From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: [PATCH 0/1] Samba security update
Date: Tue, 12 Apr 2016 19:45:25 -0400
Message-ID: <cover.1460504610.git.leo@famulari.name>
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56997)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1aq7zb-0004qL-CV
	for guix-devel@gnu.org; Tue, 12 Apr 2016 19:45:12 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1aq7zY-0005IU-7C
	for guix-devel@gnu.org; Tue, 12 Apr 2016 19:45:11 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:56116)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1aq7zY-0005Hx-3j
	for guix-devel@gnu.org; Tue, 12 Apr 2016 19:45:08 -0400
Received: from jasmine.lan (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231])
	by mail.messagingengine.com (Postfix) with ESMTPA id 675A6680246
	for <guix-devel@gnu.org>; Tue, 12 Apr 2016 19:45:07 -0400 (EDT)
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org

There is a security update of Samba: version 4.3.7 and a regression fix 
in 4.3.8 [0]. I have updated our package to version 4.3.8 with commit
645deac3264744ec09c027a8b9762fdf62aced70.

This update addresses the following vulnerabilities:

o  CVE-2015-5370 (Multiple errors in DCE-RPC code)

o  CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)

o  CVE-2016-2111 (NETLOGON Spoofing Vulnerability)

o  CVE-2016-2112 (LDAP client and server don't enforce integrity)

o  CVE-2016-2113 (Missing TLS certificate validation)

o  CVE-2016-2114 ("server signing = mandatory" not enforced)

o  CVE-2016-2115 (SMB IPC traffic is not integrity protected)

o  CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)

Please update your installations.

[0]
https://www.samba.org/samba/history/samba-4.3.8.html
https://www.samba.org/samba/history/security.html


Leo Famulari (1):
  gnu: samba: Update to 4.3.8.

 gnu/packages/samba.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.7.3