From f97510659f914ee51c0f32e82664179a69ab17ba Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Thu, 13 Jul 2017 22:03:48 +0200 Subject: [PATCH] package/samba4: security bump to version 4.5.12 Fixes CVE-2017-11103: All versions of Samba from 4.0.0 onwards using embedded Heimdal Kerberos are vulnerable to a man-in-the-middle attack impersonating a trusted server, who may gain elevated access to the domain by returning malicious replication or authorization data. Samba binaries built against MIT Kerberos are not vulnerable. https://www.samba.org/samba/history/samba-4.5.12.html [Peter: add CVE info] Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard --- package/samba4/samba4.hash | 2 +- package/samba4/samba4.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/samba4/samba4.hash b/package/samba4/samba4.hash index a16d834700..0783b37d06 100644 --- a/package/samba4/samba4.hash +++ b/package/samba4/samba4.hash @@ -1,2 +1,2 @@ # Locally calculated -sha256 7cb753f5f6d5527ef40d4c1f47dacafb7c876cb304b4906ccb390c6a18477714 samba-4.5.10.tar.gz +sha256 f4c17123e3cc852a5ecc7e38884b00deab57632b9519aebc243e2a94b9b5ace4 samba-4.5.12.tar.gz diff --git a/package/samba4/samba4.mk b/package/samba4/samba4.mk index 86546e975b..72fbd7448f 100644 --- a/package/samba4/samba4.mk +++ b/package/samba4/samba4.mk @@ -4,7 +4,7 @@ # ################################################################################ -SAMBA4_VERSION = 4.5.10 +SAMBA4_VERSION = 4.5.12 SAMBA4_SITE = https://download.samba.org/pub/samba/stable SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz SAMBA4_INSTALL_STAGING = YES -- 2.30.2