[Pkg-samba-maint] Bug#868209: CVE-2017-11103: MitM attack, impersonation of the Kerberos client, known as Orpheus Lyre
abartlet at samba.org
Thu Jul 13 06:05:56 UTC 2017
On Thu, 2017-07-13 at 07:14 +0200, Raphael Hertzog wrote:
> Source: samba
> Severity: grave
> Tags: security patch
> Version: 2:4.1.11+dfsg-1
> the following vulnerability was published for samba (due to its embedded
> copy of heimdal). I checked the build logs for unstable and apparently it
> does use this copy (I don't know the status for older releases).
> CVE-2017-11103: MitM attack, impersonation of the Kerberos client, know as Orpheus Lyre
> A dedicated website is here:
> The samba announce and patch are here:
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> For further information see:
>  https://security-tracker.debian.org/tracker/CVE-2017-11103
> Please adjust the affected versions in the BTS as needed.
Proposed updates are in jessie and stretch branches at:
I've only built them, not tested them. Then again, the upstream
patches were not manually tested either (we relied on autobuild), such
was the rush...
I can upload the built binaries if you want to test them or comment.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the Pkg-samba-maint