[SCM] Samba Website Repository - branch master updated
Karolin Seeger
kseeger at samba.org
Thu Oct 29 08:44:18 UTC 2020
The branch, master has been updated
via ad31af5 NEWS[4.13.1]: Samba 4.13.1, 4.12.9 and 4.11.5 Security Releases Available
from 1cfa312 devel/copyright-policy: Rename DCO to Samba Developer's Declaration.
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ad31af5e724791b84d789f16760f078b6750edc1
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Oct 28 11:42:20 2020 +0100
NEWS[4.13.1]: Samba 4.13.1, 4.12.9 and 4.11.5 Security Releases Available
Signed-off-by: Karolin Seeger <kseeger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/header_history.html | 3 +
history/samba-4.11.15.html | 92 +++++++++++++++++++++++
history/samba-4.12.9.html | 93 ++++++++++++++++++++++++
history/samba-4.13.1.html | 93 ++++++++++++++++++++++++
posted_news/20201029-082916.4.13.1.body.html | 25 +++++++
posted_news/20201029-082916.4.13.1.headline.html | 4 +
6 files changed, 310 insertions(+)
create mode 100644 history/samba-4.11.15.html
create mode 100644 history/samba-4.12.9.html
create mode 100644 history/samba-4.13.1.html
create mode 100644 posted_news/20201029-082916.4.13.1.body.html
create mode 100644 posted_news/20201029-082916.4.13.1.headline.html
Changeset truncated at 500 lines:
diff --git a/history/header_history.html b/history/header_history.html
index 785cc79..b279de1 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,7 +9,9 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.13.1.html">samba-4.13.1</a></li>
<li><a href="samba-4.13.0.html">samba-4.13.0</a></li>
+ <li><a href="samba-4.12.9.html">samba-4.12.9</a></li>
<li><a href="samba-4.12.8.html">samba-4.12.8</a></li>
<li><a href="samba-4.12.7.html">samba-4.12.7</a></li>
<li><a href="samba-4.12.6.html">samba-4.12.6</a></li>
@@ -19,6 +21,7 @@
<li><a href="samba-4.12.2.html">samba-4.12.2</a></li>
<li><a href="samba-4.12.1.html">samba-4.12.1</a></li>
<li><a href="samba-4.12.0.html">samba-4.12.0</a></li>
+ <li><a href="samba-4.11.15.html">samba-4.11.15</a></li>
<li><a href="samba-4.11.14.html">samba-4.11.14</a></li>
<li><a href="samba-4.11.13.html">samba-4.11.13</a></li>
<li><a href="samba-4.11.12.html">samba-4.11.12</a></li>
diff --git a/history/samba-4.11.15.html b/history/samba-4.11.15.html
new file mode 100644
index 0000000..869ef58
--- /dev/null
+++ b/history/samba-4.11.15.html
@@ -0,0 +1,92 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.11.15 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.11.15 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.11.15.tar.gz">Samba 4.11.15 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.11.15.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.11.14-4.11.15.diffs.gz">Patch (gzipped) against Samba 4.11.14</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.11.14-4.11.15.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ===============================
+ Release Notes for Samba 4.11.15
+ October 29, 2020
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify.
+o CVE-2020-14323: Unprivileged user can crash winbind.
+o CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily
+ crafted records.
+
+
+=======
+Details
+=======
+
+o CVE-2020-14318:
+ The SMB1/2/3 protocols have a concept of "ChangeNotify", where a client can
+ request file name notification on a directory handle when a condition such as
+ "new file creation" or "file size change" or "file timestamp update" occurs.
+
+ A missing permissions check on a directory handle requesting ChangeNotify
+ meant that a client with a directory handle open only for
+ FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change
+ notify replies from the server. These replies contain information that should
+ not be available to directory handles open for FILE_READ_ATTRIBUTE only.
+
+o CVE-2020-14323:
+ winbind in version 3.6 and later implements a request to translate multiple
+ Windows SIDs into names in one request. This was done for performance
+ reasons: The Microsoft RPC call domain controllers offer to do this
+ translation, so it was an obvious extension to also offer this batch
+ operation on the winbind unix domain stream socket that is available to local
+ processes on the Samba server.
+
+ Due to improper input validation a hand-crafted packet can make winbind
+ perform a NULL pointer dereference and thus crash.
+
+o CVE-2020-14383:
+ Some DNS records (such as MX and NS records) usually contain data in the
+ additional section. Samba's dnsserver RPC pipe (which is an administrative
+ interface not used in the DNS server itself) made an error in handling the
+ case where there are no records present: instead of noticing the lack of
+ records, it dereferenced uninitialised memory, causing the RPC server to
+ crash. This RPC server, which also serves protocols other than dnsserver,
+ will be restarted after a short delay, but it is easy for an authenticated
+ non-admin attacker to crash it again as soon as it returns. The Samba DNS
+ server itself will continue to operate, but many RPC services will not.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.11.14
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 14434: CVE-2020-14318: s3: smbd: Ensure change notifies can't get set
+ unless the directory handle is open for SEC_DIR_LIST.
+
+o Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+ * BUG 12795: CVE-2020-14383: Remote crash after adding NS or MX records using
+ 'samba-tool'.
+ * BUG 14472: CVE-2020-14383: Remote crash after adding MX records.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 14436: CVE-2020-14323: winbind: Fix invalid lookupsids DoS.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.12.9.html b/history/samba-4.12.9.html
new file mode 100644
index 0000000..bf15827
--- /dev/null
+++ b/history/samba-4.12.9.html
@@ -0,0 +1,93 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.12.9 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.12.9 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.12.9.tar.gz">Samba 4.12.9 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.12.9.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.12.8-4.12.9.diffs.gz">Patch (gzipped) against Samba 4.12.8</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.12.8-4.12.9.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.12.9
+ October 29, 2020
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify.
+o CVE-2020-14323: Unprivileged user can crash winbind.
+o CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily
+ crafted records.
+
+
+=======
+Details
+=======
+
+o CVE-2020-14318:
+ The SMB1/2/3 protocols have a concept of "ChangeNotify", where a client can
+ request file name notification on a directory handle when a condition such as
+ "new file creation" or "file size change" or "file timestamp update" occurs.
+
+ A missing permissions check on a directory handle requesting ChangeNotify
+ meant that a client with a directory handle open only for
+ FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change
+ notify replies from the server. These replies contain information that should
+ not be available to directory handles open for FILE_READ_ATTRIBUTE only.
+
+o CVE-2020-14323:
+ winbind in version 3.6 and later implements a request to translate multiple
+ Windows SIDs into names in one request. This was done for performance
+ reasons: Active Directory domain controllers can do multiple SID to name
+ translations in one RPC call. It was an obvious extension to also offer this
+ batch operation on the winbind unix domain stream socket that is available to
+ local processes on the Samba server to reduce network round-trips to the
+ domain controller.
+
+ Due to improper input validation a hand-crafted packet can make winbind
+ perform a NULL pointer dereference and thus crash.
+
+o CVE-2020-14383:
+ Some DNS records (such as MX and NS records) usually contain data in the
+ additional section. Samba's dnsserver RPC pipe (which is an administrative
+ interface not used in the DNS server itself) made an error in handling the
+ case where there are no records present: instead of noticing the lack of
+ records, it dereferenced uninitialised memory, causing the RPC server to
+ crash. This RPC server, which also serves protocols other than dnsserver,
+ will be restarted after a short delay, but it is easy for an authenticated
+ non-admin attacker to crash it again as soon as it returns. The Samba DNS
+ server itself will continue to operate, but many RPC services will not.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.12.8
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 14434: CVE-2020-14318: s3: smbd: Ensure change notifies can't get set
+ unless the directory handle is open for SEC_DIR_LIST.
+
+o Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+ * BUG 12795: CVE-2020-14383: Remote crash after adding NS or MX records using
+ 'samba-tool'.
+ * BUG 14472: CVE-2020-14383: Remote crash after adding MX records.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 14436: CVE-2020-14323: winbind: Fix invalid lookupsids DoS.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.13.1.html b/history/samba-4.13.1.html
new file mode 100644
index 0000000..9d24851
--- /dev/null
+++ b/history/samba-4.13.1.html
@@ -0,0 +1,93 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.13.1 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.13.1 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.1.tar.gz">Samba 4.13.1 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.1.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.13.0-4.13.1.diffs.gz">Patch (gzipped) against Samba 4.13.0</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.13.0-4.13.1.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.13.1
+ October 29, 2020
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify.
+o CVE-2020-14323: Unprivileged user can crash winbind.
+o CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily
+ crafted records.
+
+
+=======
+Details
+=======
+
+o CVE-2020-14318:
+ The SMB1/2/3 protocols have a concept of "ChangeNotify", where a client can
+ request file name notification on a directory handle when a condition such as
+ "new file creation" or "file size change" or "file timestamp update" occurs.
+
+ A missing permissions check on a directory handle requesting ChangeNotify
+ meant that a client with a directory handle open only for
+ FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change
+ notify replies from the server. These replies contain information that should
+ not be available to directory handles open for FILE_READ_ATTRIBUTE only.
+
+o CVE-2020-14323:
+ winbind in version 3.6 and later implements a request to translate multiple
+ Windows SIDs into names in one request. This was done for performance
+ reasons: Active Directory domain controllers can do multiple SID to name
+ translations in one RPC call. It was an obvious extension to also offer this
+ batch operation on the winbind unix domain stream socket that is available to
+ local processes on the Samba server to reduce network round-trips to the
+ domain controller.
+
+ Due to improper input validation a hand-crafted packet can make winbind
+ perform a NULL pointer dereference and thus crash.
+
+o CVE-2020-14383:
+ Some DNS records (such as MX and NS records) usually contain data in the
+ additional section. Samba's dnsserver RPC pipe (which is an administrative
+ interface not used in the DNS server itself) made an error in handling the
+ case where there are no records present: instead of noticing the lack of
+ records, it dereferenced uninitialised memory, causing the RPC server to
+ crash. This RPC server, which also serves protocols other than dnsserver,
+ will be restarted after a short delay, but it is easy for an authenticated
+ non-admin attacker to crash it again as soon as it returns. The Samba DNS
+ server itself will continue to operate, but many RPC services will not.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.13.0
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 14434: CVE-2020-14318: s3: smbd: Ensure change notifies can't get set
+ unless the directory handle is open for SEC_DIR_LIST.
+
+o Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+ * BUG 12795: CVE-2020-14383: Remote crash after adding NS or MX records using
+ 'samba-tool'.
+ * BUG 14472: CVE-2020-14383: Remote crash after adding MX records.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 14436: CVE-2020-14323: winbind: Fix invalid lookupsids DoS.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/posted_news/20201029-082916.4.13.1.body.html b/posted_news/20201029-082916.4.13.1.body.html
new file mode 100644
index 0000000..46f54f1
--- /dev/null
+++ b/posted_news/20201029-082916.4.13.1.body.html
@@ -0,0 +1,25 @@
+<!-- BEGIN: posted_news/20201029-082916.4.13.1.body.html -->
+<h5><a name="4.13.1">29 October 2020</a></h5>
+<p class=headline>Samba 4.13.1, 4.12.9 and 4.11.15 Security Releases Available</p>
+<p>
+These are security releases in order to address <a href="/samba/security/CVE-2020-14318.html">CVE-2020-14318</a>
+(Missing handle permissions check in SMB1/2/3 ChangeNotify), <a href="/samba/security/CVE-2020-14323.html">CVE-2020-14323</a>
+(Unprivileged user can crash winbind) and <a href="/samba/security/CVE-2020-14383.html">CVE-2020-14383</a>
+(An authenticated user can crash the DCE/RPC DNS with easily crafted records).
+</p>
+<p>
+The uncompressed tarballs have been signed using GnuPG (ID
+6F33915B6568B7EA).</br>
+The 4.13.1 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.13.1.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.13.0-4.13.1.diffs.gz">patch against Samba 4.13.0</a> is also available.
+See the <a href="https://www.samba.org/samba/history/samba-4.13.1.html">4.13.1
+release notes</a> for more info.</br>
+The 4.12.9 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.12.9.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.12.8-4.12.9.diffs.gz">patch against Samba 4.12.8</a> is also available.
+See the <a href="https://www.samba.org/samba/history/samba-4.12.9.html">4.12.9 release notes</a> for more info.</br>
+The 4.11.15 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.11.15.tar.gz">downloaded now</a>.
+A <a
+href="https://download.samba.org/pub/samba/patches/samba-4.11.14-4.11.15.diffs.gz">patch against Samba 4.11.14</a> is also available.
+See the <a href="https://www.samba.org/samba/history/samba-4.11.15.html">4.11.15 release notes</a> for more info.
+</p>
+<!-- END: posted_news/20201029-082916.4.13.1.body.html -->
diff --git a/posted_news/20201029-082916.4.13.1.headline.html b/posted_news/20201029-082916.4.13.1.headline.html
new file mode 100644
index 0000000..5c2eecd
--- /dev/null
+++ b/posted_news/20201029-082916.4.13.1.headline.html
@@ -0,0 +1,4 @@
+<!-- BEGIN: posted_news/20201029-082916.4.13.1.headline.html -->
+<li> 29 October 2020 <a href="#4.13.1">Samba 4.13.1, 4.12.9 and 4.11.15 Security
+Release Available</a></li>
+<!-- END: posted_news/20201029-082916.4.13.1.headline.html -->
--
Samba Website Repository
More information about the samba-cvs
mailing list