[SCM] Samba Website Repository - branch master updated
Karolin Seeger
kseeger at samba.org
Tue Nov 21 08:22:47 UTC 2017
The branch, master has been updated
via 6e8322d NEWS[4.7.3]: Samba 4.7.3, 4.6.11 and 4.5.15 Security Releases Available
via ae93136 Add security advisories and update sec page.
via be7a5ac Add Samba 4.7.3, 4.6.11 and 4.5.15 to the list.
from 2d46ea3 Add Samba 4.6.10 to the list.
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6e8322ded20f63979871331ce2c61bd63210b59e
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Nov 20 12:22:06 2017 +0100
NEWS[4.7.3]: Samba 4.7.3, 4.6.11 and 4.5.15 Security Releases Available
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit ae931363c7bfbe4dc41164d2bedcba7c8e407b93
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Nov 21 08:54:45 2017 +0100
Add security advisories and update sec page.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit be7a5ac1aa81c9ffe450e69c06c6b6424c275adf
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Nov 21 08:42:36 2017 +0100
Add Samba 4.7.3, 4.6.11 and 4.5.15 to the list.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/header_history.html | 3 +
history/samba-4.5.15.html | 70 ++++++++++++++++++++++
history/samba-4.6.11.html | 70 ++++++++++++++++++++++
history/samba-4.7.3.html | 70 ++++++++++++++++++++++
history/security.html | 19 ++++++
posted_news/20171121-080701.4.7.3.body.html | 23 +++++++
posted_news/20171121-080701.4.7.3.headline.html | 3 +
.../{CVE-2017-7494.html => CVE-2017-14746.html} | 35 +++++------
security/CVE-2017-15275.html | 69 +++++++++++++++++++++
9 files changed, 345 insertions(+), 17 deletions(-)
create mode 100644 history/samba-4.5.15.html
create mode 100644 history/samba-4.6.11.html
create mode 100644 history/samba-4.7.3.html
create mode 100644 posted_news/20171121-080701.4.7.3.body.html
create mode 100644 posted_news/20171121-080701.4.7.3.headline.html
copy security/{CVE-2017-7494.html => CVE-2017-14746.html} (51%)
create mode 100644 security/CVE-2017-15275.html
Changeset truncated at 500 lines:
diff --git a/history/header_history.html b/history/header_history.html
index 10a2a78..fea500a 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,9 +9,11 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.7.3.html">samba-4.7.3</a></li>
<li><a href="samba-4.7.2.html">samba-4.7.2</a></li>
<li><a href="samba-4.7.1.html">samba-4.7.1</a></li>
<li><a href="samba-4.7.0.html">samba-4.7.0</a></li>
+ <li><a href="samba-4.6.11.html">samba-4.6.11</a></li>
<li><a href="samba-4.6.10.html">samba-4.6.10</a></li>
<li><a href="samba-4.6.9.html">samba-4.6.9</a></li>
<li><a href="samba-4.6.8.html">samba-4.6.8</a></li>
@@ -23,6 +25,7 @@
<li><a href="samba-4.6.2.html">samba-4.6.2</a></li>
<li><a href="samba-4.6.1.html">samba-4.6.1</a></li>
<li><a href="samba-4.6.0.html">samba-4.6.0</a></li>
+ <li><a href="samba-4.5.15.html">samba-4.5.15</a></li>
<li><a href="samba-4.5.14.html">samba-4.5.14</a></li>
<li><a href="samba-4.5.13.html">samba-4.5.13</a></li>
<li><a href="samba-4.5.12.html">samba-4.5.12</a></li>
diff --git a/history/samba-4.5.15.html b/history/samba-4.5.15.html
new file mode 100644
index 0000000..70db7a8
--- /dev/null
+++ b/history/samba-4.5.15.html
@@ -0,0 +1,70 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.5.15 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.5.15 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.5.15.tar.gz">Samba 4.5.15 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.5.15.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.5.14-4.5.15.diffs.gz">Patch (gzipped) against Samba 4.5.14</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.5.14-4.5.15.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.5.15
+ November 21, 2017
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2017-14746 (Use-after-free vulnerability.)
+o CVE-2017-15275 (Server heap memory information leak.)
+
+
+=======
+Details
+=======
+
+o CVE-2017-14746:
+ All versions of Samba from 4.0.0 onwards are vulnerable to a use after
+ free vulnerability, where a malicious SMB1 request can be used to
+ control the contents of heap memory via a deallocated heap pointer. It
+ is possible this may be used to compromise the SMB server.
+
+o CVE-2017-15275:
+ All versions of Samba from 3.6.0 onwards are vulnerable to a heap
+ memory information leak, where server allocated heap memory may be
+ returned to the client without being cleared.
+
+ There is no known vulnerability associated with this error, but
+ uncleared heap memory may contain previously used data that may help
+ an attacker compromise the server via other methods. Uncleared heap
+ memory may potentially contain password hashes or other high-value
+ data.
+
+For more details and workarounds, please see the security advisories:
+
+ o https://www.samba.org/samba/security/CVE-2017-14746.html
+ o https://www.samba.org/samba/security/CVE-2017-15275.html
+
+
+Changes since 4.5.14:
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 13041: CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug.
+ * BUG 13077: CVE-2017-15275: s3: smbd: Chain code can return uninitialized
+ memory when talloc buffer is grown.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.6.11.html b/history/samba-4.6.11.html
new file mode 100644
index 0000000..1119628
--- /dev/null
+++ b/history/samba-4.6.11.html
@@ -0,0 +1,70 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.6.11 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.6.11 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.6.11.tar.gz">Samba 4.6.11 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.6.11.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.6.10-4.6.11.diffs.gz">Patch (gzipped) against Samba 4.6.10</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.6.10-4.6.11.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.6.11
+ November 21, 2017
+ =============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2017-14746 (Use-after-free vulnerability.)
+o CVE-2017-15275 (Server heap memory information leak.)
+
+
+=======
+Details
+=======
+
+o CVE-2017-14746:
+ All versions of Samba from 4.0.0 onwards are vulnerable to a use after
+ free vulnerability, where a malicious SMB1 request can be used to
+ control the contents of heap memory via a deallocated heap pointer. It
+ is possible this may be used to compromise the SMB server.
+
+o CVE-2017-15275:
+ All versions of Samba from 3.6.0 onwards are vulnerable to a heap
+ memory information leak, where server allocated heap memory may be
+ returned to the client without being cleared.
+
+ There is no known vulnerability associated with this error, but
+ uncleared heap memory may contain previously used data that may help
+ an attacker compromise the server via other methods. Uncleared heap
+ memory may potentially contain password hashes or other high-value
+ data.
+
+For more details and workarounds, please see the security advisories:
+
+ o https://www.samba.org/samba/security/CVE-2017-14746.html
+ o https://www.samba.org/samba/security/CVE-2017-15275.html
+
+
+Changes since 4.6.10:
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 13041: CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug.
+ * BUG 13077: CVE-2017-15275: s3: smbd: Chain code can return uninitialized
+ memory when talloc buffer is grown.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.7.3.html b/history/samba-4.7.3.html
new file mode 100644
index 0000000..a0ccda4
--- /dev/null
+++ b/history/samba-4.7.3.html
@@ -0,0 +1,70 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.7.3 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.7.3 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.7.3.tar.gz">Samba 4.7.3 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.7.3.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.7.2-4.7.3.diffs.gz">Patch (gzipped) against Samba 4.7.2</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.7.2-4.7.3.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ =============================
+ Release Notes for Samba 4.7.3
+ November 21, 2017
+ =============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2017-14746 (Use-after-free vulnerability.)
+o CVE-2017-15275 (Server heap memory information leak.)
+
+
+=======
+Details
+=======
+
+o CVE-2017-14746:
+ All versions of Samba from 4.0.0 onwards are vulnerable to a use after
+ free vulnerability, where a malicious SMB1 request can be used to
+ control the contents of heap memory via a deallocated heap pointer. It
+ is possible this may be used to compromise the SMB server.
+
+o CVE-2017-15275:
+ All versions of Samba from 3.6.0 onwards are vulnerable to a heap
+ memory information leak, where server allocated heap memory may be
+ returned to the client without being cleared.
+
+ There is no known vulnerability associated with this error, but
+ uncleared heap memory may contain previously used data that may help
+ an attacker compromise the server via other methods. Uncleared heap
+ memory may potentially contain password hashes or other high-value
+ data.
+
+For more details and workarounds, please see the security advisories:
+
+ o https://www.samba.org/samba/security/CVE-2017-14746.html
+ o https://www.samba.org/samba/security/CVE-2017-15275.html
+
+
+Changes since 4.7.2:
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 13041: CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug.
+ * BUG 13077: CVE-2017-15275: s3: smbd: Chain code can return uninitialized
+ memory when talloc buffer is grown.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 44c33cc..79958ea 100755
--- a/history/security.html
+++ b/history/security.html
@@ -22,6 +22,25 @@ link to full release notes for each release.</p>
</tr>
<tr>
+ <td>21 Nov 2017</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.7.2-security-2017-11-21.patch">
+ patch for Samba 4.7.2</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.6.10-security-2017-11-21.patch">
+ patch for Samba 4.6.10</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.5.14-security-2017-11-21.patch">
+ patch for Samba 4.5.14</a><br />
+ <td>Numerous CVEs. Please see the announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14746">CVE-2017-14746</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275">CVE-2017-15275</a>
+ </td>
+ <td><a href="/samba/security/CVE-2017-14746.html">Announcement</a>,
+ <a href="/samba/security/CVE-2017-15275.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
<td>20 Sep 2017</td>
<td><a href="/samba/ftp/patches/security/samba-4.6.7-security-2017-09-20.patch">
patch for Samba 4.6.7</a><br />
diff --git a/posted_news/20171121-080701.4.7.3.body.html b/posted_news/20171121-080701.4.7.3.body.html
new file mode 100644
index 0000000..c9d9bec
--- /dev/null
+++ b/posted_news/20171121-080701.4.7.3.body.html
@@ -0,0 +1,23 @@
+<!-- BEGIN: posted_news/20171121-080701.4.7.3.body.html -->
+<h5><a name="4.7.3">21 November 2017</a></h5>
+<p class=headline>Samba 4.7.3, 4.6.11 and 4.5.15 Security Releases Available for Download</p>
+<p>
+These are security releases in order to address
+<a href="/samba/security/CVE-2017-14746.html">CVE-2017-14746</a>
+(Use-after-free vulnerability) and <a href="/samba/security/CVE-2017-15275.html">CVE-2017-15275</a> (Server heap memory information leak).
+</p>
+<p>
+The uncompressed tarballs have been signed using GnuPG (ID 6F33915B6568B7EA).
+
+The 4.7.3 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.7.3.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.7.2-4.7.3.diffs.gz">patch against Samba 4.7.2</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.7.3.html">the release notes for more info</a>.
+<br>
+The 4.6.11 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.6.11.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.6.10-4.6.11.diffs.gz">patch against Samba 4.6.10</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.6.11.html">the release notes for more info</a>.
+<br>
+The 4.5.15 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.5.15.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.5.14-4.5.15.diffs.gz">patch against Samba 4.5.14</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.5.15.html">the release notes for more info</a>.
+<!-- END: posted_news/20171121-080701.4.7.3.body.html -->
diff --git a/posted_news/20171121-080701.4.7.3.headline.html b/posted_news/20171121-080701.4.7.3.headline.html
new file mode 100644
index 0000000..a155e4b
--- /dev/null
+++ b/posted_news/20171121-080701.4.7.3.headline.html
@@ -0,0 +1,3 @@
+<!-- BEGIN: posted_news/20171121-080701.4.7.3.headline.html -->
+<li> 21 November 2017 <a href="#4.7.3">Samba 4.7.3, 4.6.11 and 4.5.15 Security Releases Available for Download</a></li>
+<!-- END: posted_news/20171121-080701.4.7.3.headline.html -->
diff --git a/security/CVE-2017-7494.html b/security/CVE-2017-14746.html
similarity index 51%
copy from security/CVE-2017-7494.html
copy to security/CVE-2017-14746.html
index 0b85dac..57e92ea 100644
--- a/security/CVE-2017-7494.html
+++ b/security/CVE-2017-14746.html
@@ -8,19 +8,19 @@
<body>
- <H2>CVE-2017-7494.html:</H2>
+ <H2>CVE-2017-14746.html:</H2>
<p>
<pre>
====================================================================
-== Subject: Remote code execution from a writable share.
+== Subject: Use-after-free vulnerability.
==
-== CVE ID#: CVE-2017-7494
+== CVE ID#: CVE-2017-14746
==
-== Versions: All versions of Samba from 3.5.0 onwards.
+== Versions: All versions of Samba from 4.0.0 onwards.
==
-== Summary: Malicious clients can upload and cause the smbd server
-== to execute a shared library from a writable share.
+== Summary: A client may use an SMB1 request to manipulate
+== the contents of heap space.
==
====================================================================
@@ -28,10 +28,10 @@
Description
===========
-All versions of Samba from 3.5.0 onwards are vulnerable to a remote
-code execution vulnerability, allowing a malicious client to upload a
-shared library to a writable share, and then cause the server to load
-and execute it.
+All versions of Samba from 4.0.0 onwards are vulnerable to a use after
+free vulnerability, where a malicious SMB1 request can be used to
+control the contents of heap memory via a deallocated heap pointer. It
+is possible this may be used to compromise the SMB server.
==================
Patch Availability
@@ -41,7 +41,7 @@ A patch addressing this defect has been posted to
http://www.samba.org/samba/security/
-Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as
+Additionally, Samba 4.7.3, 4.6.11 and 4.5.15 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
@@ -51,20 +51,21 @@ upgrade or apply the patch as soon as possible.
Workaround
==========
-Add the parameter:
+Prevent SMB1 access to the server by setting the parameter:
-nt pipe support = no
+server min protocol = SMB2
to the [global] section of your smb.conf and restart smbd. This
-prevents clients from accessing any named pipe endpoints. Note this
-can disable some expected functionality for Windows clients.
+prevents and SMB1 access to the server. Note this could cause older
+clients to be unable to connect to the server.
=======
Credits
=======
-This problem was found by steelo <knownsteelo at gmail.com>. Volker
-Lendecke of SerNet and the Samba Team provided the fix.
+This problem was found by Yihan Lian and Zhibin Hu of Qihoo 360
+GearTeam. Jeremy Allison of Google and the Samba Team provided the
+fix.
</pre>
</body>
</html>
diff --git a/security/CVE-2017-15275.html b/security/CVE-2017-15275.html
new file mode 100644
index 0000000..7f70669
--- /dev/null
+++ b/security/CVE-2017-15275.html
@@ -0,0 +1,69 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2017-15275.html:</H2>
+
+<p>
+<pre>
+====================================================================
+== Subject: Server heap memory information leak.
+==
+== CVE ID#: CVE-2017-15275
+==
+== Versions: All versions of Samba from 3.6.0 onwards.
+==
+== Summary: The server may return the contents of heap
+== allocated memory to the client.
+==
+====================================================================
+
+===========
+Description
+===========
+
+All versions of Samba from 3.6.0 onwards are vulnerable to a heap
+memory information leak, where server allocated heap memory may be
+returned to the client without being cleared.
+
+There is no known vulnerability associated with this error, but
+uncleared heap memory may contain previously used data that may help
+an attacker compromise the server via other methods. Uncleared heap
+memory may potentially contain password hashes or other high-value
+data.
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 4.7.3, 4.6.11 and 4.5.15 have been issued as
+security releases to correct the defect. Patches against older Samba
+versions are available at http://samba.org/samba/patches/. Samba
+vendors and administrators running affected versions are advised to
+upgrade or apply the patch as soon as possible.
+
+==========
+Workaround
+==========
+
+None.
+
+=======
+Credits
+=======
+
+This problem was found by Volker Lendecke of SerNet and the Samba
+Team. Jeremy Allison of Google and the Samba Team provided the fix.
+</pre>
+</body>
+</html>
--
Samba Website Repository
More information about the samba-cvs
mailing list