[SCM] Samba Website Repository - branch master updated

Karolin Seeger kseeger at samba.org
Tue Mar 8 12:43:38 UTC 2016


The branch, master has been updated
       via  bf9ddc5 NEWS[4.3.6]: Samba 4.3.6, 4.2.9, 4.1.23 and 4.4.0rc4 Security Releases Available for Download
      from  2251813 NEWS[4.4.0rc3]: Samba 4.4.0rc3 Available for Download

https://git.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit bf9ddc54d44dce08dd067c0add26894c0c810428
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed Feb 24 12:37:02 2016 +0100

    NEWS[4.3.6]: Samba 4.3.6, 4.2.9, 4.1.23 and 4.4.0rc4 Security Releases Available for Download
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 history/header_history.html                     |  3 +
 history/samba-4.1.23.html                       | 76 +++++++++++++++++++++++
 history/samba-4.2.9.html                        | 76 +++++++++++++++++++++++
 history/samba-4.3.6.html                        | 82 +++++++++++++++++++++++++
 history/security.html                           | 19 ++++++
 posted_news/20160308-112832.4.3.6.body.html     | 33 ++++++++++
 posted_news/20160308-112832.4.3.6.headline.html |  3 +
 security/CVE-2015-7560.html                     | 77 +++++++++++++++++++++++
 security/CVE-2016-0771.html                     | 78 +++++++++++++++++++++++
 9 files changed, 447 insertions(+)
 create mode 100755 history/samba-4.1.23.html
 create mode 100755 history/samba-4.2.9.html
 create mode 100644 history/samba-4.3.6.html
 create mode 100644 posted_news/20160308-112832.4.3.6.body.html
 create mode 100644 posted_news/20160308-112832.4.3.6.headline.html
 create mode 100644 security/CVE-2015-7560.html
 create mode 100644 security/CVE-2016-0771.html


Changeset truncated at 500 lines:

diff --git a/history/header_history.html b/history/header_history.html
index 70d9825..f61ef5d 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,12 +9,14 @@
 		<li><a href="/samba/history/">Release Notes</a>
 		<li class="navSub">
 			<ul>
+			<li><a href="samba-4.3.6.html">samba-4.3.6</a></li>
 			<li><a href="samba-4.3.5.html">samba-4.3.5</a></li>
 			<li><a href="samba-4.3.4.html">samba-4.3.4</a></li>
 			<li><a href="samba-4.3.3.html">samba-4.3.3</a></li>
 			<li><a href="samba-4.3.2.html">samba-4.3.2</a></li>
 			<li><a href="samba-4.3.1.html">samba-4.3.1</a></li>
 			<li><a href="samba-4.3.0.html">samba-4.3.0</a></li>
+			<li><a href="samba-4.2.9.html">samba-4.2.9</a></li>
 			<li><a href="samba-4.2.8.html">samba-4.2.8</a></li>
 			<li><a href="samba-4.2.7.html">samba-4.2.7</a></li>
 			<li><a href="samba-4.2.6.html">samba-4.2.6</a></li>
@@ -24,6 +26,7 @@
 			<li><a href="samba-4.2.2.html">samba-4.2.2</a></li>
 			<li><a href="samba-4.2.1.html">samba-4.2.1</a></li>
 			<li><a href="samba-4.2.0.html">samba-4.2.0</a></li>
+			<li><a href="samba-4.1.23.html">samba-4.1.23</a></li>
 			<li><a href="samba-4.1.22.html">samba-4.1.22</a></li>
 			<li><a href="samba-4.1.21.html">samba-4.1.21</a></li>
 			<li><a href="samba-4.1.20.html">samba-4.1.20</a></li>
diff --git a/history/samba-4.1.23.html b/history/samba-4.1.23.html
new file mode 100755
index 0000000..0103ef4
--- /dev/null
+++ b/history/samba-4.1.23.html
@@ -0,0 +1,76 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+   <H2>Samba 4.1.23 Available for Download</H2>
+
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 4.1.23
+                           March 8, 2015
+                   ==============================
+
+
+This is a security release in order to address the following CVEs:
+
+o  CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
+o  CVE-2016-0771 (Out-of-bounds read in internal DNS server)
+
+=======
+Details
+=======
+
+o  CVE-2015-7560:
+   All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to
+   a malicious client overwriting the ownership of ACLs using symlinks.
+
+   An authenticated malicious client can use SMB1 UNIX extensions to
+   create a symlink to a file or directory, and then use non-UNIX SMB1
+   calls to overwrite the contents of the ACL on the file or directory
+   linked to.
+
+o  CVE-2016-0771:
+   All versions of Samba from 4.0.0 to 4.4.0rc3 inclusive, when deployed as
+   an AD DC and choose to run the internal DNS server, are vulnerable to an
+   out-of-bounds read issue during DNS TXT record handling caused by users
+   with permission to modify DNS records.
+
+   A malicious client can upload a specially constructed DNS TXT record,
+   resulting in a remote denial-of-service attack. As long as the affected
+   TXT record remains undisturbed in the Samba database, a targeted DNS
+   query may continue to trigger this exploit.
+
+   While unlikely, the out-of-bounds read may bypass safety checks and
+   allow leakage of memory from the server in the form of a DNS TXT reply.
+
+   By default only authenticated accounts can upload DNS records,
+   as "allow dns updates = secure only" is the default.
+   Any other value would allow anonymous clients to trigger this
+   bug, which is a much higher risk.
+
+
+Changes since 4.1.22:
+---------------------
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 11648: CVE-2015-7560: Getting and setting Windows ACLs on symlinks can
+     change permissions on link target.
+
+o  Garming Sam <garming at catalyst.net.nz>
+   * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT
+     handling.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT
+     handling.
+</pre>
+
+</body>
+</html>
diff --git a/history/samba-4.2.9.html b/history/samba-4.2.9.html
new file mode 100755
index 0000000..b6a55c4
--- /dev/null
+++ b/history/samba-4.2.9.html
@@ -0,0 +1,76 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+   <H2>Samba 4.2.9 Available for Download</H2>
+
+<p>
+<pre>
+                   =============================
+                   Release Notes for Samba 4.2.9
+                           March 8, 2016
+                   =============================
+
+
+This is a security release in order to address the following CVEs:
+
+o  CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
+o  CVE-2016-0771 (Out-of-bounds read in internal DNS server)
+
+=======
+Details
+=======
+
+o  CVE-2015-7560:
+   All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to
+   a malicious client overwriting the ownership of ACLs using symlinks.
+
+   An authenticated malicious client can use SMB1 UNIX extensions to
+   create a symlink to a file or directory, and then use non-UNIX SMB1
+   calls to overwrite the contents of the ACL on the file or directory
+   linked to.
+
+o  CVE-2016-0771:
+   All versions of Samba from 4.0.0 to 4.4.0rc3 inclusive, when deployed as
+   an AD DC and choose to run the internal DNS server, are vulnerable to an
+   out-of-bounds read issue during DNS TXT record handling caused by users
+   with permission to modify DNS records.
+
+   A malicious client can upload a specially constructed DNS TXT record,
+   resulting in a remote denial-of-service attack. As long as the affected
+   TXT record remains undisturbed in the Samba database, a targeted DNS
+   query may continue to trigger this exploit.
+
+   While unlikely, the out-of-bounds read may bypass safety checks and
+   allow leakage of memory from the server in the form of a DNS TXT reply.
+
+   By default only authenticated accounts can upload DNS records,
+   as "allow dns updates = secure only" is the default.
+   Any other value would allow anonymous clients to trigger this
+   bug, which is a much higher risk.
+
+
+Changes since 4.2.8:
+--------------------
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 11648: CVE-2015-7560: Getting and setting Windows ACLs on symlinks can
+     change permissions on link target.
+
+o  Garming Sam <garming at catalyst.net.nz>
+   * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT
+     handling.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT
+     handling.
+</pre>
+
+</body>
+</html>
diff --git a/history/samba-4.3.6.html b/history/samba-4.3.6.html
new file mode 100644
index 0000000..e195ab3
--- /dev/null
+++ b/history/samba-4.3.6.html
@@ -0,0 +1,82 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.3.6 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.3.6 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.3.6.tar.gz">Samba 4.3.6 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.3.6.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.3.5-4.3.6.diffs.gz">Patch (gzipped) against Samba 4.3.5</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.3.5-4.3.6.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   =============================
+                   Release Notes for Samba 4.3.6
+                           March 8, 2016
+                   =============================
+
+
+This is a security release in order to address the following CVEs:
+
+o  CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
+o  CVE-2016-0771 (Out-of-bounds read in internal DNS server)
+
+=======
+Details
+=======
+
+o  CVE-2015-7560:
+   All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to
+   a malicious client overwriting the ownership of ACLs using symlinks.
+
+   An authenticated malicious client can use SMB1 UNIX extensions to
+   create a symlink to a file or directory, and then use non-UNIX SMB1
+   calls to overwrite the contents of the ACL on the file or directory
+   linked to.
+
+o  CVE-2016-0771:
+   All versions of Samba from 4.0.0 to 4.4.0rc3 inclusive, when deployed as
+   an AD DC and choose to run the internal DNS server, are vulnerable to an
+   out-of-bounds read issue during DNS TXT record handling caused by users
+   with permission to modify DNS records.
+
+   A malicious client can upload a specially constructed DNS TXT record,
+   resulting in a remote denial-of-service attack. As long as the affected
+   TXT record remains undisturbed in the Samba database, a targeted DNS
+   query may continue to trigger this exploit.
+
+   While unlikely, the out-of-bounds read may bypass safety checks and
+   allow leakage of memory from the server in the form of a DNS TXT reply.
+
+   By default only authenticated accounts can upload DNS records,
+   as "allow dns updates = secure only" is the default.
+   Any other value would allow anonymous clients to trigger this
+   bug, which is a much higher risk.
+
+
+Changes since 4.3.5:
+--------------------
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 11648: CVE-2015-7560: Getting and setting Windows ACLs on symlinks can
+     change permissions on link target.
+
+o  Garming Sam <garming at catalyst.net.nz>
+   * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT
+     handling.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT
+     handling.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 6452ebc..f0d83f6 100755
--- a/history/security.html
+++ b/history/security.html
@@ -22,6 +22,25 @@ link to full release notes for each release.</p>
       </tr>
 
     <tr>
+	<td>08 Mar 2016</td>
+	<td><a href="/samba/ftp/patches/security/samba-4.3.5-security-2016-03-08.patch">
+	patch for Samba 4.3.5</a><br />
+	<a href="/samba/ftp/patches/security/samba-4.2.8-security-2016-03-08.patch">
+	patch for Samba 4.2.8</a><br />
+	<a href="/samba/ftp/patches/security/samba-4.1.22-security-2016-03-08.patch">
+	patch for Samba 4.1.22</a><br />
+	<td>Incorrect ACL get/set allowed on symlink path, Out-of-bounds read in internal DNS server.
+	</td>
+	<td>please refer to the advisories</td>
+	<td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7560">CVE-2015-7560</a>, 
+	    <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0771">CVE-2016-0771</a>, 
+	</td>
+	<td><a href="/samba/security/CVE-2015-7560.html">Announcement</a>
+	    <a href="/samba/security/CVE-2016-0771.html">Announcement</a>
+	</td>
+    </tr>
+
+    <tr>
 	<td>16 Dec 2015</td>
 	<td><a href="/samba/ftp/patches/security/samba-4.3.2-security-2015-12-16.patch">
 	patch for Samba 4.3.2</a><br />
diff --git a/posted_news/20160308-112832.4.3.6.body.html b/posted_news/20160308-112832.4.3.6.body.html
new file mode 100644
index 0000000..1386f72
--- /dev/null
+++ b/posted_news/20160308-112832.4.3.6.body.html
@@ -0,0 +1,33 @@
+<!-- BEGIN: posted_news/20160308-112832.4.3.6.body.html -->
+<h5><a name="4.3.6">08 March 2016</a></h5>
+<p class=headline>Samba 4.3.6, 4.2.9, 4.1.23 and 4.4.0rc4 Security Releases
+Available for Download</p>
+<p>
+These are Security Releases in order to address 
+<a href="/samba/security/CVE-2015-7560.html">CVE-2015-7560</a> and 
+<a href="/samba/security/CVE-2016-0771.html">CVE-2016-0771</a>.
+</p>
+
+</p>
+<p>
+The uncompressed tarballs have been signed using GnuPG (ID 6568B7EA).
+The 4.3.6 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.3.6.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.3.5-4.3.6.diffs.gz">patch against Samba 4.3.5</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.3.6.html">the release notes for more info</a>.
+<br>
+The 4.2.9 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.2.9.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.2.8-4.2.9.diffs.gz">patch
+against Samba 4.2.8</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.2.9.html">the release notes for more info</a>.
+<br>
+The 4.1.23 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.1.23.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.1.22-4.1.23.diffs.gz">patch
+against Samba 4.1.22</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.1.23.html">the release notes for more info</a>.
+<br>
+The 4.4.0rc4 source code can be <a href="https://download.samba.org/pub/samba/rc/samba-4.4.0rc4.tar.gz">downloaded now</a>.
+See <a href="https://download.samba.org/pub/samba/rc/samba-4.3.0rc4.WHATSNEW.txt">the release notes for more info</a>.
+Please note that this release contains additional patches, not just security patches.
+</p>
+
+<!-- END: posted_news/20160308-112832.4.3.6.body.html -->
diff --git a/posted_news/20160308-112832.4.3.6.headline.html b/posted_news/20160308-112832.4.3.6.headline.html
new file mode 100644
index 0000000..fa3942b
--- /dev/null
+++ b/posted_news/20160308-112832.4.3.6.headline.html
@@ -0,0 +1,3 @@
+<!-- BEGIN: posted_news/20160308-112832.4.3.6.headline.html -->
+<li> 08 March 2016 <a href="#4.3.6">Samba 4.3.6, 4.2.9, 4.1.23 and 4.4.0rc4 Security Releases Available for Download</a></li>
+<!-- END: posted_news/20160308-112832.4.3.6.headline.html -->
diff --git a/security/CVE-2015-7560.html b/security/CVE-2015-7560.html
new file mode 100644
index 0000000..ccd2075
--- /dev/null
+++ b/security/CVE-2015-7560.html
@@ -0,0 +1,77 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2015-7560.html:</H2>
+
+<p>
+<pre>
+===========================================================
+== Subject:     Incorrect ACL get/set allowed on symlink path.
+==
+== CVE ID#:     CVE-2015-7560
+==
+== Versions:    Samba 3.2.0 to 4.4.0rc3
+==
+== Summary:     Authenticated client could cause Samba to
+==              overwrite ACLs with incorrect owner/group.
+==
+===========================================================
+
+===========
+Description
+===========
+
+All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to
+a malicious client overwriting the ownership of ACLs using symlinks.
+
+An authenticated malicious client can use SMB1 UNIX extensions to
+create a symlink to a file or directory, and then use non-UNIX SMB1
+calls to overwrite the contents of the ACL on the file or directory
+linked to.
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+  https://www.samba.org/samba/security/
+
+Additionally, Samba 4.4.0rc4, 4.3.6, 4.2.9 and 4.1.23 have been issued as
+security releases to correct the defect. Patches against older Samba
+versions are available at https://www.samba.org/samba/patches/. Samba
+vendors and administrators running affected versions are advised to
+upgrade or apply the patch as soon as possible.
+
+==========
+Workaround
+==========
+
+Add the parameter:
+
+unix extensions = no
+
+to the [global] section of your smb.conf and restart smbd.
+
+Alternatively, prohibit the use of SMB1 by setting the parameter:
+
+server min protocol = SMB2
+
+to the [global] section of your smb.conf and restart smbd.
+
+=======
+Credits
+=======
+
+This problem was found by Jeremy Allison of Google, Inc. and the Samba
+Team, who also provided the fix.
+</pre>
+</body>
+</html>
diff --git a/security/CVE-2016-0771.html b/security/CVE-2016-0771.html
new file mode 100644
index 0000000..888fc6c
--- /dev/null
+++ b/security/CVE-2016-0771.html
@@ -0,0 +1,78 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2016-0771.html:</H2>
+
+<p>
+<pre>
+===========================================================
+== Subject:     Out-of-bounds read in internal DNS server
+==
+== CVE ID#:     CVE-2016-0771
+==
+== Versions:    Samba 4.0.0 to 4.4.0rc3
+==
+== Summary:     Malicious request can cause the Samba internal
+==              DNS server to crash or unintentionally return
+==              uninitialized memory.
+==
+===========================================================
+
+===========
+Description
+===========
+
+All versions of Samba from 4.0.0 to 4.4.0rc3 inclusive, when deployed as
+an AD DC and choose to run the internal DNS server, are vulnerable to an
+out-of-bounds read issue during DNS TXT record handling caused by users
+with permission to modify DNS records.
+
+A malicious client can upload a specially constructed DNS TXT record,
+resulting in a remote denial-of-service attack. As long as the affected
+TXT record remains undisturbed in the Samba database, a targeted DNS
+query may continue to trigger this exploit.
+
+While unlikely, the out-of-bounds read may bypass safety checks and
+allow leakage of memory from the server in the form of a DNS TXT reply.
+
+By default only authenticated accounts can upload DNS records,
+as "allow dns updates = secure only" is the default.
+Any other value would allow anonymous clients to trigger this
+bug, which is a much higher risk.
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to


-- 
Samba Website Repository



More information about the samba-cvs mailing list