[SECURITY] samba-4.3.8

Tue, 12 Apr 2016 11:49:32 -0700 

I've just committed an update to 4.3.6.  Here's another diff for the
security releases published today.

Release notes excerpt and diff below.

--8<--
                   =============================
                   Release Notes for Samba 4.3.8
                           April 12, 2016
                   =============================

This is a security release containing one additional
regression fix for the security release 4.3.7.

This fixes a regression that prevents things like 'net ads join'
from working against a Windows 2003 domain.

Changes since 4.3.7:
====================

o  Stefan Metzmacher <me...@samba.org>
   * Bug 11804 - prerequisite backports for the security release on
     April 12th, 2016

Release notes for the original 4.3.7 release follows:
-----------------------------------------------------

                   =============================
                   Release Notes for Samba 4.3.7
                           April 12, 2016
                   =============================


This is a security release in order to address the following CVEs:

o  CVE-2015-5370 (Multiple errors in DCE-RPC code)

o  CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)

o  CVE-2016-2111 (NETLOGON Spoofing Vulnerability)

o  CVE-2016-2112 (LDAP client and server don't enforce integrity)

o  CVE-2016-2113 (Missing TLS certificate validation)

o  CVE-2016-2114 ("server signing = mandatory" not enforced)

o  CVE-2016-2115 (SMB IPC traffic is not integrity protected)

o  CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
[...]
-->8--

No packaging differences, but some behavior changes, eg simple LDAP
binds aren't allowed by default anymore.  No regression observed at
$WORK for the 4.3.6->4.3.8 transition (on Linux).

ok?

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/samba/Makefile,v
retrieving revision 1.219
diff -u -p -r1.219 Makefile
--- Makefile    12 Apr 2016 17:42:09 -0000      1.219
+++ Makefile    12 Apr 2016 18:36:22 -0000
@@ -1,6 +1,6 @@
 # $OpenBSD: Makefile,v 1.219 2016/04/12 17:42:09 jca Exp $
 
-VERSION =              4.3.6
+VERSION =              4.3.8
 DISTNAME =             samba-${VERSION}
 
 COMMENT-main =         SMB and CIFS client and server for UNIX
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/samba/distinfo,v
retrieving revision 1.48
diff -u -p -r1.48 distinfo
--- distinfo    12 Apr 2016 17:42:09 -0000      1.48
+++ distinfo    12 Apr 2016 18:36:22 -0000
@@ -1,2 +1,2 @@
-SHA256 (samba-4.3.6.tar.gz) = MlHspbGWhU55l49KktX9K1W9ewolKmUTGpvgK+Z1SSQ=
-SIZE (samba-4.3.6.tar.gz) = 20445038
+SHA256 (samba-4.3.8.tar.gz) = N53GbDoKSDv1vtN75uXRgpNNt8QQKyGSmmxGArMrKxA=
+SIZE (samba-4.3.8.tar.gz) = 20568773


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply via email to