[SCM] Samba Website Repository - branch master updated

Karolin Seeger kseeger at samba.org
Tue May 27 12:03:16 MDT 2014


The branch, master has been updated
       via  dc941d4 Announce Samba 4.0.18.
      from  a3df827 Announce SambaXP 2014

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit dc941d4d0471c5cdc87ce407d5957863468efe26
Author: Karolin Seeger <kseeger at samba.org>
Date:   Tue May 27 20:03:05 2014 +0200

    Announce Samba 4.0.18.
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 generated_news/latest_10_bodies.html               |   36 +++-----
 generated_news/latest_10_headlines.html            |    6 +-
 generated_news/latest_2_bodies.html                |   26 +++---
 history/header_history.html                        |    1 +
 history/samba-4.0.18.html                          |   89 ++++++++++++++++++++
 history/security.html                              |   15 ++++
 security/CVE-2014-0178.html                        |   75 ++++++++++++++++
 .../{CVE-2013-6442.html => CVE-2014-0239.html}     |   32 +++----
 8 files changed, 222 insertions(+), 58 deletions(-)
 create mode 100755 history/samba-4.0.18.html
 create mode 100644 security/CVE-2014-0178.html
 copy security/{CVE-2013-6442.html => CVE-2014-0239.html} (53%)


Changeset truncated at 500 lines:

diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html
index 92273cc..88c5b03 100644
--- a/generated_news/latest_10_bodies.html
+++ b/generated_news/latest_10_bodies.html
@@ -1,3 +1,16 @@
+	<h5><a name="4.0.18">27 May 2014</a></h5>
+	<p class="headline">Samba 4.0.18 Available for Download</p>
+	<p>This is the latest stable release of the Samba 4.0 series.</p>
+
+<p>The uncompressed tarballs and patch files have been signed
+using GnuPG (ID 6568B7EA).  The source code can be
+<a href="http://samba.org/samba/ftp/stable/samba-4.0.18.tar.gz">downloaded
+now</a>. A <a href="http://samba.org/samba/ftp/patches/patch-4.0.17-4.0.18.diffs.gz">
+patch against Samba 4.0.17</a> is also available. See
+<a href="http://samba.org/samba/history/samba-4.0.18.html"> the release notes
+ for more info</a>.</p>
+
+
 	<h5><a name="sambaxp2014">05 May 2014</a></h5>
 	<p class="headline">SambaXP 2014: conference schedule is online!</p>
 
@@ -120,26 +133,3 @@ now</a>. A <a href="http://samba.org/samba/ftp/patches/patch-4.0.13-4.0.14.diffs
 patch against Samba 4.0.13</a> is also available. See
 <a href="http://samba.org/samba/history/samba-4.0.14.html"> the release notes
  for more info</a>.</p>
-
-
-	<h5><a name="4.1.3">09 December 2013</a></h5>
-	<p class="headline">Samba 4.1.3, 4.0.13 and 3.6.22 <b>Security
-	Releases</b> Available for Download</p>
-	<p>These are security releases in order to address
-	<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408">CVE-2013-4408</a>
-	(<b>DCE-RPC fragment length field is incorrectly checked</b>) and
-	<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150">CVE-2012-6150</a>
-	(<b>pam_winbind login without require_membership_of restrictions</b>).
-	</p>
-
-	<p>The uncompressed tarballs and patch files have been signed
-	using GnuPG (ID 6568B7EA).</p>
-	<p>
-	The source code can be downloaded here:
-	<li><a href="http://samba.org/samba/ftp/stable/samba-4.1.3.tar.gz">download
-	Samba 4.1.3</a>,</li>
-	<li><a href="http://samba.org/samba/ftp/stable/samba-4.0.13.tar.gz">download
-	Samba 4.0.13</a>,</li>
-	<li><a href="http://samba.org/samba/ftp/stable/samba-3.6.22.tar.gz">download
-	Samba 3.6.22</a>.</li>
-	</p>
diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html
index 9764405..c380614 100644
--- a/generated_news/latest_10_headlines.html
+++ b/generated_news/latest_10_headlines.html
@@ -1,4 +1,6 @@
 <ul>
+	<li> 27 May 2014 <a href="#4.0.18">Samba 4.0.18 Available for Download</a></li>
+
 	<li> 05 May 2014<a href="#sambaxp2014">SambaXP 2014: conference schedule is online!</a></li>
 
 	<li> 17 April 2014 <a href="#4.1.7">Samba 4.1.7 Available for Download</a></li>
@@ -18,8 +20,4 @@
 	<li> 10 January 2014 <a href="#4.1.4">Samba 4.1.4 Available for Download</a></li>
 
 	<li> 07 January 2014 <a href="#4.0.14">Samba 4.0.14 Available for Download</a></li>
-
-	<li> 09 December 2013 <a href="#4.1.3">Samba 4.1.3, 4.0.13
-	and 3.6.22 Security Releases Available for Download (CVE-2013-4408 and
-	CVE-2012-6150)</a></li>
 </ul>
diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html
index 6e855e8..ae5c4c9 100644
--- a/generated_news/latest_2_bodies.html
+++ b/generated_news/latest_2_bodies.html
@@ -1,3 +1,16 @@
+	<h5><a name="4.0.18">27 May 2014</a></h5>
+	<p class="headline">Samba 4.0.18 Available for Download</p>
+	<p>This is the latest stable release of the Samba 4.0 series.</p>
+
+<p>The uncompressed tarballs and patch files have been signed
+using GnuPG (ID 6568B7EA).  The source code can be
+<a href="http://samba.org/samba/ftp/stable/samba-4.0.18.tar.gz">downloaded
+now</a>. A <a href="http://samba.org/samba/ftp/patches/patch-4.0.17-4.0.18.diffs.gz">
+patch against Samba 4.0.17</a> is also available. See
+<a href="http://samba.org/samba/history/samba-4.0.18.html"> the release notes
+ for more info</a>.</p>
+
+
 	<h5><a name="sambaxp2014">05 May 2014</a></h5>
 	<p class="headline">SambaXP 2014: conference schedule is online!</p>
 
@@ -7,16 +20,3 @@ Goettingen, Germany at the 13th international SAMBA conference, the
 <p>The conference schedule is online now.
 Please find all necessary information at the
 <a href="http://sambaXP.org">conference website</a>.</p>
-
-	<h5><a name="4.1.7">17 April 2014</a></h5>
-	<p class="headline">Samba 4.1.7 Available for Download</p>
-	<p>This is the latest stable release of the Samba 4.1 series.</p>
-
-<p>The uncompressed tarballs and patch files have been signed
-using GnuPG (ID 6568B7EA).  The source code can be
-<a href="http://samba.org/samba/ftp/stable/samba-4.1.7.tar.gz">downloaded
-now</a>. A <a href="http://samba.org/samba/ftp/patches/patch-4.1.6-4.1.7.diffs.gz">
-patch against Samba 4.1.6</a> is also available. See
-<a href="http://samba.org/samba/history/samba-4.1.7.html"> the release notes
- for more info</a>.</p>
-
diff --git a/history/header_history.html b/history/header_history.html
index 77db2b3..b31175e 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -18,6 +18,7 @@
 			<li><a href="samba-4.1.2.html">samba-4.1.2</a></li>
 			<li><a href="samba-4.1.1.html">samba-4.1.1</a></li>
 			<li><a href="samba-4.1.0.html">samba-4.1.0</a></li>
+			<li><a href="samba-4.0.18.html">samba-4.0.18</a></li>
 			<li><a href="samba-4.0.17.html">samba-4.0.17</a></li>
 			<li><a href="samba-4.0.16.html">samba-4.0.16</a></li>
 			<li><a href="samba-4.0.15.html">samba-4.0.15</a></li>
diff --git a/history/samba-4.0.18.html b/history/samba-4.0.18.html
new file mode 100755
index 0000000..a7ba7ec
--- /dev/null
+++ b/history/samba-4.0.18.html
@@ -0,0 +1,89 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+   <H2>Samba 4.0.18 Available for Download</H2>
+
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 4.0.18
+                            May 27, 2014
+                   ==============================
+
+
+This is the latest stable release of Samba 4.0.
+
+Please note that this bug fix release also addresses two minor security issues
+without being a dedicated security release:
+
+  o CVE-2014-0239: dns: Don't reply to replies (bug #10609).
+  o CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response
+    (bug #10549).
+
+For more details including security advisories and patches, please see
+
+  http://www.samba.org/samba/history/security.html
+
+
+ Changes since 4.0.17:
+---------------------
+
+o   Michael Adam <obnox at samba.org>
+    * BUG 10548: build: Fix ordering problems with lib-provided and internal
+      RPATHs.
+
+
+o   Jeremy Allison <jra at samba.org>
+    * BUG 10577: SMB1 wildcard unlink fail can leave a retry record on the open
+      retry queue.
+    * BUG 10564: Fix lock order violation and file lost.
+
+
+o   Björn Baumbach <bb at sernet.de>
+    * BUG 10239: s3-nmbd: Reset debug settings after reading config file.
+    * BUG 10544: s3-lib/util: set_namearray reads across end of namelist
+      string.
+    * BUG 10556: lib-util: Rename memdup to smb_memdup and fix all callers.
+
+
+o   Kai Blin <kai at samba.org>
+    * BUG 10609: CVE-2014-0239: dns: Don't reply to replies.
+
+
+o   David Disseldorp <ddiss at samba.org>
+    * BUG 10590: byteorder: Do not assume PowerPC is big-endian.
+
+
+o   Stefan Metzmacher <metze at samba.org>
+    * BUG 10472: script/autobuild: Make use of
+      '--with-perl-{arch,lib}-install-dir'.
+
+
+o   Noel Power <nopower at suse.com>
+    * BUG 10554: Fix read of deleted memory in reply_writeclose()'.
+
+
+o   Jose A. Rivera <jarrpa at redhat.com>
+    * BUG 10151: Extra ':' in msg for Waf Cross Compile Build System with
+      Cross-answers command.
+    * BUG 10348: Fix empty body in if-statement in continue_domain_open_lookup.
+
+
+o   Christof Schmitt <christof.schmitt at us.ibm.com>
+    * BUG 10549: CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS
+      response.
+
+
+o   Andreas Schneider <asn at samba.org>
+    * BUG 10472: wafsamba: Fix the installation on FreeBSD.
+</pre>
+
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index b805614..bb2f220 100755
--- a/history/security.html
+++ b/history/security.html
@@ -22,6 +22,21 @@ link to full release notes for each release.</p>
       </tr>
 
     <tr>
+	<td>27 May 2014</td>
+	<td><a href="/samba/ftp/patches/security/samba-4.0.17-CVE-2014-0178-CVE-2014-0239.patch">
+	patch for Samba 4.0.17</a><br />
+	<td>Uninitialized memory exposure, Potential DOS in Samba internal DNS server.
+	</td>
+	<td>please refer to the advisories</td>
+	<td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178">CVE-2014-0178</a>, 
+	    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0239">CVE-2014-0239</a>
+	</td>
+	<td><a href="/samba/security/CVE-2014-0178">Announcement</a>
+	    <a href="/samba/security/CVE-2014-0239">Announcement</a>
+	</td>
+    </tr>
+
+    <tr>
 	<td>11 Mar 2014</td>
 	<td><a href="/samba/ftp/patches/security/samba-4.1.5-CVE-2013-4496-CVE-2013-6442.patch">
 	patch for Samba 4.1.5</a><br />
diff --git a/security/CVE-2014-0178.html b/security/CVE-2014-0178.html
new file mode 100644
index 0000000..53a8722
--- /dev/null
+++ b/security/CVE-2014-0178.html
@@ -0,0 +1,75 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2014-0178.html:</H2>
+
+<p>
+<pre>
+===========================================================
+== Subject:     Uninitialized memory exposure.
+==
+== CVE ID#:     CVE-2014-0178
+==
+== Versions:    Samba 3.6.6 - 4.1.7 (inclusive)
+==
+== Summary:     Samba 3.6.6 to 4.1.7 are affected by a
+==              vulnerability that allows an authenticated
+==		client to retrieve eight bytes of
+==		uninitialized server memory when a
+==		shadow-copy VFS module is enabled.
+==
+===========================================================
+
+===========
+Description
+===========
+
+In preparing a response to an authenticated FSCTL_GET_SHADOW_COPY_DATA
+or FSCTL_SRV_ENUMERATE_SNAPSHOTS client request, affected versions of
+Samba do not initialize 8 bytes of the 16 byte SRV_SNAPSHOT_ARRAY
+response field. The uninitialized buffer is sent back to the client.
+
+A non-default VFS module providing the get_shadow_copy_data_fn() hook
+must be explicitly enabled for Samba to process the aforementioned
+client requests. Therefore, only configurations with "shadow_copy" or
+"shadow_copy2" specified for the "vfs objects" parameter are vulnerable.
+
+
+==================
+Patch Availability
+==================
+
+Patches addressing this issue have been posted to:
+
+    http://www.samba.org/samba/security/
+
+Samba versions 4.0.18 and 4.1.8 will be released with fixes for
+this issue. Immediate security releases will not be issued, due to the
+low severity of the vulnerability.
+
+
+==========
+Workaround
+==========
+
+To avoid the vulnerability, affected versions can be configured without
+"shadow_copy" or "shadow_copy2" specified for the "vfs objects"
+parameter. This is the default configuration.
+
+
+=======
+Credits
+=======
+
+This vulnerability was found and fixed by Christof Schmitt of the Samba
+team.
+</pre>
+</body>
+</html>
diff --git a/security/CVE-2013-6442.html b/security/CVE-2014-0239.html
similarity index 53%
copy from security/CVE-2013-6442.html
copy to security/CVE-2014-0239.html
index 6f6acdf..fe5e478 100644
--- a/security/CVE-2013-6442.html
+++ b/security/CVE-2014-0239.html
@@ -8,21 +8,19 @@
 
 <body>
 
-   <H2>CVE-2013-6442.html:</H2>
+   <H2>CVE-2014-0239.html:</H2>
 
 <p>
 <pre>
 ===========================================================
-== Subject:     smbcacls will remove the ACL on a file
-== 		or directory when changing owner or group
-==		owner.
+== Subject:     Potential DOS in Samba internal DNS server
 ==
-== CVE ID#:     CVE-2013-6442
+== CVE ID#:     CVE-2014-0239
 ==
 == Versions:    All versions of Samba later than 4.0.0
 ==
-== Summary:     smbcacls can remove a file or directory
-== 		ACL by mistake.
+== Summary:     The internal DNS server does not check the "reply" flag,
+==		potentially causing a packet loop.
 ==
 ===========================================================
 
@@ -30,10 +28,11 @@
 Description
 ===========
 
-Samba versions 4.0.0 and above have a flaw in the smbcacls command. If
-smbcacls is used with the "-C|--chown name" or "-G|--chgrp name"
-command options it will remove the existing ACL on the object being
-modified, leaving the file or directory unprotected.
+Samba versions 4.0.0 and above have a flaw in DNS protocol handling in the
+internal DNS server. The server will not check the "reply" flag in the DNS
+packet header when processing a request. That makes it vulnerable to reply
+to a spoofed reply packet with another reply. Two affected servers could thus
+DOS each other.
 
 ==================
 Patch Availability
@@ -43,24 +42,21 @@ Patches addressing this issue have been posted to:
 
     http://www.samba.org/samba/security/
 
-Samba versions 4.0.16 and 4.1.6 have been released to address this
-issue.
+Samba version 4.0.18 includes a patch for this issue.
 
 ==========
 Workaround
 ==========
 
-Use server based tools (chown) to modify owners on files and
-directories.
+Use the BIND_DLZ DNS backend to avoid this issue.
 
 =======
 Credits
 =======
 
-This problem was found by an internal audit of the Samba code by Noel
-Power of SuSE.
+This problem was reported on IRC by a Samba user
 
-Patch provided by Jeremy Allison of the Samba team.
+Patch provided by Kai Blin of the Samba team.
 
 ==========================================================
 == Our Code, Our Bugs, Our Responsibility.


-- 
Samba Website Repository


More information about the samba-cvs mailing list