[SCM] Samba Shared Repository - branch v4-4-stable updated
Stefan Metzmacher
metze at samba.org
Wed Jul 12 11:42:48 UTC 2017
The branch, v4-4-stable has been updated
via 9fb0aa5 VERSION: Release Samba 4.4.15 for CVE-2017-11103
via d80bf44 WHATSNEW: Add release notes for Samba 4.4.15
via fd4c30b CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
via c8dea65 Revert "s3: locking: Move two leases functions into a new file."
via 8d23e33 Revert "s3: locking: Update oplock optimization for the leases era !"
via a709729 VERSION: Bump version up to 4.4.15.
via 63684f6 Merge tag 'samba-4.4.14' into v4-4-test
via dea3200 VERSION: Bump version up to 4.4.14.
via 4a63ccd Merge tag 'samba-4.4.13' into v4-4-test
via 0839f6c s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2
via ed694d0 s3: smbd: Fix "follow symlink = no" regression part 2.
via 8e3e969 s3: smbd: Fix "follow symlink = no" regression part 2.
via 9a5be8b s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"
via 161a078 s3: Test for CVE-2017-2619 regression with "follow symlinks = no".
via 4a6d828e s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).
via 2e00feb s3: locking: Update oplock optimization for the leases era !
via 419f5cc s3: locking: Move two leases functions into a new file.
via 7086fb6 VERSION: Bump version up to 4.4.13.
via f2ae4c7 Merge tag 'samba-4.4.12' into v4-4-test
via ca33b7c VERSION: Bump version up to Samba 4.4.12...
from f0ec0c2 VERSION: Disable GIT_SNAPSHOT for the 4.4.14 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-stable
- Log -----------------------------------------------------------------
commit 9fb0aa56baf317c5bf18417c5516f951207af82d
Author: Bob Campbell <bobcampbell at catalyst.net.nz>
Date: Wed Jul 12 15:21:27 2017 +1200
VERSION: Release Samba 4.4.15 for CVE-2017-11103
Signed-off-by: Bob Campbell <bobcampbell at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit d80bf4429be217980161a95f67d86c0d22380cb3
Author: Bob Campbell <bobcampbell at catalyst.net.nz>
Date: Wed Jul 12 15:20:28 2017 +1200
WHATSNEW: Add release notes for Samba 4.4.15
Signed-off-by: Bob Campbell <bobcampbell at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit fd4c30bf5266b0d3a8c9cb3a6ac44d4f7ee3ac75
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: Wed Apr 12 15:40:42 2017 -0400
CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
(based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 56 +++++++++++++++++++++++++++++++++++++--
source4/heimdal/lib/krb5/ticket.c | 4 +--
3 files changed, 57 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 002f76d..1a67456 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=4
-SAMBA_VERSION_RELEASE=14
+SAMBA_VERSION_RELEASE=15
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f6688b0..476ea80 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,57 @@
==============================
+ Release Notes for Samba 4.4.15
+ July 12, 2017
+ ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass)
+
+=======
+Details
+=======
+
+o CVE-2017-11103 (Heimdal):
+ All versions of Samba from 4.0.0 onwards using embedded Heimdal
+ Kerberos are vulnerable to a man-in-the-middle attack impersonating
+ a trusted server, who may gain elevated access to the domain by
+ returning malicious replication or authorization data.
+
+ Samba binaries built against MIT Kerberos are not vulnerable.
+
+
+Changes since 4.4.14:
+---------------------
+
+o Jeffrey Altman <jaltman at secure-endpoints.com>
+ * BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
Release Notes for Samba 4.4.14
May 24, 2017
==============================
@@ -47,8 +100,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+---------------------------------------------------------------------
==============================
Release Notes for Samba 4.4.13
diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c
index 064bbfb..5a317c7 100644
--- a/source4/heimdal/lib/krb5/ticket.c
+++ b/source4/heimdal/lib/krb5/ticket.c
@@ -641,8 +641,8 @@ _krb5_extract_ticket(krb5_context context,
/* check server referral and save principal */
ret = _krb5_principalname2krb5_principal (context,
&tmp_principal,
- rep->kdc_rep.ticket.sname,
- rep->kdc_rep.ticket.realm);
+ rep->enc_part.sname,
+ rep->enc_part.srealm);
if (ret)
goto out;
if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
--
Samba Shared Repository
More information about the samba-cvs
mailing list