no need to move samba4 in main, we'll need to merge samba 4.0.x from debian instead
** Package changed: samba4 (Ubuntu) => samba (Ubuntu) ** Changed in: samba (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Tieto, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/903752 Title: [MIR] sssd Status in “ding-libs” package in Ubuntu: Confirmed Status in “ldb” package in Ubuntu: Confirmed Status in “libpwquality” package in Ubuntu: New Status in “libsemanage” package in Ubuntu: Fix Released Status in “samba” package in Ubuntu: Confirmed Status in “sssd” package in Ubuntu: Fix Committed Status in “tevent” package in Ubuntu: Fix Released Bug description: sssd & ding-libs (which got split off sssd at some point): 1. Availability: - in universe for some time 2. Rationale: - https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-sssd-mir 3. Security: - no current CVE - five CVE reports in the past: CVE-2011-1758 The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname. CVE-2010-4341 The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet. CVE-2010-2940 The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password. CVE-2010-0014 System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT. CVE-2009-2410 The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in conjunction with an arbitrary password, over an ssh connection. all got fixed by upstream in a timely manner. - ships a daemon that handles connections to LDAP, Kerberos servers - doesn't open privileged ports - binaries in /usr/sbin include sssd, sss_group{add,del,mod}, sss_user{add,del,mod} 4. Quality assurance: - current version doesn't install any working configuration, it is the plan to add support for debconf though <check> 5. UI standards: - not applicable 6. Dependencies: - ding-libs (libcollection-dev, libini-config-dev, libdhash-dev) - tevent (libtevent-dev) - ldb (libldb-dev) - libsemanage (libsemanage1-dev) - samba4 (libndr-dev, libndr-standard-dev, libsamba-util-dev, libdcerpc-dev, samba4-dev) - libpwquality (libpam-sss now depends on libpam-pwquality) 7. Standards compliance: - shipped by debian - lintian clean - uses dh, source format 3.0 (quilt) 8. Maintenance: - currently maintained by a team of volunteers on Debian and Ubuntu - shared git repository on git.debian.org 9. Background information: <check> To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ding-libs/+bug/903752/+subscriptions -- Mailing list: https://launchpad.net/~tieto Post to : [email protected] Unsubscribe : https://launchpad.net/~tieto More help : https://help.launchpad.net/ListHelp
