[SCM] Samba Shared Repository - branch v4-4-stable updated

Stefan Metzmacher metze at samba.org
Wed Jul 12 11:42:48 UTC 2017 

The branch, v4-4-stable has been updated
       via  9fb0aa5 VERSION: Release Samba 4.4.15 for CVE-2017-11103
       via  d80bf44 WHATSNEW: Add release notes for Samba 4.4.15
       via  fd4c30b CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
       via  c8dea65 Revert "s3: locking: Move two leases functions into a new file."
       via  8d23e33 Revert "s3: locking: Update oplock optimization for the leases era !"
       via  a709729 VERSION: Bump version up to 4.4.15.
       via  63684f6 Merge tag 'samba-4.4.14' into v4-4-test
       via  dea3200 VERSION: Bump version up to 4.4.14.
       via  4a63ccd Merge tag 'samba-4.4.13' into v4-4-test
       via  0839f6c s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2
       via  ed694d0 s3: smbd: Fix "follow symlink = no" regression part 2.
       via  8e3e969 s3: smbd: Fix "follow symlink = no" regression part 2.
       via  9a5be8b s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"
       via  161a078 s3: Test for CVE-2017-2619 regression with "follow symlinks = no".
       via  4a6d828e s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).
       via  2e00feb s3: locking: Update oplock optimization for the leases era !
       via  419f5cc s3: locking: Move two leases functions into a new file.
       via  7086fb6 VERSION: Bump version up to 4.4.13.
       via  f2ae4c7 Merge tag 'samba-4.4.12' into v4-4-test
       via  ca33b7c VERSION: Bump version up to Samba 4.4.12...
      from  f0ec0c2 VERSION: Disable GIT_SNAPSHOT for the 4.4.14 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-stable


- Log -----------------------------------------------------------------
commit 9fb0aa56baf317c5bf18417c5516f951207af82d
Author: Bob Campbell <bobcampbell at catalyst.net.nz>
Date:   Wed Jul 12 15:21:27 2017 +1200

    VERSION: Release Samba 4.4.15 for CVE-2017-11103
    
    Signed-off-by: Bob Campbell <bobcampbell at catalyst.net.nz>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

commit d80bf4429be217980161a95f67d86c0d22380cb3
Author: Bob Campbell <bobcampbell at catalyst.net.nz>
Date:   Wed Jul 12 15:20:28 2017 +1200

    WHATSNEW: Add release notes for Samba 4.4.15
    
    Signed-off-by: Bob Campbell <bobcampbell at catalyst.net.nz>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

commit fd4c30bf5266b0d3a8c9cb3a6ac44d4f7ee3ac75
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date:   Wed Apr 12 15:40:42 2017 -0400

    CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
    
    In _krb5_extract_ticket() the KDC-REP service name must be obtained from
    encrypted version stored in 'enc_part' instead of the unencrypted version
    stored in 'ticket'.  Use of the unecrypted version provides an
    opportunity for successful server impersonation and other attacks.
    
    Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
    
    Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
    (based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea)
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 VERSION                           |  2 +-
 WHATSNEW.txt                      | 56 +++++++++++++++++++++++++++++++++++++--
 source4/heimdal/lib/krb5/ticket.c |  4 +--
 3 files changed, 57 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 002f76d..1a67456 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=4
-SAMBA_VERSION_RELEASE=14
+SAMBA_VERSION_RELEASE=15
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f6688b0..476ea80 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,57 @@
                    ==============================
+                   Release Notes for Samba 4.4.15
+                            July 12, 2017
+                   ==============================
+
+
+This is a security release in order to address the following defect:
+
+o  CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass)
+
+=======
+Details
+=======
+
+o  CVE-2017-11103 (Heimdal):
+   All versions of Samba from 4.0.0 onwards using embedded Heimdal
+   Kerberos are vulnerable to a man-in-the-middle attack impersonating
+   a trusted server, who may gain elevated access to the domain by
+   returning malicious replication or authorization data.
+
+   Samba binaries built against MIT Kerberos are not vulnerable.
+
+
+Changes since 4.4.14:
+---------------------
+
+o  Jeffrey Altman <jaltman at secure-endpoints.com>
+   * BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+                   ==============================
                    Release Notes for Samba 4.4.14
                             May 24, 2017
                    ==============================
@@ -47,8 +100,7 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+---------------------------------------------------------------------
 
                    ==============================
                    Release Notes for Samba 4.4.13
diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c
index 064bbfb..5a317c7 100644
--- a/source4/heimdal/lib/krb5/ticket.c
+++ b/source4/heimdal/lib/krb5/ticket.c
@@ -641,8 +641,8 @@ _krb5_extract_ticket(krb5_context context,
     /* check server referral and save principal */
     ret = _krb5_principalname2krb5_principal (context,
 					      &tmp_principal,
-					      rep->kdc_rep.ticket.sname,
-					      rep->kdc_rep.ticket.realm);
+					      rep->enc_part.sname,
+					      rep->enc_part.srealm);
     if (ret)
 	goto out;
     if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){


-- 
Samba Shared Repository

More information about the samba-cvs mailing list