish


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Samba CVE-2018-1057

2018-03-20 Thread Thomas Ward

It's already been patched.

The Ubuntu CVE tracker shows this [1], but also the relevant USN [2]
indicates that the issue is already 'fixed' in Ubuntu.  (It doesn't
always result in a software version bump, sometimes it's just patches
getting applied to 'fix' the issue in the given version of the package
in a specific Ubuntu release).

Thomas
LP: ~teward
Ubuntu Server Team Member

[1]:
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1057.html
[2]: https://usn.ubuntu.com/3595-1/

(Oops forgot the links the first time)

On 03/20/2018 07:30 AM, James Boland wrote:
>
> Hi there,
>
>  
>
> Are there any plans to upgrade the current Samba package to mitigate
> again the recent security bug in CVE-2018-1057
>  ?
>
>  
>
> Cheers,
>
> James
>
>  
>
>
>

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Samba CVE-2018-1057

2018-03-20 Thread Thomas Ward

It's already been patched.

The Ubuntu CVE tracker shows this [1], but also the relevant USN [2]
indicates that the issue is already 'fixed' in Ubuntu.  (It doesn't
always result in a software version bump, sometimes it's just patches
getting applied to 'fix' the issue in the given version of the package
in a specific Ubuntu release).

Thomas
LP: ~teward
Ubuntu Server Team Member

On 03/20/2018 07:30 AM, James Boland wrote:
>
> Hi there,
>
>  
>
> Are there any plans to upgrade the current Samba package to mitigate
> again the recent security bug in CVE-2018-1057
>  ?
>
>  
>
> Cheers,
>
> James
>
>  
>
>
>

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Samba CVE-2018-1057

2018-03-20 Thread Nish Aravamudan

Hi James,

On Tue, Mar 20, 2018 at 4:30 AM, James Boland  wrote:
> Hi there,
>
>
>
> Are there any plans to upgrade the current Samba package to mitigate again
> the recent security bug in CVE-2018-1057 ?

https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1057.html

Thanks,
Nish

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Samba CVE-2018-1057

2018-03-20 Thread James Boland

Hi there,

 

Are there any plans to upgrade the current Samba package to mitigate again
the recent security bug in CVE-2018-1057
  ?

 

Cheers,

James

 

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

RE: Samba CVE-2018-1057

RE: Samba CVE-2018-1057

Re: Samba CVE-2018-1057

Re: Samba CVE-2018-1057

Re: Samba CVE-2018-1057

Samba CVE-2018-1057

6 matches

Site Navigation

Mail list logo

Footer information