[SCM] Samba Website Repository - branch master updated
Karolin Seeger
kseeger at samba.org
Wed May 24 07:11:02 UTC 2017
The branch, master has been updated
via e3d56ec NEWS[4.6.4]: Samba 4.6.4 Available for Download
from b790b7e Add Samba 4.5.9 to the list.
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e3d56ec5a23b5e140ccf1d3935de453d31f342f6
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue May 23 10:22:15 2017 +0200
NEWS[4.6.4]: Samba 4.6.4 Available for Download
Signed-off-by: Karolin Seeger <kseeger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/header_history.html | 3 ++
history/samba-4.4.14.html | 51 ++++++++++++++++++
history/samba-4.5.10.html | 51 ++++++++++++++++++
history/samba-4.6.4.html | 51 ++++++++++++++++++
history/security.html | 13 +++++
posted_news/20170524-064910.4.6.4.body.html | 24 +++++++++
posted_news/20170524-064910.4.6.4.headline.html | 3 ++
security/CVE-2017-7494.html | 70 +++++++++++++++++++++++++
8 files changed, 266 insertions(+)
create mode 100644 history/samba-4.4.14.html
create mode 100644 history/samba-4.5.10.html
create mode 100644 history/samba-4.6.4.html
create mode 100644 posted_news/20170524-064910.4.6.4.body.html
create mode 100644 posted_news/20170524-064910.4.6.4.headline.html
create mode 100644 security/CVE-2017-7494.html
Changeset truncated at 500 lines:
diff --git a/history/header_history.html b/history/header_history.html
index 75ffe51..8eb4409 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,10 +9,12 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.6.4.html">samba-4.6.4</a></li>
<li><a href="samba-4.6.3.html">samba-4.6.3</a></li>
<li><a href="samba-4.6.2.html">samba-4.6.2</a></li>
<li><a href="samba-4.6.1.html">samba-4.6.1</a></li>
<li><a href="samba-4.6.0.html">samba-4.6.0</a></li>
+ <li><a href="samba-4.5.10.html">samba-4.5.10</a></li>
<li><a href="samba-4.5.9.html">samba-4.5.9</a></li>
<li><a href="samba-4.5.8.html">samba-4.5.8</a></li>
<li><a href="samba-4.5.7.html">samba-4.5.7</a></li>
@@ -23,6 +25,7 @@
<li><a href="samba-4.5.2.html">samba-4.5.2</a></li>
<li><a href="samba-4.5.1.html">samba-4.5.1</a></li>
<li><a href="samba-4.5.0.html">samba-4.5.0</a></li>
+ <li><a href="samba-4.4.14.html">samba-4.4.14</a></li>
<li><a href="samba-4.4.13.html">samba-4.4.13</a></li>
<li><a href="samba-4.4.12.html">samba-4.4.12</a></li>
<li><a href="samba-4.4.11.html">samba-4.4.11</a></li>
diff --git a/history/samba-4.4.14.html b/history/samba-4.4.14.html
new file mode 100644
index 0000000..cfccda0
--- /dev/null
+++ b/history/samba-4.4.14.html
@@ -0,0 +1,51 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.4.14 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.4.14 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.4.14.tar.gz">Samba 4.4.14 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.4.14.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.4.13-4.4.14.diffs.gz">Patch (gzipped) against Samba 4.4.13</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.4.13-4.4.14.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.4.14
+ May 24, 2017
+ ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2017-7494 (Remote code execution from a writable share)
+
+=======
+Details
+=======
+
+o CVE-2017-7494:
+ All versions of Samba from 3.5.0 onwards are vulnerable to a remote
+ code execution vulnerability, allowing a malicious client to upload a
+ shared library to a writable share, and then cause the server to load
+ and execute it.
+
+
+Changes since 4.4.13:
+---------------------
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
+ share.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.5.10.html b/history/samba-4.5.10.html
new file mode 100644
index 0000000..b7f7683
--- /dev/null
+++ b/history/samba-4.5.10.html
@@ -0,0 +1,51 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.5.10 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.5.10 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.5.10.tar.gz">Samba 4.5.10 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.5.10.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.5.9-4.5.10.diffs.gz">Patch (gzipped) against Samba 4.5.9</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.5.9-4.5.10.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.5.10
+ May 24, 2017
+ ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2017-7494 (Remote code execution from a writable share)
+
+=======
+Details
+=======
+
+o CVE-2017-7494:
+ All versions of Samba from 3.5.0 onwards are vulnerable to a remote
+ code execution vulnerability, allowing a malicious client to upload a
+ shared library to a writable share, and then cause the server to load
+ and execute it.
+
+
+Changes since 4.5.9:
+--------------------
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
+ share.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.6.4.html b/history/samba-4.6.4.html
new file mode 100644
index 0000000..8c58608
--- /dev/null
+++ b/history/samba-4.6.4.html
@@ -0,0 +1,51 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.6.4 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.6.4 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.6.4.tar.gz">Samba 4.6.4 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.6.4.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.6.3-4.6.4.diffs.gz">Patch (gzipped) against Samba 4.6.3</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.6.3-4.6.4.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ =============================
+ Release Notes for Samba 4.6.4
+ May 24, 2017
+ =============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2017-7494 (Remote code execution from a writable share)
+
+=======
+Details
+=======
+
+o CVE-2017-7494:
+ All versions of Samba from 3.5.0 onwards are vulnerable to a remote
+ code execution vulnerability, allowing a malicious client to upload a
+ shared library to a writable share, and then cause the server to load
+ and execute it.
+
+
+Changes since 4.6.3:
+---------------------
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 12780: CVE-2017-7494: Avoid remote code execution from a writable
+ share.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 13e743d..c2081ea 100755
--- a/history/security.html
+++ b/history/security.html
@@ -22,6 +22,19 @@ link to full release notes for each release.</p>
</tr>
<tr>
+ <td>24 May 2017</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.6.3-4.5.9-4.4.13-CVE-2017-7494.patch">
+ patch for Samba 4.6.3, 4.5.9, 4.4.13</a><br />
+ <td>Remote code execution from a writable share.
+ </td>
+ <td>All versions between Samba 3.5.0 and 4.6.4/4.5.10/4.4.14</td>
+ <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494">CVE-2017-7494</a>
+ </td>
+ <td><a href="/samba/security/CVE-2017-7494.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
<td>23 Mar 2017</td>
<td><a href="/samba/ftp/patches/security/samba-4.6.0-CVE-2017-2619.patch">
patch for Samba 4.6.0</a><br />
diff --git a/posted_news/20170524-064910.4.6.4.body.html b/posted_news/20170524-064910.4.6.4.body.html
new file mode 100644
index 0000000..eea708a
--- /dev/null
+++ b/posted_news/20170524-064910.4.6.4.body.html
@@ -0,0 +1,24 @@
+<!-- BEGIN: posted_news/20170524-064910.4.6.4.body.html -->
+<h5><a name="4.6.4">24 May 2017</a></h5>
+<p class=headline>Samba 4.6.4, 4.5.10 and 4.4.14 Security Releases Available for Download</p>
+<p>
+These are security releases in order to address
+<a href="/samba/security/CVE-2017-7494.html">CVE-2017-7494</a>
+(Remote code execution from a writable share).
+</p>
+The 4.6.4 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.6.4.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.6.3-4.6.4.diffs.gz">patch against Samba 4.6.3</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.6.4.html">the release notes for more info</a>.
+<br>
+The 4.5.10 source code can be <a
+href="https://download.samba.org/pub/samba/stable/samba-4.5.10.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.5.9-4.5.10.diffs.gz">patch against Samba 4.5.9</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.5.10.html">the release notes for more info</a>.
+<br>
+The 4.4.14 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.4.14.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.4.13-4.4.14.diffs.gz">patch against Samba 4.4.13</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.4.14.html">the release notes for more info</a>.
+<p>
+
+</p>
+<!-- END: posted_news/20170524-064910.4.6.4.body.html -->
diff --git a/posted_news/20170524-064910.4.6.4.headline.html b/posted_news/20170524-064910.4.6.4.headline.html
new file mode 100644
index 0000000..9dc4f06
--- /dev/null
+++ b/posted_news/20170524-064910.4.6.4.headline.html
@@ -0,0 +1,3 @@
+<!-- BEGIN: posted_news/20170524-064910.4.6.4.headline.html -->
+<li> 24 May 2017 <a href="#4.6.4">Samba 4.6.4, 4.5.10 and 4.4.14 Security Releases Available for Download</a></li>
+<!-- END: posted_news/20170524-064910.4.6.4.headline.html -->
diff --git a/security/CVE-2017-7494.html b/security/CVE-2017-7494.html
new file mode 100644
index 0000000..0b85dac
--- /dev/null
+++ b/security/CVE-2017-7494.html
@@ -0,0 +1,70 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2017-7494.html:</H2>
+
+<p>
+<pre>
+====================================================================
+== Subject: Remote code execution from a writable share.
+==
+== CVE ID#: CVE-2017-7494
+==
+== Versions: All versions of Samba from 3.5.0 onwards.
+==
+== Summary: Malicious clients can upload and cause the smbd server
+== to execute a shared library from a writable share.
+==
+====================================================================
+
+===========
+Description
+===========
+
+All versions of Samba from 3.5.0 onwards are vulnerable to a remote
+code execution vulnerability, allowing a malicious client to upload a
+shared library to a writable share, and then cause the server to load
+and execute it.
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as
+security releases to correct the defect. Patches against older Samba
+versions are available at http://samba.org/samba/patches/. Samba
+vendors and administrators running affected versions are advised to
+upgrade or apply the patch as soon as possible.
+
+==========
+Workaround
+==========
+
+Add the parameter:
+
+nt pipe support = no
+
+to the [global] section of your smb.conf and restart smbd. This
+prevents clients from accessing any named pipe endpoints. Note this
+can disable some expected functionality for Windows clients.
+
+=======
+Credits
+=======
+
+This problem was found by steelo <knownsteelo at gmail.com>. Volker
+Lendecke of SerNet and the Samba Team provided the fix.
+</pre>
+</body>
+</html>
--
Samba Website Repository
More information about the samba-cvs
mailing list