[SCM] Samba Website Repository - branch master updated
Karolin Seeger
kseeger at samba.org
Wed Dec 16 11:07:40 UTC 2015
The branch, master has been updated
via f7d9bc7 NEWS[4.3.3]: Samba 4.3.3, 4.2.7, 4.1.22 and ldb 1.1.24 Security Releases Available for Download
from 0bf2f45 NEWS[4.2.6]: [ANNOUNCE] Samba 4.2.6 Available for Donwload
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f7d9bc7b20f3d206e647d9d3b43085beae969f44
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Dec 10 12:55:04 2015 +0100
NEWS[4.3.3]: Samba 4.3.3, 4.2.7, 4.1.22 and ldb 1.1.24 Security Releases Available for Download
Signed-off-by: Karolin Seeger <kseeger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/header_history.html | 4 +
history/samba-4.1.22.html | 151 ++++++++++++++++++++++++
history/samba-4.2.7.html | 140 ++++++++++++++++++++++
history/samba-4.3.3.html | 146 +++++++++++++++++++++++
history/security.html | 29 +++++
posted_news/20151216-101621.4.3.3.body.html | 30 +++++
posted_news/20151216-101621.4.3.3.headline.html | 3 +
security/CVE-2015-3223.html | 70 +++++++++++
security/CVE-2015-5252.html | 105 ++++++++++++++++
security/CVE-2015-5296.html | 78 ++++++++++++
security/CVE-2015-5299.html | 68 +++++++++++
security/CVE-2015-5330.html | 78 ++++++++++++
security/CVE-2015-7540.html | 69 +++++++++++
security/CVE-2015-8467.html | 80 +++++++++++++
14 files changed, 1051 insertions(+)
create mode 100755 history/samba-4.1.22.html
create mode 100755 history/samba-4.2.7.html
create mode 100644 history/samba-4.3.3.html
create mode 100644 posted_news/20151216-101621.4.3.3.body.html
create mode 100644 posted_news/20151216-101621.4.3.3.headline.html
create mode 100644 security/CVE-2015-3223.html
create mode 100644 security/CVE-2015-5252.html
create mode 100644 security/CVE-2015-5296.html
create mode 100644 security/CVE-2015-5299.html
create mode 100644 security/CVE-2015-5330.html
create mode 100644 security/CVE-2015-7540.html
create mode 100644 security/CVE-2015-8467.html
Changeset truncated at 500 lines:
diff --git a/history/header_history.html b/history/header_history.html
index cd20021..4a015d5 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,8 +9,11 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.3.3.html">samba-4.3.3</a></li>
+ <li><a href="samba-4.3.2.html">samba-4.3.2</a></li>
<li><a href="samba-4.3.1.html">samba-4.3.1</a></li>
<li><a href="samba-4.3.0.html">samba-4.3.0</a></li>
+ <li><a href="samba-4.2.7.html">samba-4.2.7</a></li>
<li><a href="samba-4.2.6.html">samba-4.2.6</a></li>
<li><a href="samba-4.2.5.html">samba-4.2.5</a></li>
<li><a href="samba-4.2.4.html">samba-4.2.4</a></li>
@@ -18,6 +21,7 @@
<li><a href="samba-4.2.2.html">samba-4.2.2</a></li>
<li><a href="samba-4.2.1.html">samba-4.2.1</a></li>
<li><a href="samba-4.2.0.html">samba-4.2.0</a></li>
+ <li><a href="samba-4.1.22.html">samba-4.1.22</a></li>
<li><a href="samba-4.1.21.html">samba-4.1.21</a></li>
<li><a href="samba-4.1.20.html">samba-4.1.20</a></li>
<li><a href="samba-4.1.19.html">samba-4.1.19</a></li>
diff --git a/history/samba-4.1.22.html b/history/samba-4.1.22.html
new file mode 100755
index 0000000..c62e96b
--- /dev/null
+++ b/history/samba-4.1.22.html
@@ -0,0 +1,151 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 4.1.22 Available for Download</H2>
+
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.1.22
+ December 16, 2015
+ ==============================
+
+
+This is a security release in order to address the following CVEs:
+
+o CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server)
+o CVE-2015-3223 (Denial of service in Samba Active Directory
+ server)
+o CVE-2015-5252 (Insufficient symlink verification in smbd)
+o CVE-2015-5299 (Missing access control check in shadow copy
+ code)
+o CVE-2015-5296 (Samba client requesting encryption vulnerable
+ to downgrade attack)
+o CVE-2015-8467 (Denial of service attack against Windows
+ Active Directory server)
+o CVE-2015-5330 (Remote memory read in Samba LDAP server)
+
+Please note that if building against a system libldb, the required
+version has been bumped to ldb-1.1.24. This is needed to ensure
+we build against a system ldb library that contains the fixes
+for CVE-2015-5330 and CVE-2015-3223.
+
+=======
+Details
+=======
+
+o CVE-2015-7540:
+ All versions of Samba from 4.0.0 to 4.1.21 inclusive are vulnerable to
+ an anonymous memory exhaustion attack in the samba daemon LDAP server.
+
+ A malicious client can send packets that cause the LDAP server provided
+ by the AD DC in the samba daemon process to consume unlimited memory
+ and be terminated.
+
+o CVE-2015-3223:
+ All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
+ ldb versions up to 1.1.23 inclusive) are vulnerable to
+ a denial of service attack in the samba daemon LDAP server.
+
+ A malicious client can send packets that cause the LDAP server in the
+ samba daemon process to become unresponsive, preventing the server
+ from servicing any other requests.
+
+ This flaw is not exploitable beyond causing the code to loop expending
+ CPU resources.
+
+o CVE-2015-5252:
+ All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to
+ a bug in symlink verification, which under certain circumstances could
+ allow client access to files outside the exported share path.
+
+ If a Samba share is configured with a path that shares a common path
+ prefix with another directory on the file system, the smbd daemon may
+ allow the client to follow a symlink pointing to a file or directory
+ in that other directory, even if the share parameter "wide links" is
+ set to "no" (the default).
+
+o CVE-2015-5299:
+ All versions of Samba from 3.2.0 to 4.3.2 inclusive are vulnerable to
+ a missing access control check in the vfs_shadow_copy2 module. When
+ looking for the shadow copy directory under the share path the current
+ accessing user should have DIRECTORY_LIST access rights in order to
+ view the current snapshots.
+
+ This was not being checked in the affected versions of Samba.
+
+o CVE-2015-5296:
+ Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that
+ signing is negotiated when creating an encrypted client connection to
+ a server.
+
+ Without this a man-in-the-middle attack could downgrade the connection
+ and connect using the supplied credentials as an unsigned, unencrypted
+ connection.
+
+o CVE-2015-8467:
+ Samba, operating as an AD DC, is sometimes operated in a domain with a
+ mix of Samba and Windows Active Directory Domain Controllers.
+
+ All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as
+ an AD DC in the same domain with Windows DCs, could be used to
+ override the protection against the MS15-096 / CVE-2015-2535 security
+ issue in Windows.
+
+ Prior to MS16-096 it was possible to bypass the quota of machine
+ accounts a non-administrative user could create. Pure Samba domains
+ are not impacted, as Samba does not implement the
+ SeMachineAccountPrivilege functionality to allow non-administrator
+ users to create new computer objects.
+
+o CVE-2015-5330:
+ All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
+ ldb versions up to 1.1.23 inclusive) are vulnerable to
+ a remote memory read attack in the samba daemon LDAP server.
+
+ A malicious client can send packets that cause the LDAP server in the
+ samba daemon process to return heap memory beyond the length of the
+ requested value.
+
+ This memory may contain data that the client should not be allowed to
+ see, allowing compromise of the server.
+
+ The memory may either be returned to the client in an error string, or
+ stored in the database by a suitabily privileged user. If untrusted
+ users can create objects in your database, please confirm that all DN
+ and name attributes are reasonable.
+
+
+Changes since 4.1.21:
+---------------------
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 11552: CVE-2015-8467: samdb: Match MS15-096 behaviour for
+ userAccountControl.
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 9187: CVE-2015-7540: Bogus LDAP request cause samba to use all the
+ memory and be ookilled.
+ * BUG 11325: CVE-2015-3223: Fix LDAP \00 search expression attack DoS.
+ * BUG 11395: CVE-2015-5252: Fix insufficient symlink verification (file
+ access outside the share).
+ * BUG 11529: CVE-2015-5299: s3-shadow-copy2: Fix missing access check on
+ snapdir.
+
+o Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+ * BUG 11599: CVE-2015-5330: Fix remote read memory exploit in LDB.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 11536: CVE-2015-5296: Add man in the middle protection when forcing
+ smb encryption on the client side.
+</pre>
+
+</body>
+</html>
diff --git a/history/samba-4.2.7.html b/history/samba-4.2.7.html
new file mode 100755
index 0000000..9a590dd
--- /dev/null
+++ b/history/samba-4.2.7.html
@@ -0,0 +1,140 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 4.2.7 Available for Download</H2>
+
+<p>
+<pre>
+ =============================
+ Release Notes for Samba 4.2.7
+ December 16, 2015
+ =============================
+
+
+This is a security release in order to address the following CVEs:
+
+o CVE-2015-3223 (Denial of service in Samba Active Directory
+ server)
+o CVE-2015-5252 (Insufficient symlink verification in smbd)
+o CVE-2015-5299 (Missing access control check in shadow copy
+ code)
+o CVE-2015-5296 (Samba client requesting encryption vulnerable
+ to downgrade attack)
+o CVE-2015-8467 (Denial of service attack against Windows
+ Active Directory server)
+o CVE-2015-5330 (Remote memory read in Samba LDAP server)
+
+Please note that if building against a system libldb, the required
+version has been bumped to ldb-1.1.24. This is needed to ensure
+we build against a system ldb library that contains the fixes
+for CVE-2015-5330 and CVE-2015-3223.
+
+=======
+Details
+=======
+
+o CVE-2015-3223:
+ All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
+ ldb versions up to 1.1.23 inclusive) are vulnerable to
+ a denial of service attack in the samba daemon LDAP server.
+
+ A malicious client can send packets that cause the LDAP server in the
+ samba daemon process to become unresponsive, preventing the server
+ from servicing any other requests.
+
+ This flaw is not exploitable beyond causing the code to loop expending
+ CPU resources.
+
+o CVE-2015-5252:
+ All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to
+ a bug in symlink verification, which under certain circumstances could
+ allow client access to files outside the exported share path.
+
+ If a Samba share is configured with a path that shares a common path
+ prefix with another directory on the file system, the smbd daemon may
+ allow the client to follow a symlink pointing to a file or directory
+ in that other directory, even if the share parameter "wide links" is
+ set to "no" (the default).
+
+o CVE-2015-5299:
+ All versions of Samba from 3.2.0 to 4.3.2 inclusive are vulnerable to
+ a missing access control check in the vfs_shadow_copy2 module. When
+ looking for the shadow copy directory under the share path the current
+ accessing user should have DIRECTORY_LIST access rights in order to
+ view the current snapshots.
+
+ This was not being checked in the affected versions of Samba.
+
+o CVE-2015-5296:
+ Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that
+ signing is negotiated when creating an encrypted client connection to
+ a server.
+
+ Without this a man-in-the-middle attack could downgrade the connection
+ and connect using the supplied credentials as an unsigned, unencrypted
+ connection.
+
+o CVE-2015-8467:
+ Samba, operating as an AD DC, is sometimes operated in a domain with a
+ mix of Samba and Windows Active Directory Domain Controllers.
+
+ All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as
+ an AD DC in the same domain with Windows DCs, could be used to
+ override the protection against the MS15-096 / CVE-2015-2535 security
+ issue in Windows.
+
+ Prior to MS16-096 it was possible to bypass the quota of machine
+ accounts a non-administrative user could create. Pure Samba domains
+ are not impacted, as Samba does not implement the
+ SeMachineAccountPrivilege functionality to allow non-administrator
+ users to create new computer objects.
+
+o CVE-2015-5330:
+ All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
+ ldb versions up to 1.1.23 inclusive) are vulnerable to
+ a remote memory read attack in the samba daemon LDAP server.
+
+ A malicious client can send packets that cause the LDAP server in the
+ samba daemon process to return heap memory beyond the length of the
+ requested value.
+
+ This memory may contain data that the client should not be allowed to
+ see, allowing compromise of the server.
+
+ The memory may either be returned to the client in an error string, or
+ stored in the database by a suitabily privileged user. If untrusted
+ users can create objects in your database, please confirm that all DN
+ and name attributes are reasonable.
+
+
+Changes since 4.2.6:
+--------------------
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 11552: CVE-2015-8467: samdb: Match MS15-096 behaviour for
+ userAccountControl.
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 11325: CVE-2015-3223: Fix LDAP \00 search expression attack DoS.
+ * BUG 11395: CVE-2015-5252: Fix insufficient symlink verification (file
+ access outside the share).
+ * BUG 11529: CVE-2015-5299: s3-shadow-copy2: Fix missing access check on
+ snapdir.
+
+o Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+ * BUG 11599: CVE-2015-5330: Fix remote read memory exploit in LDB.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 11536: CVE-2015-5296: Add man in the middle protection when forcing
+ smb encryption on the client side.
+</pre>
+
+</body>
+</html>
diff --git a/history/samba-4.3.3.html b/history/samba-4.3.3.html
new file mode 100644
index 0000000..159f49b
--- /dev/null
+++ b/history/samba-4.3.3.html
@@ -0,0 +1,146 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.3.3 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.3.3 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.3.3.tar.gz">Samba 4.3.3 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.3.3.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.3.2-4.3.3.diffs.gz">Patch (gzipped) against Samba 4.3.2</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.3.2-4.3.3.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ =============================
+ Release Notes for Samba 4.3.3
+ December 16, 2015
+ =============================
+
+
+This is a security release in order to address the following CVEs:
+
+o CVE-2015-3223 (Denial of service in Samba Active Directory
+ server)
+o CVE-2015-5252 (Insufficient symlink verification in smbd)
+o CVE-2015-5299 (Missing access control check in shadow copy
+ code)
+o CVE-2015-5296 (Samba client requesting encryption vulnerable
+ to downgrade attack)
+o CVE-2015-8467 (Denial of service attack against Windows
+ Active Directory server)
+o CVE-2015-5330 (Remote memory read in Samba LDAP server)
+
+Please note that if building against a system libldb, the required
+version has been bumped to ldb-1.1.24. This is needed to ensure
+we build against a system ldb library that contains the fixes
+for CVE-2015-5330 and CVE-2015-3223.
+
+=======
+Details
+=======
+
+o CVE-2015-3223:
+ All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
+ ldb versions up to 1.1.23 inclusive) are vulnerable to
+ a denial of service attack in the samba daemon LDAP server.
+
+ A malicious client can send packets that cause the LDAP server in the
+ samba daemon process to become unresponsive, preventing the server
+ from servicing any other requests.
+
+ This flaw is not exploitable beyond causing the code to loop expending
+ CPU resources.
+
+o CVE-2015-5252:
+ All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to
+ a bug in symlink verification, which under certain circumstances could
+ allow client access to files outside the exported share path.
+
+ If a Samba share is configured with a path that shares a common path
+ prefix with another directory on the file system, the smbd daemon may
+ allow the client to follow a symlink pointing to a file or directory
+ in that other directory, even if the share parameter "wide links" is
+ set to "no" (the default).
+
+o CVE-2015-5299:
+ All versions of Samba from 3.2.0 to 4.3.2 inclusive are vulnerable to
+ a missing access control check in the vfs_shadow_copy2 module. When
+ looking for the shadow copy directory under the share path the current
+ accessing user should have DIRECTORY_LIST access rights in order to
+ view the current snapshots.
+
+ This was not being checked in the affected versions of Samba.
+
+o CVE-2015-5296:
+ Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that
+ signing is negotiated when creating an encrypted client connection to
+ a server.
+
+ Without this a man-in-the-middle attack could downgrade the connection
+ and connect using the supplied credentials as an unsigned, unencrypted
+ connection.
+
+o CVE-2015-8467:
+ Samba, operating as an AD DC, is sometimes operated in a domain with a
+ mix of Samba and Windows Active Directory Domain Controllers.
+
+ All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as
+ an AD DC in the same domain with Windows DCs, could be used to
+ override the protection against the MS15-096 / CVE-2015-2535 security
+ issue in Windows.
+
+ Prior to MS16-096 it was possible to bypass the quota of machine
+ accounts a non-administrative user could create. Pure Samba domains
+ are not impacted, as Samba does not implement the
+ SeMachineAccountPrivilege functionality to allow non-administrator
+ users to create new computer objects.
+
+o CVE-2015-5330:
+ All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
+ ldb versions up to 1.1.23 inclusive) are vulnerable to
+ a remote memory read attack in the samba daemon LDAP server.
+
+ A malicious client can send packets that cause the LDAP server in the
+ samba daemon process to return heap memory beyond the length of the
+ requested value.
+
+ This memory may contain data that the client should not be allowed to
+ see, allowing compromise of the server.
+
+ The memory may either be returned to the client in an error string, or
+ stored in the database by a suitabily privileged user. If untrusted
+ users can create objects in your database, please confirm that all DN
+ and name attributes are reasonable.
+
+
+Changes since 4.3.2:
+--------------------
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 11552: CVE-2015-8467: samdb: Match MS15-096 behaviour for
+ userAccountControl.
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 11325: CVE-2015-3223: Fix LDAP \00 search expression attack DoS.
+ * BUG 11395: CVE-2015-5252: Fix insufficient symlink verification (file
+ access outside the share).
+ * BUG 11529: CVE-2015-5299: s3-shadow-copy2: Fix missing access check on
+ snapdir.
+
+o Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+ * BUG 11599: CVE-2015-5330: Fix remote read memory exploit in LDB.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 11536: CVE-2015-5296: Add man in the middle protection when forcing
+ smb encryption on the client side.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 3fc7c05..794dbf2 100755
--- a/history/security.html
+++ b/history/security.html
@@ -22,6 +22,35 @@ link to full release notes for each release.</p>
</tr>
<tr>
+ <td>16 Dec 2015</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.3.2-security-2015-12-16.patch">
+ patch for Samba 4.3.2</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.2.6-security-2015-12-16.patch">
+ patch for Samba 4.2.6</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.1.21-security-2015-12-16.patch">
+ patch for Samba 4.1.21</a><br />
+ <td>Numerous CVEs. Please see the announcements for details.
+ </td>
+ <td>3.0.0 to 4.3.2</td>
+ <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223">CVE-2015-3223</a>,
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252">CVE-2015-5252</a>,
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296">CVE-2015-5296</a>,
--
Samba Website Repository
More information about the samba-cvs
mailing list