Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba 3.x imply an upgrade to a non-vulnerable version of the tdb library? If so, can someone point me to any documentation on the tdb vulnerability? Thanks, Sam
On Thu, Jun 02, 2016 at 11:29:25AM -0500, Sam Gardner wrote:> Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba 3.x > imply an upgrade to a non-vulnerable version of the tdb library? > > If so, can someone point me to any documentation on the tdb vulnerability?There were no tdb vulnerabilities in the badlock code release.
Do you know why Red Hat updated libtdb as part of their remediation for Badlock on Samba4? https://rhn.redhat.com/errata/RHSA-2016-0612.html On Thu, Jun 2, 2016 at 2:37 PM, Jeremy Allison <jra at samba.org> wrote:> On Thu, Jun 02, 2016 at 11:29:25AM -0500, Sam Gardner wrote: > > Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba > 3.x > > imply an upgrade to a non-vulnerable version of the tdb library? > > > > If so, can someone point me to any documentation on the tdb > vulnerability? > > There were no tdb vulnerabilities in the badlock code release. >
Maybe Matching Threads
- libtdb and BADLOCK (CVE-2016-2118)
- libtdb and BADLOCK (CVE-2016-2118)
- Badlock CVE-2016-2118 in samba release 3.0.35
- Xen Security Advisory 25 (CVE-2012-4544, CVE-2012-2625) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk
- Solaris 10 Configure failure