[SCM] Samba Website Repository - branch master updated
Karolin Seeger
kseeger at samba.org
Wed Sep 20 07:59:57 UTC 2017
The branch, master has been updated
via 4c18f0f NEWS[4.6.8]: Samba 4.6.8, 4.5.14 and 4.4.16 Available for Download
from 7f6aa86 NEWS[4.7.0rc6]: Samba 4.7.0rc6 Available for Download
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4c18f0f75b7e8bb912a8f0d2260c753a127dff70
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Sep 13 13:09:28 2017 -0700
NEWS[4.6.8]: Samba 4.6.8, 4.5.14 and 4.4.16 Available for Download
Signed-off-by: Karolin Seeger <kseeger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/header_history.html | 5 +-
history/samba-4.6.8.html | 79 ++++++++++++++++++++++++
history/security.html | 21 +++++++
posted_news/20170920-071640.4.6.8.body.html | 26 ++++++++
posted_news/20170920-071640.4.6.8.headline.html | 3 +
security/CVE-2017-12150.html | 76 +++++++++++++++++++++++
security/CVE-2017-12151.html | 80 +++++++++++++++++++++++++
security/CVE-2017-12163.html | 75 +++++++++++++++++++++++
8 files changed, 364 insertions(+), 1 deletion(-)
create mode 100644 history/samba-4.6.8.html
create mode 100644 posted_news/20170920-071640.4.6.8.body.html
create mode 100644 posted_news/20170920-071640.4.6.8.headline.html
create mode 100644 security/CVE-2017-12150.html
create mode 100644 security/CVE-2017-12151.html
create mode 100644 security/CVE-2017-12163.html
Changeset truncated at 500 lines:
diff --git a/history/header_history.html b/history/header_history.html
index 1f66566..995c08a 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,6 +9,7 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.6.8.html">samba-4.6.8</a></li>
<li><a href="samba-4.6.7.html">samba-4.6.7</a></li>
<li><a href="samba-4.6.6.html">samba-4.6.6</a></li>
<li><a href="samba-4.6.5.html">samba-4.6.5</a></li>
@@ -17,6 +18,7 @@
<li><a href="samba-4.6.2.html">samba-4.6.2</a></li>
<li><a href="samba-4.6.1.html">samba-4.6.1</a></li>
<li><a href="samba-4.6.0.html">samba-4.6.0</a></li>
+ <li><a href="samba-4.5.14.html">samba-4.5.14</a></li>
<li><a href="samba-4.5.13.html">samba-4.5.13</a></li>
<li><a href="samba-4.5.12.html">samba-4.5.12</a></li>
<li><a href="samba-4.5.11.html">samba-4.5.11</a></li>
@@ -31,7 +33,8 @@
<li><a href="samba-4.5.2.html">samba-4.5.2</a></li>
<li><a href="samba-4.5.1.html">samba-4.5.1</a></li>
<li><a href="samba-4.5.0.html">samba-4.5.0</a></li>
- <li><a href="samba-4.4.14.html">samba-4.4.15</a></li>
+ <li><a href="samba-4.4.16.html">samba-4.4.16</a></li>
+ <li><a href="samba-4.4.15.html">samba-4.4.15</a></li>
<li><a href="samba-4.4.14.html">samba-4.4.14</a></li>
<li><a href="samba-4.4.13.html">samba-4.4.13</a></li>
<li><a href="samba-4.4.12.html">samba-4.4.12</a></li>
diff --git a/history/samba-4.6.8.html b/history/samba-4.6.8.html
new file mode 100644
index 0000000..cfd082b
--- /dev/null
+++ b/history/samba-4.6.8.html
@@ -0,0 +1,79 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.6.8 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.6.8 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.6.8.tar.gz">Samba 4.6.8 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.6.8.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.6.7-4.6.8.diffs.gz">Patch (gzipped) against Samba 4.6.7</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.6.7-4.6.8.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ =============================
+ Release Notes for Samba 4.6.8
+ September 20, 2017
+ =============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2017-12150 (SMB1/2/3 connections may not require signing where they
+ should)
+o CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects)
+o CVE-2017-12163 (Server memory information leak over SMB1)
+
+
+=======
+Details
+=======
+
+o CVE-2017-12150:
+ A man in the middle attack may hijack client connections.
+
+o CVE-2017-12151:
+ A man in the middle attack can read and may alter confidential
+ documents transferred via a client connection, which are reached
+ via DFS redirect when the original connection used SMB3.
+
+o CVE-2017-12163:
+ Client with write access to a share can cause server memory contents to be
+ written into a file or printer.
+
+For more details and workarounds, please see the security advisories:
+
+ o https://www.samba.org/samba/security/CVE-2017-12150.html
+ o https://www.samba.org/samba/security/CVE-2017-12151.html
+ o https://www.samba.org/samba/security/CVE-2017-12163.html
+
+
+Changes since 4.6.7:
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes
+ async.
+ * BUG 13020: CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from
+ writing server memory to file.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories
+ directly.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 12996: CVE-2017-12151: Keep required encryption across SMB3 dfs
+ redirects.
+ * BUG 12997: CVE-2017-12150: Some code path don't enforce smb signing
+ when they should.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 8f8dd63..44c33cc 100755
--- a/history/security.html
+++ b/history/security.html
@@ -22,6 +22,27 @@ link to full release notes for each release.</p>
</tr>
<tr>
+ <td>20 Sep 2017</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.6.7-security-2017-09-20.patch">
+ patch for Samba 4.6.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.5.13-security-2017-09-20.patch">
+ patch for Samba 4.5.13</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.4.15-security-2017-09-20.patch">
+ patch for Samba 4.4.15</a><br />
+ <td>Numerous CVEs. Please see the announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12150">CVE-2017-12150</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12151">CVE-2017-12151</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12163">CVE-2017-12163</a>
+ </td>
+ <td><a href="/samba/security/CVE-2017-12150.html">Announcement</a>,
+ <a href="/samba/security/CVE-2017-12151.html">Announcement</a>,
+ <a href="/samba/security/CVE-2017-12163.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
<td>12 July 2017</td>
<td><a href="/samba/ftp/patches/security/samba-4.x.y-CVE-2017-11103.patch">
patch for Samba 4.x.y</a><br />
diff --git a/posted_news/20170920-071640.4.6.8.body.html b/posted_news/20170920-071640.4.6.8.body.html
new file mode 100644
index 0000000..b80d820
--- /dev/null
+++ b/posted_news/20170920-071640.4.6.8.body.html
@@ -0,0 +1,26 @@
+<!-- BEGIN: posted_news/20170920-071640.4.6.8.body.html -->
+<h5><a name="4.6.8">20 September 2017</a></h5>
+<p class=headline>Samba 4.6.8, 4.5.14 and 4.4.16 Security Releases Available</p>
+<p>
+This is a security release in order to address the following defects:<ul>
+<li><a href="/samba/security/CVE-2017-12150.html">CVE-2017-12150</a>
+(SMB1/2/3 connections may not require signing where they should)
+<li><a href="/samba/security/CVE-2017-12151.html">CVE-2017-12151</a>
+(SMB3 connections don't keep encryption across DFS redirects)
+<li><a href="/samba/security/CVE-2017-12163.html">CVE-2017-12163</a>
+(CVE-2017-12163 (Server memory information leak over SMB1)
+</ul>
+</p>
+<p>
+The uncompressed tarballs have been signed using GnuPG (ID 6F33915B6568B7EA).<br>
+The 4.6.8 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.6.8.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.6.7-4.6.8.diffs.gz">patch against Samba 4.6.7</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.6.8.html">the 4.6.8 release notes for more info</a>.<br>
+The 4.5.14 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.5.14.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.5.13-4.5.14.diffs.gz">patch against Samba 4.5.13</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.5.14.html">the 4.5.14 release notes for more info</a>.<br>
+The 4.4.16 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.4.16.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.4.15-4.4.16.diffs.gz">patch against Samba 4.4.15</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.4.16.html">the 4.4.16 release notes for more info</a>.
+</p>
+<!-- END: posted_news/20170920-071640.4.6.8.body.html -->
diff --git a/posted_news/20170920-071640.4.6.8.headline.html b/posted_news/20170920-071640.4.6.8.headline.html
new file mode 100644
index 0000000..2958683
--- /dev/null
+++ b/posted_news/20170920-071640.4.6.8.headline.html
@@ -0,0 +1,3 @@
+<!-- BEGIN: posted_news/20170920-071640.4.6.8.headline.html -->
+<li> 20 September 2017 <a href="#4.6.8">Samba 4.6.8, 4.5.14 and 4.4.16 Security Releases Available</a></li>
+<!-- END: posted_news/20170920-071640.4.6.8.headline.html -->
diff --git a/security/CVE-2017-12150.html b/security/CVE-2017-12150.html
new file mode 100644
index 0000000..e885bd0
--- /dev/null
+++ b/security/CVE-2017-12150.html
@@ -0,0 +1,76 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2017-12150.html:</H2>
+
+<p>
+<pre>
+===============================================================================
+== Subject: SMB1/2/3 connections may not require signing where they should
+==
+== CVE ID#: CVE-2017-12150
+==
+== Versions: Samba 3.0.25 to 4.6.7
+==
+== Summary: A man in the middle attack may hijack client connections.
+==
+===============================================================================
+
+===========
+Description
+===========
+
+There are several code paths where the code doesn't enforce SMB signing:
+
+* The fixes for CVE-2015-5296 didn't apply the implied signing protection
+ when enforcing encryption for commands like 'smb2mount -e', 'smbcacls -e' and
+ 'smbcquotas -e'.
+
+* The python binding exported as 'samba.samba3.libsmb_samba_internal'
+ doesn't make use of the "client signing" smb.conf option.
+
+* libgpo as well as 'net ads gpo' doesn't require SMB signing when fetching
+ group policies.
+
+* Commandline tools like 'smbclient', 'smbcacls' and 'smbcquotas' allow
+ a fallback to an anonymous connection when using the '--use-ccache'
+ option and this happens even if SMB signing is required.
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ https://www.samba.org/samba/security/
+
+Additionally 4.6.8, 4.5.14 and 4.4.16 have been issued as
+security releases to correct the defect. Samba vendors and administrators
+running affected versions are advised to upgrade or apply the patch as
+soon as possible.
+
+==========
+Workaround
+==========
+
+The missing implied signing for 'smb2mount -e', 'smbcacls -e' and
+'smbcquotas -e' can be enforced by explicitly using '--signing=required'
+on the commandline or "client signing = required" in smb.conf.
+
+=======
+Credits
+=======
+
+This vulnerability was discovered and researched by Stefan Metzmacher of
+SerNet (https://samba.plus) and the Samba Team (https://www.samba.org),
+who also provides the fixes.
+</pre>
+</body>
+</html>
diff --git a/security/CVE-2017-12151.html b/security/CVE-2017-12151.html
new file mode 100644
index 0000000..e42a3eb
--- /dev/null
+++ b/security/CVE-2017-12151.html
@@ -0,0 +1,80 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2017-12151.html:</H2>
+
+<p>
+<pre>
+===============================================================================
+== Subject: SMB3 connections don't keep encryption across DFS redirects
+==
+== CVE ID#: CVE-2017-12151
+==
+== Versions: Samba 4.1.0 to 4.6.7
+==
+== Summary: A man in the middle attack can read and may alter confidential
+== documents transferred via a client connection, which are reached
+== via DFS redirect when the original connection used SMB3.
+==
+================================================================================
+
+===========
+Description
+===========
+
+Client command line tools like 'smbclient' as well as applications
+using 'libsmbclient' library have support for requiring
+encryption. This is activated by the '-e|--encrypt' command line
+option or the smbc_setOptionSmbEncryptionLevel() library call.
+
+By default, only SMB1 is used in order to connect to a server, as the
+effective default for "client max protocol" smb.conf option as well
+for the "-m|--max-protocol=" command line option is "NT1".
+
+If the original client connection used encryption, following DFS
+redirects to another server should also enforce encryption. This is
+important as these redirects are transparent to the application.
+
+In the case where "SMB3", "SMB3_00", "SMB3_02", "SMB3_10" or "SMB3_11"
+was used as max protocol and a connection actually made use of the
+SMB3 encryption, any redirected connection would lose the requirement
+for encryption and also the requirement for signing. That means, a
+man in the middle could read and/or alter the content of the
+connection.
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ https://www.samba.org/samba/security/
+
+Additionally, Samba 4.6.8, 4.5.14 and 4.4.16 have been issued as
+security releases to correct the defect. Samba vendors and
+administrators running affected versions are advised to upgrade or
+apply the patch as soon as possible.
+
+==========
+Workaround
+==========
+
+Keep the default of "client max protocol = NT1".
+
+=======
+Credits
+=======
+
+This vulnerability was discovered and researched by Stefan Metzmacher
+of SerNet (https://samba.plus) and the Samba Team
+(https://www.samba.org), who also provides the fixes.
+</pre>
+</body>
+</html>
diff --git a/security/CVE-2017-12163.html b/security/CVE-2017-12163.html
new file mode 100644
index 0000000..6944c5d
--- /dev/null
+++ b/security/CVE-2017-12163.html
@@ -0,0 +1,75 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2017-12163.html:</H2>
+
+<p>
+<pre>
+====================================================================
+== Subject: Server memory information leak over SMB1
+==
+== CVE ID#: CVE-2017-12163
+==
+== Versions: All versions of Samba.
+==
+== Summary: Client with write access to a share can cause
+== server memory contents to be written into a file
+== or printer.
+==
+====================================================================
+
+===========
+Description
+===========
+
+All versions of Samba are vulnerable to a server memory information
+leak bug over SMB1 if a client can write data to a share. Some SMB1
+write requests were not correctly range checked to ensure the client
+had sent enough data to fulfill the write, allowing server memory
+contents to be written into the file (or printer) instead of client
+supplied data. The client cannot control the area of the server memory
+that is written to the file (or printer).
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 4.6.8, 4.5.14 and 4.4.16 have been issued as
+security releases to correct the defect. Patches against older Samba
+versions are available at http://samba.org/samba/patches/. Samba
+vendors and administrators running affected versions are advised to
+upgrade or apply the patch as soon as possible.
+
+==========
+Workaround
+==========
+
+As this is an SMB1-only vulnerability, it can be avoided by setting
+the server to only use SMB2 via adding:
+
+server min protocol = SMB2_02
+
+to the [global] section of your smb.conf and restarting smbd.
+
+=======
+Credits
+=======
+
+This problem was reported by Yihan Lian and Zhibin Hu, security
+researchers with Qihoo 360 GearTeam. Stefan Metzmacher of SerNet and the
+Samba Team and Jeremy Allison of Google and the Samba Team provided
+the fix.
+</pre>
+</body>
+</html>
--
Samba Website Repository
More information about the samba-cvs
mailing list