Path to this page:
Subject: CVS commit: [pkgsrc-2016Q1] pkgsrc/net/samba4
From: Benny Siegert
Date: 2016-04-15 09:25:11
Message id: 20160415072511.CDB52FBBA@cvs.NetBSD.org
Log Message:
Pullup ticket #4958 - requested by manu
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.17
- net/samba4/PLIST 1.6
- net/samba4/distinfo 1.9
---
Module Name: pkgsrc
Committed By: manu
Date: Wed Apr 13 08:26:10 UTC 2016
Modified Files:
pkgsrc/net/samba4: Makefile PLIST distinfo
Log Message:
Update net/samba4 to 4.3.8
This fixes the Badlock bug (CVE-2016-2118) and others vulnerabilities:
o CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
o CVE-2016-2115 (SMB IPC traffic is not integrity protected)
o CVE-2016-2114 ("server signing = mandatory" not enforced)
o CVE-2016-2113 (Missing TLS certificate validation)
o CVE-2016-2112 (LDAP client and server don't enforce integrity)
o CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
o CVE-2016-0771 (Out-of-bounds read in internal DNS server)
o CVE-2015-5370 (Multiple errors in DCE-RPC code)
Files: