[SCM] Samba Website Repository - branch master updated

Karolin Seeger kseeger at samba.org
Tue Oct 29 09:34:31 UTC 2019


The branch, master has been updated
       via  fb08b91 NEWS[4.11.2]: Samba 4.11.2, 4.10.10 and 4.9.15 Security Releases Available
      from  dd78d94 Add Samba 4.9.14.

https://git.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit fb08b912850fd5c1f45a01369da36c8bed64e433
Author: Karolin Seeger <kseeger at samba.org>
Date:   Thu Oct 24 11:33:21 2019 +0200

    NEWS[4.11.2]: Samba 4.11.2, 4.10.10 and 4.9.15 Security Releases Available
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 history/header_history.html                      |   3 +
 history/samba-4.10.10.html                       |  73 ++++++++++++++++
 history/samba-4.11.2.html                        |  73 ++++++++++++++++
 history/samba-4.9.15.html                        |  73 ++++++++++++++++
 history/security.html                            |  23 +++++
 posted_news/20191029-091829.4.11.2.body.html     |  33 ++++++++
 posted_news/20191029-091829.4.11.2.headline.html |   4 +
 security/CVE-2019-10218.html                     | 103 +++++++++++++++++++++++
 security/CVE-2019-14833.html                     |  87 +++++++++++++++++++
 security/CVE-2019-14847.html                     |  96 +++++++++++++++++++++
 10 files changed, 568 insertions(+)
 create mode 100644 history/samba-4.10.10.html
 create mode 100644 history/samba-4.11.2.html
 create mode 100644 history/samba-4.9.15.html
 create mode 100644 posted_news/20191029-091829.4.11.2.body.html
 create mode 100644 posted_news/20191029-091829.4.11.2.headline.html
 create mode 100644 security/CVE-2019-10218.html
 create mode 100644 security/CVE-2019-14833.html
 create mode 100644 security/CVE-2019-14847.html


Changeset truncated at 500 lines:

diff --git a/history/header_history.html b/history/header_history.html
index a0d8b1e..c43c286 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,8 +9,10 @@
 		<li><a href="/samba/history/">Release Notes</a>
 		<li class="navSub">
 			<ul>
+			<li><a href="samba-4.11.2.html">samba-4.11.2</a></li>
 			<li><a href="samba-4.11.1.html">samba-4.11.1</a></li>
 			<li><a href="samba-4.11.0.html">samba-4.11.0</a></li>
+			<li><a href="samba-4.10.10.html">samba-4.10.10</a></li>
 			<li><a href="samba-4.10.9.html">samba-4.10.9</a></li>
 			<li><a href="samba-4.10.8.html">samba-4.10.8</a></li>
 			<li><a href="samba-4.10.7.html">samba-4.10.7</a></li>
@@ -21,6 +23,7 @@
 			<li><a href="samba-4.10.2.html">samba-4.10.2</a></li>
 			<li><a href="samba-4.10.1.html">samba-4.10.1</a></li>
 			<li><a href="samba-4.10.0.html">samba-4.10.0</a></li>
+			<li><a href="samba-4.9.15.html">samba-4.9.15</a></li>
 			<li><a href="samba-4.9.14.html">samba-4.9.14</a></li>
 			<li><a href="samba-4.9.13.html">samba-4.9.13</a></li>
 			<li><a href="samba-4.9.12.html">samba-4.9.12</a></li>
diff --git a/history/samba-4.10.10.html b/history/samba-4.10.10.html
new file mode 100644
index 0000000..f944057
--- /dev/null
+++ b/history/samba-4.10.10.html
@@ -0,0 +1,73 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.10.10 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.10.10 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.10.10.tar.gz">Samba 4.10.10 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.10.10.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.10.9-4.10.10.diffs.gz">Patch (gzipped) against Samba 4.10.9</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.10.9-4.10.10.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ===============================
+                   Release Notes for Samba 4.10.10
+                          October 29, 2019
+                   ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2019-10218: Client code can return filenames containing path separators.
+o CVE-2019-14833: Samba AD DC check password script does not receive the full
+		  password.
+o CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server
+		  via dirsync.
+
+=======
+Details
+=======
+
+o  CVE-2019-10218:
+   Malicious servers can cause Samba client code to return filenames containing
+   path separators to calling code.
+
+o  CVE-2019-14833:
+   When the password contains multi-byte (non-ASCII) characters, the check
+   password script does not receive the full password string.
+
+o  CVE-2019-14847:
+   Users with the "get changes" extended access right can crash the AD DC LDAP
+   server by requesting an attribute using the range= syntax.
+
+For more details and workarounds, please refer to the security advisories.
+
+
+Changes since 4.10.9:
+---------------------
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 14071: CVE-2019-10218 - s3: libsmb: Protect SMB1 and SMB2 client code
+     from evil server returned names.
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * BUG 12438: CVE-2019-14833: Use utf8 characters in the unacceptable
+     password.
+   * BUG 14040: CVE-2019-14847 dsdb: Correct behaviour of ranged_results when
+     combined with dirsync.
+
+o  Björn Baumbach <bb at sernet.de>
+   * BUG 12438: CVE-2019-14833 dsdb: Send full password to check password
+     script.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.11.2.html b/history/samba-4.11.2.html
new file mode 100644
index 0000000..59c9928
--- /dev/null
+++ b/history/samba-4.11.2.html
@@ -0,0 +1,73 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.11.2 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.11.2 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.11.2.tar.gz">Samba 4.11.2 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.11.2.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.11.1-4.11.2.diffs.gz">Patch (gzipped) against Samba 4.11.1</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.11.1-4.11.2.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 4.11.2
+                          October 29, 2019
+		   ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2019-10218: Client code can return filenames containing path separators.
+o CVE-2019-14833: Samba AD DC check password script does not receive the full
+		  password.
+o CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server
+		  via dirsync.
+
+=======
+Details
+=======
+
+o  CVE-2019-10218:
+   Malicious servers can cause Samba client code to return filenames containing
+   path separators to calling code.
+
+o  CVE-2019-14833:
+   When the password contains multi-byte (non-ASCII) characters, the check
+   password script does not receive the full password string.
+
+o  CVE-2019-14847:
+   Users with the "get changes" extended access right can crash the AD DC LDAP
+   server by requesting an attribute using the range= syntax.
+
+For more details and workarounds, please refer to the security advisories.
+
+
+Changes since 4.11.1:
+---------------------
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 14071: CVE-2019-10218 - s3: libsmb: Protect SMB1 and SMB2 client code
+     from evil server returned names.
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * BUG 12438: CVE-2019-14833: Use utf8 characters in the unacceptable
+     password.
+   * BUG 14040: CVE-2019-14847 dsdb: Correct behaviour of ranged_results when
+     combined with dirsync.
+
+o  Björn Baumbach <bb at sernet.de>
+   * BUG 12438: CVE-2019-14833 dsdb: Send full password to check password
+     script.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.9.15.html b/history/samba-4.9.15.html
new file mode 100644
index 0000000..9d5b491
--- /dev/null
+++ b/history/samba-4.9.15.html
@@ -0,0 +1,73 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.9.15 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.9.15 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.9.15.tar.gz">Samba 4.9.15 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.9.15.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.9.14-4.9.15.diffs.gz">Patch (gzipped) against Samba 4.9.14</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.9.14-4.9.15.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 4.9.15
+                          October 29, 2019
+                   ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2019-10218: Client code can return filenames containing path separators.
+o CVE-2019-14833: Samba AD DC check password script does not receive the full
+		  password.
+o CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server
+		  via dirsync.
+
+=======
+Details
+=======
+
+o  CVE-2019-10218:
+   Malicious servers can cause Samba client code to return filenames containing
+   path separators to calling code.
+
+o  CVE-2019-14833:
+   When the password contains multi-byte (non-ASCII) characters, the check
+   password script does not receive the full password string.
+
+o  CVE-2019-14847:
+   Users with the "get changes" extended access right can crash the AD DC LDAP
+   server by requesting an attribute using the range= syntax.
+
+For more details and workarounds, please refer to the security advisories.
+
+
+Changes since 4.9.14:
+---------------------
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 14071: CVE-2019-10218 - s3: libsmb: Protect SMB1 and SMB2 client code
+     from evil server returned names.
+
+o  Andrew Bartlett <abartlet at samba.org>
+   * BUG 12438: CVE-2019-14833: Use utf8 characters in the unacceptable
+     password.
+   * BUG 14040: CVE-2019-14847 dsdb: Correct behaviour of ranged_results when
+     combined with dirsync.
+
+o  Björn Baumbach <bb at sernet.de>
+   * BUG 12438: CVE-2019-14833 dsdb: Send full password to check password
+     script.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index b606d57..7588064 100755
--- a/history/security.html
+++ b/history/security.html
@@ -26,6 +26,29 @@ link to full release notes for each release.</p>
 	<td><em>Details</em></td>
       </tr>
 
+    <tr>
+	<td>29 Oct 2019</td>
+	<td><a href="/samba/ftp/patches/security/samba-4.11.1-security-2019-10-29.patch">
+	patch for Samba 4.11.1</a><br />
+	<a href="/samba/ftp/patches/security/samba-4.10.9-security-2019-10-29.patch">
+	patch for Samba 4.10.9</a><br />
+	<a href="/samba/ftp/patches/security/samba-4.9.14-security-2019-10-29.patch">
+	patch for Samba 4.9.14</a><br />
+	</td>
+	<td>CVE-2019-10218, CVE-2019-14833 and CVE-2019-14847. Please see
+	announcements for details.
+	</td>
+	<td>please refer to the advisories</td>
+	<td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10218">CVE-2019-10218</a>,
+	<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14833">CVE-2019-14833</a>,
+	<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14847">CVE-2019-14847</a>
+	</td>
+	<td><a href="/samba/security/CVE-2019-10218.html">Announcement</a>,
+	<a href="/samba/security/CVE-2019-14833.html">Announcement</a>,
+	<a href="/samba/security/CVE-2019-14847.html">Announcement</a>
+	</td>
+    </tr>
+
     <tr>
 	<td>03 Sep 2019</td>
 	<td><a href="/samba/ftp/patches/security/samba-4.10.7-CVE-2019-10197.patch">
diff --git a/posted_news/20191029-091829.4.11.2.body.html b/posted_news/20191029-091829.4.11.2.body.html
new file mode 100644
index 0000000..633f926
--- /dev/null
+++ b/posted_news/20191029-091829.4.11.2.body.html
@@ -0,0 +1,33 @@
+<!-- BEGIN: posted_news/20191029-091829.4.11.2.body.html -->
+<h5><a name="4.11.2">29 October 2019</a></h5>
+<p class=headline>Samba 4.11.2, 4.10.10 and 4.9.15 Security Releases Available</p>
+<p>
+These are security releases in order to address
+<a href="/samba/security/CVE-2019-10218.html">CVE-2019-10218</a>
+().
+<a href="/samba/security/CVE-2019-14833.html">CVE-2019-14833</a>
+().
+<a href="/samba/security/CVE-2019-14847.html">CVE-2019-14847</a>
+().
+</p>
+<p>
+The uncompressed tarballs have been signed using GnuPG (ID 6F33915B6568B7EA).</br>
+The 4.11.2 source code can be <a
+href="https://download.samba.org/pub/samba/stable/samba-4.11.2.tar.gz">downloaded now</a>.</br>
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.11.1-4.11.2.diffs.gz">patch
+against Samba 4.11.2</a> is also available.</br>
+See the <a href="https://www.samba.org/samba/history/samba-4.11.2.html">4.11.2 release notes</a> for more info.</br>
+The 4.10.10 source code can be <a
+href="https://download.samba.org/pub/samba/stable/samba-4.10.10.tar.gz">downloaded now</a>.</br>
+A <a
+href="https://download.samba.org/pub/samba/patches/samba-4.10.9-4.10.10.diffs.gz">patch
+against Samba 4.10.9</a> is also available.</br>
+See the <a href="https://www.samba.org/samba/history/samba-4.10.10.html">4.10.10 release notes</a> for more info.
+The 4.9.15 source code can be <a
+href="https://download.samba.org/pub/samba/stable/samba-4.9.15.tar.gz">downloaded now</a>.</br>
+A <a
+href="https://download.samba.org/pub/samba/patches/samba-4.9.14-4.9.15.diffs.gz">patch
+against Samba 4.9.14</a> is also available.</br>
+See the <a href="https://www.samba.org/samba/history/samba-4.9.15.html">4.9.15 release notes</a> for more info.
+</p>
+<!-- END: posted_news/20191029-091829.4.11.2.body.html -->
diff --git a/posted_news/20191029-091829.4.11.2.headline.html b/posted_news/20191029-091829.4.11.2.headline.html
new file mode 100644
index 0000000..938e705
--- /dev/null
+++ b/posted_news/20191029-091829.4.11.2.headline.html
@@ -0,0 +1,4 @@
+<!-- BEGIN: posted_news/20191029-091829.4.11.2.headline.html -->
+<li> 29 October 2019 <a href="#4.11.2">Samba 4.11.2, 4.10.10 and 4.9.15 Security
+Releases Available</a></li>
+<!-- END: posted_news/20191029-091829.4.11.2.headline.html -->
diff --git a/security/CVE-2019-10218.html b/security/CVE-2019-10218.html
new file mode 100644
index 0000000..c02b7d9
--- /dev/null
+++ b/security/CVE-2019-10218.html
@@ -0,0 +1,103 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2019-10218.html
+
+<p>
+<pre>
+===========================================================
+== Subject:     Client code can return filenames containing
+==              path separators.
+==
+== CVE ID#:     CVE-2019-10218
+==
+== Versions:    All versions of Samba.
+==
+== Summary:     Malicious servers can cause Samba client
+                code to return filenames containing path
+                separators to calling code.
+===========================================================
+
+===========
+Description
+===========
+
+Samba client code (libsmbclient) returns server-supplied filenames to
+calling code without checking for pathname separators (such as "/" or
+"../") in the server returned names.
+
+A malicious server can craft a pathname containing separators and
+return this to client code, causing the client to use this access local
+pathnames for reading or writing instead of SMB network pathnames.
+
+This access is done using the local privileges of the client.  
+
+This attack can be achieved using any of SMB1/2/3 as it is not reliant
+on any specific SMB protocol version.
+
+Specifically, samba client tools like smbget and smbclient's mget use
+the server supplied 'final' name component as a local name when
+obtaining multiple files.  While the design of these tools is that
+server can always choose the file names, this vulnerability is that it
+allows a remote server to create local files outside the current
+working directory.
+
+Users of the libsmbclient library external to Samba may also be
+vulnerable if they use server returned filenames without adequate
+checking and pass them to functions that do local filesystem access.
+
+Note that the Gnome GVFS client library is not believed to be
+vulnerable, as it always passes server-returned pathnames back to the
+SMB share they were returned from. Such malformed pathnames are then
+rejected by the server.
+
+==================
+Patch Availability
+==================
+
+Patches addressing both these issues have been posted to:
+
+    http://www.samba.org/samba/security/
+
+Additionally, Samba 4.11.2, 4.10.10 and 4.9.15 have been issued as
+security releases to correct the defect.  Samba administrators are
+advised to upgrade to these releases or apply the patch as soon as
+possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSSv3: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N (5.3)
+
+==========
+Workaround
+==========
+
+None.
+
+=======
+Credits
+=======
+
+Originally reported by Michael Hanselmann.
+
+Patches provided by Jeremy Allison of the Samba Team and Google.
+
+Advisory by Jeremy Allison of the Samba Team and Google and Andrew
+Bartlett of the Samba Team and Catalyst.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>
diff --git a/security/CVE-2019-14833.html b/security/CVE-2019-14833.html
new file mode 100644
index 0000000..4f25605
--- /dev/null
+++ b/security/CVE-2019-14833.html
@@ -0,0 +1,87 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2019-14833.html
+
+<p>
+<pre>
+=====================================================================
+== Subject:     Samba AD DC check password script does not receive
+==              the full password.
+==
+== CVE ID#:     CVE-2019-14833
+==
+== Versions:    Samba 4.5.0 and later
+==
+== Summary:     When the password contains multi-byte (non-ASCII)
+==              characters, the check password script does not
+==              receive the full password string.
+=====================================================================
+
+===========
+Description
+===========
+
+Since Samba Version 4.5.0 a Samba AD DC can use a custom command to
+verify the password complexity. The command can be specified with
+the "check password script" smb.conf parameter.
+This command is called when Samba handles a user password change or
+a new user password is set. The script receives the new cleartext
+password string in order to run custom password complexity checks
+like dictionary checks to avoid weak user passwords.
+
+When the password contains multi-byte (non-ASCII) characters, the
+check password script does not receive the full password string.
+


-- 
Samba Website Repository



More information about the samba-cvs mailing list