svn commit: samba-web r1193 - in trunk: . history security

jerry at samba.org jerry at samba.org
Wed May 28 14:51:45 GMT 2008 

Author: jerry
Date: 2008-05-28 14:51:43 +0000 (Wed, 28 May 2008)
New Revision: 1193

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1193

Log:
Annmouncing 3.0.30
Added:
   trunk/history/samba-3.0.30.html
   trunk/security/CVE-2008-1105.html
Modified:
   trunk/header_columns.html
   trunk/history/security.html
   trunk/index.html


Changeset:
Modified: trunk/header_columns.html
===================================================================
--- trunk/header_columns.html	2008-05-27 14:33:50 UTC (rev 1192)
+++ trunk/header_columns.html	2008-05-28 14:51:43 UTC (rev 1193)
@@ -130,9 +130,9 @@
   <div class="releases">
     <h4>Current Stable Release</h4>
     <ul>
-    <li><a href="/samba/ftp/stable/samba-3.0.29.tar.gz">Samba 3.0.29 (gzipped)</a></li>
-    <li><a href="/samba/history/samba-3.0.29.html">Release Notes</a></li>
-    <li><a href="/samba/ftp/stable/samba-3.0.29.tar.asc">Signature</a></li>
+    <li><a href="/samba/ftp/stable/samba-3.0.30.tar.gz">Samba 3.0.30 (gzipped)</a></li>
+    <li><a href="/samba/history/samba-3.0.30.html">Release Notes</a></li>
+    <li><a href="/samba/ftp/stable/samba-3.0.30.tar.asc">Signature</a></li>
     </ul>
     
     <h4>Historical</h4>

Added: trunk/history/samba-3.0.30.html
===================================================================
--- trunk/history/samba-3.0.30.html	2008-05-27 14:33:50 UTC (rev 1192)
+++ trunk/history/samba-3.0.30.html	2008-05-28 14:51:43 UTC (rev 1193)
@@ -0,0 +1,54 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+   <H2>Samba 3.0.30 Available for Download</H2>
+
+<p>
+<pre>
+                   ===============================
+                   Release Notes for Samba 3.0.30
+                            May 28, 2008
+                   ===============================
+
+This is a security release in order to address CVE-2008-1105 ("Boundary 
+failure when parsing SMB responses can result in a buffer overrun").
+
+  o CVE-2008-1105
+    Specifically crafted SMB responses can result in a heap overflow 
+    in the Samba client code.  Because the server process, smbd, can 
+    itself act as a client during operations such as printer notification
+    and domain authentication,  this issue affects both Samba client 
+    and server installations.
+    
+The original security announcement for this and past advisories can 
+be found http://www.samba.org/samba/security/
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.29
+--------------------
+
+o   Jeremy Allison <jra at samba.org>
+    * Fix for CVE-2008-1105.
+
+
+o   Karolin Seeger <kseeger at samba.org>
+    * Remove man pages for ldb tools not included in Samba 3.0.
+</pre>
+
+<p>Please refer to the original <a href="/samba/history/samba-3.0.29.html">Samba
+3.0.29 Release Notes</a> for more details regarding changes i
+previous releases.</p>
+</body>
+</html>
+


Property changes on: trunk/history/samba-3.0.30.html
___________________________________________________________________
Name: svn:executable
   + *

Modified: trunk/history/security.html
===================================================================
--- trunk/history/security.html	2008-05-27 14:33:50 UTC (rev 1192)
+++ trunk/history/security.html	2008-05-28 14:51:43 UTC (rev 1193)
@@ -21,7 +21,17 @@
 	<td><em>Details</em></td>
       </tr>
 
+
     <tr>
+        <td>29 May 2008</td>
+        <td><a href="/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch">patch for Samba 3.0.29</a></td>
+        <td>Boundary failure when parsing SMB responses</td>
+        <td>Samba 3.0.0 - 3.0.29</td>
+        <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105">CVE-2008-1105</a></td>
+        <td><a href="/samba/security/CVE-2008-1105.html">Announcement</a></td>
+    </tr>
+
+    <tr>
         <td>10 Dec 2007</td>
         <td><a href="/samba/ftp/patches/security/samba-3.0.27a-CVE-2007-6015.patch">patch for Samba 3.0.27a</a></td>
         <td>Remote Code Execution in Samba's nmbd (send_mailslot())</td>

Modified: trunk/index.html
===================================================================
--- trunk/index.html	2008-05-27 14:33:50 UTC (rev 1192)
+++ trunk/index.html	2008-05-28 14:51:43 UTC (rev 1193)
@@ -19,6 +19,23 @@
 
     <h2>Current Release</h2>
 
+    <h4><a name="stable">28 May 2008</a></h4>
+    <p class="headline">Samba 3.0.30 Available for Download</p>
+
+    <p>This is a security release to address CVE-2008-1105.  The 
+      <a href="/samba/security/CVE-2008-1105.html">original advisory</a>
+      is available online.  A <a href="/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch">patch
+	for Samba 3.0.29</a> is available.  This security advisory is applicable to all Samba 3.0.x
+      releases to date.  Past security advisories are available on our 
+      <a href="/samba/security/">security page</a>.</p>
+
+    <p>The uncompressed tarballs and patch files have been signed
+    using GnuPG (ID 6568B7EA).  The source code can be 
+    <a href="/samba/ftp/stable/samba-3.0.30.tar.gz">downloaded
+    now</a>.  See <a href="/samba/history/samba-3.0.30.html">the
+    release notes for more info</a>.</p>
+
+
     <h4><a name="latest">23 May 2008</a></h4>
     <p class="headline">Samba 3.2.0rc1 Available for Download</p>
 
@@ -40,21 +57,6 @@
     <a href="/samba/ftp/Binary_Packages/">Binary_Packages download area</a>.</p>
 
 
-    <h4><a name="stable">21 May 2008</a></h4>
-    <p class="headline">Samba 3.0.29 Available for Download</p>
-
-    <p>This is the latest bug fix release for Samba 3.0 and is the
-    version recommended for all production Samba servers.  Among other 
-    fixes and enhancements, this release address some interoperability
-    problems with Windows 2008, interdomain trusts, and SMB/CIFS
-    protocol correctness issues.</p>
-
-    <p>The uncompressed tarballs and patch files have been signed
-    using GnuPG (ID 6568B7EA).  The source code can be 
-    <a href="/samba/ftp/stable/samba-3.0.29.tar.gz">downloaded
-    now</a>.  See <a href="/samba/history/samba-3.0.29.html">the
-    release notes for more info</a>.</p>
-
     <h4>15 April 2008</h4>
     <p class="headline">Samba 4.0.0alpha3 Available for Download</p>
         

Added: trunk/security/CVE-2008-1105.html
===================================================================
--- trunk/security/CVE-2008-1105.html	2008-05-27 14:33:50 UTC (rev 1192)
+++ trunk/security/CVE-2008-1105.html	2008-05-28 14:51:43 UTC (rev 1193)
@@ -0,0 +1,78 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2008-1105: Boundary failure when parsing SMB responses can result in a buffer overrun</H2>
+
+<p>
+<pre>
+==========================================================
+== Subject:     Boundary failure when parsing SMB responses
+==              can result in a buffer overrun
+==
+== CVE ID#:     CVE-2008-1105
+==
+== Versions:    Samba 3.0.0 - 3.0.29 (inclusive)
+==
+== Summary:     Specifically crafted SMB responses can result
+==              in a heap overflow in the Samba client code.
+==              Because the server process, smbd, can itself
+==              act as a client during operations such as
+==              printer notification and domain authentication,
+==              this issue affects both Samba client and server
+==              installations.
+==
+==========================================================
+
+===========
+Description
+===========
+
+Secunia Research reported a vulnerability that allows for
+the execution of arbitrary code in smbd.  This defect is
+is a result of an incorrect buffer size when parsing SMB
+replies in the routine receive_smb_raw().
+
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+  http://www.samba.org/samba/security/
+
+Additionally, Samba 3.0.30 has been issued as a security
+release to correct the defect.  Samba administrators are
+advised to upgrade to 3.0.30 or apply the patch as soon
+as possible.
+
+
+=======
+Credits
+=======
+
+This vulnerability was reported to Samba developers by
+Alin Rad Pop, Secunia Research.
+
+The time line is as follows:
+
+* May 15, 2008: Initial report to security at samba.org.
+* May 15, 2008: First response from Samba developers confirming
+  the bug along with a proposed patch.
+* May 28, 2008: Public security advisory made available.
+
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>

More information about the samba-cvs mailing list