1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
PublicDateAtUSN: 2016-04-12
Candidate: CVE-2016-2113
PublicDate: 2016-04-24
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113
https://www.samba.org/samba/security/CVE-2016-2113.html
http://www.ubuntu.com/usn/usn-2950-1
Description:
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does
not verify X.509 certificates from TLS servers, which allows
man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain
sensitive information via a crafted certificate.
Ubuntu-Description:
Notes:
mdeslaur> 4.x+ only
Bugs:
Priority: medium
Discovered-by: Stefan Metzmacher
Assigned-to: mdeslaur
Patches_samba:
upstream_samba: released (4.4.2,4.3.8,4.2.11)
precise_samba: not-affected
precise/esm_samba: not-affected
trusty_samba: released (2:4.3.8+dfsg-0ubuntu0.14.04.2)
vivid/ubuntu-core_samba: DNE
vivid/stable-phone-overlay_samba: DNE
wily_samba: released (2:4.3.8+dfsg-0ubuntu0.15.10.2)
xenial_samba: released (2:4.3.8+dfsg-0ubuntu1)
yakkety_samba: released (2:4.3.8+dfsg-0ubuntu1)
zesty_samba: released (2:4.3.8+dfsg-0ubuntu1)
devel_samba: released (2:4.3.8+dfsg-0ubuntu1)
Patches_samba4:
upstream_samba4: needs-triage
precise_samba4: ignored (reached end-of-life)
precise/esm_samba4: DNE (precise was needed)
trusty_samba4: DNE
vivid/ubuntu-core_samba4: DNE
vivid/stable-phone-overlay_samba4: DNE
wily_samba4: DNE
xenial_samba4: DNE
yakkety_samba4: DNE
zesty_samba4: DNE
devel_samba4: DNE
|