samba - Jun 2016 - libtdb and BADLOCK (CVE-2016-2118)

Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba 3.x
imply an upgrade to a non-vulnerable version of the tdb library?

If so, can someone point me to any documentation on the tdb vulnerability?

Thanks,

Sam

On Thu, Jun 02, 2016 at 11:29:25AM -0500, Sam Gardner
wrote:
> Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba 3.x
> imply an upgrade to a non-vulnerable version of the tdb library?
> 
> If so, can someone point me to any documentation on the tdb vulnerability?
There were no tdb vulnerabilities in the badlock code release.

Do you know why Red Hat updated libtdb as part of their remediation for
Badlock on Samba4?

https://rhn.redhat.com/errata/RHSA-2016-0612.html

On Thu, Jun 2, 2016 at 2:37 PM, Jeremy Allison <jra at samba.org> wrote:
> On Thu, Jun 02, 2016 at 11:29:25AM -0500, Sam Gardner wrote:
> > Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba
> 3.x
> > imply an upgrade to a non-vulnerable version of the tdb library?
> >
> > If so, can someone point me to any documentation on the tdb
> vulnerability?
>
> There were no tdb vulnerabilities in the badlock code release.
>