[SECURITY] [DLA 1788-1] samba security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1788-1] samba security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Wed, 15 May 2019 15:53:26 -0500
Message-id: <[🔎] 6c43c649-9481-8e6f-05cd-6fd9c86b3790@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : samba
Version        : 2:4.2.14+dfsg-0+deb8u13
CVE ID         : CVE-2018-16860

Isaac Boukris and Andrew Bartlett discovered that the S4U2Self Kerberos
extension used in Samba's Active Directory support was susceptible to
man-in-the-middle attacks caused by incomplete checksum validation.

For Debian 8 "Jessie", this problem has been fixed in version
2:4.2.14+dfsg-0+deb8u13.

We recommend that you upgrade your samba packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlzcfEYACgkQnUbEiOQ2
gwISkA/5AVU9SPoBNLSkliomQy8G/Ts7iuNpuieyCtRQP2BqjeNAYvRXmKbcW6EZ
IcpfA4GpJc2Iro6X5dQSyfu4pucPCt79LNkDSz6Mf/UZ4yppbFUXF+fLSBj6NiDM
F6eejQzzlA78VQsgGMBaMc4znGMqjZBWXBuin2SFfJNy/BS14Fp48eVYh2hoiDk6
6s4VgmIBX69lGGAYMhAI3W4Tf9EDu6IeCHbJ428qim1RKTq4kRUI3moTvJBkO80C
F2NPpmd8cliX6sk5HFKVCX8F6vgOmh0v6wT2cUmb/mHHcSy/gtP8qUsL+9pJ4Kl9
gTqJfkV+VDVYktJKH3w0ZQwEAG0C3zV4Sm8hOeU0o71mgD0EnfMhHc/Eme2bKzRC
kHw/jcu443rpqkuK+IZiYrhobDJ5NaILBsV5c4GTVV7NxYCwgzINdIhM5TDDXJf8
R3b6lpWIHtKfJ71T3orui7sKLengrJv0Y9fONfGOkIoExynOR4g+lixGc2sy1cRN
euBhFdP4lG0HUnvzg0gIEZeLIfSwsWbCem9iterVd+oBrdrzIBV2CwkI9JCZkERw
rgdPPbtaR9vpbGTNmwPPngz59U/TcuqrOrpQ+P8Oe+QcA7bpeD2tGJZa19DiwLda
iOxjTkmu3uSM33gCusUlZP8zDJqXfkE0DNkPoJwayOSTkr58xMk=
=mYiM
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1785-1] imagemagick security update
Next by Date: [SECURITY] [DLA 1787-1] linux-4.9 security update
Previous by thread: [SECURITY] [DLA 1785-1] imagemagick security update
Next by thread: [SECURITY] [DLA 1787-1] linux-4.9 security update
Index(es):
- Date
- Thread