** Changed in: samba (Debian)
Status: New = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/978458
Title:
CVE-2012-1182: root credential remote code execution
To
** Also affects: samba (Ubuntu Precise)
Importance: High
Assignee: Tyler Hicks (tyhicks)
Status: Confirmed
** Changed in: samba (Ubuntu Precise)
Milestone: None = ubuntu-12.04
** Changed in: samba (Ubuntu Precise)
Status: Confirmed = In Progress
** Tags added:
** Also affects: samba (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: samba (Ubuntu Oneiric)
Here is my proposed debdiff for Precise. I'll need a sponsor for this to
make it into the release.
I've built a package locally with this debdiff. I sanity checked it
using the 'umt compare-log', 'umt compare-bin', and 'umt check' tools. I
tested it with the reproducers from ZDI, as well as
Hi Tyler,
+1 on the diff, that looks good.
Note that an alternative to shipping the second patch is to update the
generated files from the package itself, so the diff isn't massive; this
would require adding make -C source3 samba3-idl as part of the build
step and adding libparse-yapp-perl to
Thanks Jelmer! You've probably already noticed, but jdstrand has
sponsored it.
I was wondering if we could generate the PIDL generated code at build
time, but I decided against it for sake of making cherry-picking from
upstream stable branches easy in the future. Upstream has reran the PIDL
Ok, now I see that the 3.6 upstream branch places the samba3-idl target
underneath 'make all', so I assume that they are now relying on the code
generation to happen at build time. Can you confirm this, Jelmer?
If that's the case, then we probably do want to follow that convention
in our 3.6.x
The attachment samba_3.6.3-2ubuntu2.debdiff of this bug report has
been identified as being a patch in the form of a debdiff. The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff. In the event that this is in
fact not a patch
** Branch linked: lp:ubuntu/precise-proposed/samba
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/978458
Title:
CVE-2012-1182: root credential remote code execution
To manage
This bug was fixed in the package samba - 2:3.5.11~dfsg-1ubuntu2.2
---
samba (2:3.5.11~dfsg-1ubuntu2.2) oneiric-security; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL
This bug was fixed in the package samba - 2:3.5.8~dfsg-1ubuntu2.4
---
samba (2:3.5.8~dfsg-1ubuntu2.4) natty-security; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler
This bug was fixed in the package samba - 2:3.4.7~dfsg-1ubuntu3.9
---
samba (2:3.4.7~dfsg-1ubuntu3.9) lucid-security; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler
This bug was fixed in the package samba - 3.0.28a-1ubuntu4.18
---
samba (3.0.28a-1ubuntu4.18) hardy-security; urgency=low
[ Steve Beattie ]
* SECURITY UPDATE: unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/security-CVE-2012-1182.patch:
** Branch linked: lp:ubuntu/lucid-security/samba
** Branch linked: lp:ubuntu/oneiric-security/samba
** Branch linked: lp:ubuntu/natty-security/samba
** Branch linked: lp:ubuntu/hardy-security/samba
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
This bug was fixed in the package samba - 2:3.6.3-2ubuntu2
---
samba (2:3.6.3-2ubuntu2) precise-proposed; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate
Thanks, Ryan! We are aware of the issue and we are currently working on
an update.
** Changed in: samba (Ubuntu)
Status: New = Confirmed
** Changed in: samba (Ubuntu)
Assignee: (unassigned) = Tyler Hicks (tyhicks)
** Changed in: samba (Ubuntu)
Importance: Undecided = High
--
** Changed in: samba (Debian)
Status: Unknown = New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/978458
Title:
CVE-2012-1182: root credential remote code execution
To
17 matches
Mail list logo