[SCM] Samba Website Repository - branch master updated

Karolin Seeger kseeger at samba.org
Thu Apr 29 08:41:01 UTC 2021


The branch, master has been updated
       via  c84ca93 NEWS[4.14.4]: Samba 4.14.4, 4.13.8 and 4.12.15 Available for Download
      from  470c809 fix Lightspeed address

https://git.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit c84ca93f6eb37183b210b042486fd88a3fb6e97b
Author: Karolin Seeger <kseeger at samba.org>
Date:   Mon Apr 26 11:21:29 2021 +0200

    NEWS[4.14.4]: Samba 4.14.4, 4.13.8 and 4.12.15 Available for Download
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 history/header_history.html                      |  3 +
 history/samba-4.12.15.html                       | 63 ++++++++++++++++
 history/samba-4.13.8.html                        | 63 ++++++++++++++++
 history/samba-4.14.4.html                        | 63 ++++++++++++++++
 history/security.html                            | 19 +++++
 posted_news/20210429-080831.4.14.4.body.html     | 22 ++++++
 posted_news/20210429-080831.4.14.4.headline.html |  4 +
 security/CVE-2021-20254.html                     | 96 ++++++++++++++++++++++++
 8 files changed, 333 insertions(+)
 create mode 100644 history/samba-4.12.15.html
 create mode 100644 history/samba-4.13.8.html
 create mode 100644 history/samba-4.14.4.html
 create mode 100644 posted_news/20210429-080831.4.14.4.body.html
 create mode 100644 posted_news/20210429-080831.4.14.4.headline.html
 create mode 100644 security/CVE-2021-20254.html


Changeset truncated at 500 lines:

diff --git a/history/header_history.html b/history/header_history.html
index e7bf5c2..73047a3 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,10 +9,12 @@
 		<li><a href="/samba/history/">Release Notes</a>
 		<li class="navSub">
 			<ul>
+			<li><a href="samba-4.14.4.html">samba-4.14.4</a></li>
 			<li><a href="samba-4.14.3.html">samba-4.14.3</a></li>
 			<li><a href="samba-4.14.2.html">samba-4.14.2</a></li>
 			<li><a href="samba-4.14.1.html">samba-4.14.1</a></li>
 			<li><a href="samba-4.14.0.html">samba-4.14.0</a></li>
+			<li><a href="samba-4.13.8.html">samba-4.13.8</a></li>
 			<li><a href="samba-4.13.7.html">samba-4.13.7</a></li>
 			<li><a href="samba-4.13.6.html">samba-4.13.6</a></li>
 			<li><a href="samba-4.13.5.html">samba-4.13.5</a></li>
@@ -21,6 +23,7 @@
 			<li><a href="samba-4.13.2.html">samba-4.13.2</a></li>
 			<li><a href="samba-4.13.1.html">samba-4.13.1</a></li>
 			<li><a href="samba-4.13.0.html">samba-4.13.0</a></li>
+			<li><a href="samba-4.12.15.html">samba-4.12.15</a></li>
 			<li><a href="samba-4.12.14.html">samba-4.12.14</a></li>
 			<li><a href="samba-4.12.13.html">samba-4.12.13</a></li>
 			<li><a href="samba-4.12.12.html">samba-4.12.12</a></li>
diff --git a/history/samba-4.12.15.html b/history/samba-4.12.15.html
new file mode 100644
index 0000000..907c80f
--- /dev/null
+++ b/history/samba-4.12.15.html
@@ -0,0 +1,63 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.12.15 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.12.15 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.12.15.tar.gz">Samba 4.12.15 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.12.15.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.12.14-4.12.15.diffs.gz">Patch (gzipped) against Samba 4.12.14</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.12.14-4.12.15.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ===============================
+                   Release Notes for Samba 4.12.15
+                           April 29, 2021
+                   ===============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries
+  in the Samba file server process token.
+
+
+=======
+Details
+=======
+
+o  CVE-2021-20254:
+   The Samba smbd file server must map Windows group identities (SIDs) into unix
+   group ids (gids). The code that performs this had a flaw that could allow it
+   to read data beyond the end of the array in the case where a negative cache
+   entry had been added to the mapping cache. This could cause the calling code
+   to return those values into the process token that stores the group
+   membership for a user.
+
+   Most commonly this flaw caused the calling code to crash, but an alert user
+   (Peter Eriksson, IT Department, Linköping University) found this flaw by
+   noticing an unprivileged user was able to delete a file within a network
+   share that they should have been disallowed access to.
+
+   Analysis of the code paths has not allowed us to discover a way for a
+   remote user to be able to trigger this flaw reproducibly or on demand,
+   but this CVE has been issued out of an abundance of caution.
+
+
+Changes since 4.12.14
+---------------------
+
+o  Volker Lendecke <vl at samba.org>
+   * BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids().
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.13.8.html b/history/samba-4.13.8.html
new file mode 100644
index 0000000..59c8ef3
--- /dev/null
+++ b/history/samba-4.13.8.html
@@ -0,0 +1,63 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.13.8 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.13.8 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.8.tar.gz">Samba 4.13.8 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.8.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.13.7-4.13.8.diffs.gz">Patch (gzipped) against Samba 4.13.7</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.13.7-4.13.8.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 4.13.8
+                           April 29, 2021
+                   ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries
+  in the Samba file server process token.
+
+
+=======
+Details
+=======
+
+o  CVE-2021-20254:
+   The Samba smbd file server must map Windows group identities (SIDs) into unix
+   group ids (gids). The code that performs this had a flaw that could allow it
+   to read data beyond the end of the array in the case where a negative cache
+   entry had been added to the mapping cache. This could cause the calling code
+   to return those values into the process token that stores the group
+   membership for a user.
+
+   Most commonly this flaw caused the calling code to crash, but an alert user
+   (Peter Eriksson, IT Department, Linköping University) found this flaw by
+   noticing an unprivileged user was able to delete a file within a network
+   share that they should have been disallowed access to.
+
+   Analysis of the code paths has not allowed us to discover a way for a
+   remote user to be able to trigger this flaw reproducibly or on demand,
+   but this CVE has been issued out of an abundance of caution.
+
+
+Changes since 4.13.7
+--------------------
+
+o  Volker Lendecke <vl at samba.org>
+   * BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids().
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.14.4.html b/history/samba-4.14.4.html
new file mode 100644
index 0000000..c44797f
--- /dev/null
+++ b/history/samba-4.14.4.html
@@ -0,0 +1,63 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.14.4 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.14.4 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.14.4.tar.gz">Samba 4.14.4 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.14.4.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.14.3-4.14.4.diffs.gz">Patch (gzipped) against Samba 4.14.3</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.14.3-4.14.4.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 4.14.4
+                           April 29, 2021
+                   ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries
+  in the Samba file server process token.
+
+
+=======
+Details
+=======
+
+o  CVE-2021-20254:
+   The Samba smbd file server must map Windows group identities (SIDs) into unix
+   group ids (gids). The code that performs this had a flaw that could allow it
+   to read data beyond the end of the array in the case where a negative cache
+   entry had been added to the mapping cache. This could cause the calling code
+   to return those values into the process token that stores the group
+   membership for a user.
+
+   Most commonly this flaw caused the calling code to crash, but an alert user
+   (Peter Eriksson, IT Department, Linköping University) found this flaw by
+   noticing an unprivileged user was able to delete a file within a network
+   share that they should have been disallowed access to.
+
+   Analysis of the code paths has not allowed us to discover a way for a
+   remote user to be able to trigger this flaw reproducibly or on demand,
+   but this CVE has been issued out of an abundance of caution.
+
+
+Changes since 4.14.3
+--------------------
+
+o  Volker Lendecke <vl at samba.org>
+   * BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids().
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index ee397c8..236f922 100755
--- a/history/security.html
+++ b/history/security.html
@@ -26,6 +26,25 @@ link to full release notes for each release.</p>
 	<td><em>Details</em></td>
       </tr>
 
+    <tr>
+	<td>29 Apr 2021</td>
+	<td><a href="/samba/ftp/patches/security/samba-4.12.14-security-2021-04-29.patch">
+	patch for Samba 4.14.3</a><br />
+	<a href="/samba/ftp/patches/security/samba-4.13.7-security-2021-04-29.patch">
+	patch for Samba 4.13.7</a><br />
+	<a href="/samba/ftp/patches/security/samba-4.12.14-security-2021-04-29.patch">
+	patch for Samba 4.12.14</a><br />
+	</td>
+	<td>Negative idmap cache entries can cause incorrect group entries in
+            the Samba file server process token.
+	</td>
+	<td>All versions since 3.6.0.</td>
+	<td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20254">CVE-2021-20254</a>
+	</td>
+	<td><a href="/samba/security/CVE-2021-20254.html">Announcement</a>
+	</td>
+    </tr>
+
     <tr>
 	<td>24 Mar 2021</td>
 	<td><a href="/samba/ftp/patches/security/samba-4.14.0-security-2021-03-24.patch">
diff --git a/posted_news/20210429-080831.4.14.4.body.html b/posted_news/20210429-080831.4.14.4.body.html
new file mode 100644
index 0000000..154ab62
--- /dev/null
+++ b/posted_news/20210429-080831.4.14.4.body.html
@@ -0,0 +1,22 @@
+<!-- BEGIN: posted_news/20210429-080831.4.14.4.body.html -->
+<h5><a name="4.14.4">29 April 2021</a></h5>
+<p class=headline>Samba 4.14.4, 4.13.8 and 4.12.15 Security Releases Available</p>
+<p>
+These are security releases in order to address <a href="/samba/security/CVE-2021-20254.html">CVE-2021-20254</a>
+(Negative idmap cache entries can cause incorrect group entries in the Samba
+file server process token).
+</p>
+<p>
+The uncompressed tarballs have been signed using GnuPG (ID AA99442FB680B620).
+The 4.14.4 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.14.4.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.14.3-4.14.4.diffs.gz">patch against Samba 4.14.3</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.13.8.html">the 4.14.4
+release notes</a> for more info.</br>
+The 4.13.8 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.13.8.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.13.7-4.13.8.diffs.gz">patch against Samba 4.13.7</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.13.8.html">the 4.13.8 release notes</a> for more info.</br>
+The 4.12.15 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.12.15.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.12.14-4.12.15.diffs.gz">patch against Samba 4.12.14</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.12.15.html">the 4.12.15 release notes</a> for more info.
+</p>
+<!-- END: posted_news/20210429-080831.4.14.4.body.html -->
diff --git a/posted_news/20210429-080831.4.14.4.headline.html b/posted_news/20210429-080831.4.14.4.headline.html
new file mode 100644
index 0000000..564dbb7
--- /dev/null
+++ b/posted_news/20210429-080831.4.14.4.headline.html
@@ -0,0 +1,4 @@
+<!-- BEGIN: posted_news/20210429-080831.4.14.4.headline.html -->
+<li> 29 April 2021 <a href="#4.14.4">Samba 4.14.4, 4.13.8 and 4.12.15 Security
+Releases Available</a></li>
+<!-- END: posted_news/20210429-080831.4.14.4.headline.html -->
diff --git a/security/CVE-2021-20254.html b/security/CVE-2021-20254.html
new file mode 100644
index 0000000..bf96419
--- /dev/null
+++ b/security/CVE-2021-20254.html
@@ -0,0 +1,96 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2021-20254.html
+
+<p>
+<pre>
+===========================================================
+== Subject:     Negative idmap cache entries can cause incorrect
+==              group entries in the Samba file server process
+==              token.
+==
+== CVE ID#:     CVE-2021-20254
+==
+==
+== Versions:    All versions of the Samba file server since
+==              Samba 3.6.0
+==
+== Summary:     A coding error converting SIDs to gids could
+==              allow unexpected group entries in a process token.
+==              This could allow unauthorized access to files.
+===========================================================
+
+===========
+Description
+===========
+
+The Samba smbd file server must map Windows group identities (SIDs)
+into unix group ids (gids). The code that performs this had a flaw
+that could allow it to read data beyond the end of the array in the
+case where a negative cache entry had been added to the mapping
+cache. This could cause the calling code to return those values into
+the process token that stores the group membership for a user.
+
+Most commonly this flaw caused the calling code to crash, but an alert
+user (Peter Eriksson, IT Department, Linköping University) found this
+flaw by noticing an unprivileged user was able to delete a file within
+a network share that they should have been disallowed access to.
+
+Analysis of the code paths has not allowed us to discover a way for a
+remote user to be able to trigger this flaw reproducibly or on demand,
+but this CVE has been issued out of an abundance of caution.
+
+==================
+Patch Availability
+==================
+
+Patches addressing this issue has been posted to:
+
+    https://www.samba.org/samba/security/
+
+Additionally, Samba 4.14.4, 4.13.8 and 4.12.15 have been issued as
+security releases to correct the defect. Samba administrators are
+advised to upgrade to these releases or apply the patch as soon as
+possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N (6.8)
+
+=================================
+Workaround and mitigating factors
+=================================
+
+None.
+
+=======
+Credits
+=======
+
+Reported by Peter Eriksson, IT Department, Linköping University.
+
+Volker Lendecke of SerNet and the Samba Team provided the fix.
+
+Patches backported to supported Samba versions and run though the
+Samba security process by Noel Power of SuSE and Andrew Bartlett of
+Catalyst.
+
+Advisory written by Jeremy Allison of Google.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>


-- 
Samba Website Repository



More information about the samba-cvs mailing list