Package: samba4 / 4.0.0~beta2+dfsg1-3.2+deb7u2

Metadata

Package Version Patches format
samba4 4.0.0~beta2+dfsg1-3.2+deb7u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01_no_private_lib_suffix.diff | (download)

buildtools/wafsamba/wafsamba.py | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

---
02_torture_libnetapi | (download)

source4/torture/libnetapi/wscript_build | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

---
05_share_ldb_module | (download)

source4/param/wscript_build | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

---
07_private_lib | (download)

buildtools/wafsamba/samba_utils.py | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 always specify rpath for private libraries
08_heimdal_config_h | (download)

source4/heimdal_build/wscript_configure | 51 25 + 26 - 0 !
1 file changed, 25 insertions(+), 26 deletions(-)

---
09_disable_ntdb | (download)

lib/ntdb/wscript | 1 1 + 0 - 0 !
wscript | 9 8 + 1 - 0 !
wscript_build | 3 2 + 1 - 0 !
3 files changed, 11 insertions(+), 2 deletions(-)

---
10_messaging_subsystem | (download)

source4/lib/messaging/wscript_build | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

---
CVE 2013 0172 | (download)

libcli/security/object_tree.c | 1 1 + 0 - 0 !
source4/dsdb/samdb/ldb_modules/acl.c | 55 27 + 28 - 0 !
source4/dsdb/tests/python/acl.py | 15 15 + 0 - 0 !
3 files changed, 43 insertions(+), 28 deletions(-)

 cve-2013-0172
   Samba 4.0.0beta2 as an AD DC may provide authenticated users with write access
   to LDAP directory objects.

   In AD, Access Control Entries can be assigned based on the objectClass
   of the object.  If a user or a group the user is a member of has any
   access based on the objectClass, then that user has write access to that
   object.

   Additionally, if a user has write access to any attribute on the object,
   they may have access to write to all attributes.

   An important mitigation is that anonymous access is totally disabled by
   default.  The second important mitigation is that normal users are
   typically only given the problematic per-objectClass right via the
   "pre-windows 2000 compatible access" group, and Samba 4.0.0 incorrectly
   does not make "authenticated users" part of this group.

 .
 samba4 (4.0.0~beta2+dfsg1-3.1) UNRELEASED; urgency=low
 .
   * Non-maintainer upload.
   * Fix CVE-2013-0172 Samba 4.0.0 as an AD DC may provide authenticated users with write access
     to LDAP directory objects