[SCM] Samba Website Repository - branch master updated

Jule Anger janger at samba.org
Mon Jan 31 12:45:45 UTC 2022


The branch, master has been updated
       via  cd8963d NEWS[4.14.12]: Samba 4.15.5, 4.14.12 and 4.13.17 Security Releases Available for Download
      from  ff7c24d NEWS[4.16.0rc1]: Samba 4.16.0rc1 Available for Download

https://git.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit cd8963dd1cbee06111812b4708e0eaf407755028
Author: Jule Anger <janger at samba.org>
Date:   Sun Jan 30 20:33:12 2022 +0100

    NEWS[4.14.12]: Samba 4.15.5, 4.14.12 and 4.13.17 Security Releases Available for Download
    
    Signed-off-by: Jule Anger <janger at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 history/header_history.html                       |   3 +
 history/samba-4.13.17.html                        |  47 ++++++++
 history/samba-4.14.12.html                        |  47 ++++++++
 history/samba-4.15.5.html                         |  54 ++++++++++
 history/security.html                             |  23 ++++
 posted_news/20220130-193320.4.14.12.body.html     |  29 +++++
 posted_news/20220130-193320.4.14.12.headline.html |   4 +
 security/CVE-2021-44141.html                      | 125 ++++++++++++++++++++++
 security/CVE-2021-44142.html                      |  97 +++++++++++++++++
 security/CVE-2022-0336.html                       |  86 +++++++++++++++
 10 files changed, 515 insertions(+)
 create mode 100644 history/samba-4.13.17.html
 create mode 100644 history/samba-4.14.12.html
 create mode 100644 history/samba-4.15.5.html
 create mode 100644 posted_news/20220130-193320.4.14.12.body.html
 create mode 100644 posted_news/20220130-193320.4.14.12.headline.html
 create mode 100644 security/CVE-2021-44141.html
 create mode 100644 security/CVE-2021-44142.html
 create mode 100644 security/CVE-2022-0336.html


Changeset truncated at 500 lines:

diff --git a/history/header_history.html b/history/header_history.html
index feaf027..55da16a 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,11 +9,13 @@
 		<li><a href="/samba/history/">Release Notes</a>
 		<li class="navSub">
 			<ul>
+			<li><a href="samba-4.15.5.html">samba-4.15.5</a></li>
 			<li><a href="samba-4.15.4.html">samba-4.15.4</a></li>
 			<li><a href="samba-4.15.3.html">samba-4.15.3</a></li>
 			<li><a href="samba-4.15.2.html">samba-4.15.2</a></li>
 			<li><a href="samba-4.15.1.html">samba-4.15.1</a></li>
 			<li><a href="samba-4.15.0.html">samba-4.15.0</a></li>
+			<li><a href="samba-4.14.12.html">samba-4.14.12</a></li>
 			<li><a href="samba-4.14.11.html">samba-4.14.11</a></li>
 			<li><a href="samba-4.14.10.html">samba-4.14.10</a></li>
 			<li><a href="samba-4.14.9.html">samba-4.14.9</a></li>
@@ -26,6 +28,7 @@
 			<li><a href="samba-4.14.2.html">samba-4.14.2</a></li>
 			<li><a href="samba-4.14.1.html">samba-4.14.1</a></li>
 			<li><a href="samba-4.14.0.html">samba-4.14.0</a></li>
+			<li><a href="samba-4.13.17.html">samba-4.13.17</a></li>
 			<li><a href="samba-4.13.16.html">samba-4.13.16</a></li>
 			<li><a href="samba-4.13.15.html">samba-4.13.15</a></li>
 			<li><a href="samba-4.13.14.html">samba-4.13.14</a></li>
diff --git a/history/samba-4.13.17.html b/history/samba-4.13.17.html
new file mode 100644
index 0000000..53e1ec1
--- /dev/null
+++ b/history/samba-4.13.17.html
@@ -0,0 +1,47 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.13.17 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.13.17 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.17.tar.gz">Samba 4.13.17 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.13.17.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.13.16-4.13.17.diffs.gz">Patch (gzipped) against Samba 4.13.16</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.13.16-4.13.17.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ===============================
+                   Release Notes for Samba 4.13.17
+                          January 31, 2022
+                   ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
+                  https://www.samba.org/samba/security/CVE-2021-44142.html
+
+o CVE-2022-0336:  Re-adding an SPN skips subsequent SPN conflict checks.
+                  https://www.samba.org/samba/security/CVE-2022-0336.html
+
+
+Changes since 4.13.16
+---------------------
+
+o  Ralph Boehme <slow at samba.org>
+   * BUG 14914: CVE-2021-44142
+
+o  Joseph Sutton <josephsutton at catalyst.net.nz>
+   * BUG 14950: CVE-2022-0336
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.14.12.html b/history/samba-4.14.12.html
new file mode 100644
index 0000000..c4271b9
--- /dev/null
+++ b/history/samba-4.14.12.html
@@ -0,0 +1,47 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.14.12 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.14.12 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.14.12.tar.gz">Samba 4.14.12 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.14.12.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.14.11-4.14.12.diffs.gz">Patch (gzipped) against Samba 4.14.11</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.14.11-4.14.12.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ===============================
+                   Release Notes for Samba 4.14.12
+                          January 31, 2022
+                   ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
+                  https://www.samba.org/samba/security/CVE-2021-44142.html
+
+o CVE-2022-0336:  Re-adding an SPN skips subsequent SPN conflict checks.
+                  https://www.samba.org/samba/security/CVE-2022-0336.html
+
+
+Changes since 4.14.11
+---------------------
+
+o  Ralph Boehme <slow at samba.org>
+   * BUG 14914: CVE-2021-44142.
+
+o  Joseph Sutton <josephsutton at catalyst.net.nz>
+   * BUG 14950: CVE-2022-0336.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.15.5.html b/history/samba-4.15.5.html
new file mode 100644
index 0000000..2390141
--- /dev/null
+++ b/history/samba-4.15.5.html
@@ -0,0 +1,54 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.15.5 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.15.5 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.15.5.tar.gz">Samba 4.15.5 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.15.5.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.15.4-4.15.5.diffs.gz">Patch (gzipped) against Samba 4.15.4</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.15.4-4.15.5.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+                   ==============================
+                   Release Notes for Samba 4.15.5
+                          January 31, 2022
+                   ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target
+                  of a symlink exists.
+                  https://www.samba.org/samba/security/CVE-2021-44141.html
+
+o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
+                  https://www.samba.org/samba/security/CVE-2021-44142.html
+
+o CVE-2022-0336:  Re-adding an SPN skips subsequent SPN conflict checks.
+                  https://www.samba.org/samba/security/CVE-2022-0336.html
+
+
+Changes since 4.15.4
+--------------------
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 14911: CVE-2021-44141
+
+o  Ralph Boehme <slow at samba.org>
+   * BUG 14914: CVE-2021-44142
+
+o  Joseph Sutton <josephsutton at catalyst.net.nz>
+   * BUG 14950: CVE-2022-0336
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 0606900..16f9acf 100755
--- a/history/security.html
+++ b/history/security.html
@@ -26,6 +26,29 @@ link to full release notes for each release.</p>
 	<td><em>Details</em></td>
       </tr>
 
+    <tr>
+	<td>31 January 2022</td>
+	<td><a href="/samba/ftp/patches/security/samba-4.15.5-security-2022-01-31.patch">
+	patch for Samba 4.15.5</a><br />
+	<a href="/samba/ftp/patches/security/samba-4.14.12-security-2022-01-31.patch">
+	patch for Samba 4.14.12</a><br />
+	<a href="/samba/ftp/patches/security/samba-4.13.17-security-2021-11-31.patch">
+	patch for Samba 4.13.17</a><br />
+	</td>
+	<td>CVE-2021-44141, CVE-2021-44142 and CVE-2022-0336. Please see announcements for details.
+	</td>
+	<td>Please refer to the advisories.</td>
+	<td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44141">CVE-2021-44141</a>, 
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44142">CVE-2021-44142</a>, 
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0336">CVE-2022-0336</a>.
+	</td>
+	<td>
+<a href="/samba/security/CVE-2021-44141.html">Announcement</a>, 
+<a href="/samba/security/CVE-2021-44142.html">Announcement</a>, 
+<a href="/samba/security/CVE-2022-0336.html">Announcement</a>.
+	</td>
+
 	<tr>
 	<td>10 January 2022</td>
 	<td><a href="/samba/ftp/patches/security/samba-4.13.16-security-2022-01-10.patch">
diff --git a/posted_news/20220130-193320.4.14.12.body.html b/posted_news/20220130-193320.4.14.12.body.html
new file mode 100644
index 0000000..bc9c4f4
--- /dev/null
+++ b/posted_news/20220130-193320.4.14.12.body.html
@@ -0,0 +1,29 @@
+<!-- BEGIN: posted_news/20220130-193320.4.14.12.body.html -->
+<h5><a name="4.14.12">31 January 2022</a></h5>
+<p class=headline>Samba 4.15.5, 4.14.12 and
+4.13.17 Security Releases are available for Download</p>
+<p>
+These are Security Releases in order to address 
+<a href="/samba/security/CVE-2021-44142.html">CVE-2021-44141</a>, 
+<a href="/samba/security/CVE-2021-44142.html">CVE-2021-44142</a> and 
+<a href="/samba/security/CVE-2022-0336.html">CVE-2022-0336</a>.
+</p>
+<p>
+The uncompressed Samba tarballs has been signed using GnuPG (ID AA99442FB680B620).
+</p>
+<p>
+The Samba 4.15.5 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.15.5.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.15.4-4.15.5.diffs.gz">patch against Samba 4.15.4</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.15.5.html">the 4.15.5 release notes for more info</a>.
+</p>
+<p>
+The Samba 4.14.12 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.14.12.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.14.11-4.14.12.diffs.gz">patch against Samba 4.14.11</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.14.12.html">the 4.14.12 release notes for more info</a>.
+</p>
+<p>
+The Samba 4.13.17 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.13.17.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.13.16-4.13.17.diffs.gz">patch against Samba 4.13.16</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.13.17.html">the 4.13.17 release notes for more info</a>.
+</p>
+<!-- END: posted_news/20220130-193320.4.14.12.body.html -->
diff --git a/posted_news/20220130-193320.4.14.12.headline.html b/posted_news/20220130-193320.4.14.12.headline.html
new file mode 100644
index 0000000..0da73db
--- /dev/null
+++ b/posted_news/20220130-193320.4.14.12.headline.html
@@ -0,0 +1,4 @@
+<!-- BEGIN: posted_news/20220130-193320.4.14.12.headline.html -->
+<li> 31 January 2022 <a href="#4.14.12">Samba 4.15.5, 4.14.12 and
+4.13.17 Security Releases are available for Download</a></li>
+<!-- END: posted_news/20220130-193320.4.14.12.headline.html -->
diff --git a/security/CVE-2021-44141.html b/security/CVE-2021-44141.html
new file mode 100644
index 0000000..50afacb
--- /dev/null
+++ b/security/CVE-2021-44141.html
@@ -0,0 +1,125 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2021-44141.html:</H2>
+
+<p>
+<pre>
+===========================================================
+== Subject:     Information leak via symlinks of existance of
+==		files or directories outside of the exported
+==		share.
+==
+== CVE ID#:     CVE-2021-44141
+==
+==
+== Versions:    All versions of the Samba file server prior to
+==              4.15.5.
+==
+== Summary:     A client can use a symlink to discover if a named
+==              or directory exists on the filesystem outside of
+==              the exported share. The user must have permissions
+==		to query a symlink inside the exported share using
+==		SMB1 with unix extensions turned on.
+===========================================================
+
+===========
+Description
+===========
+
+All versions of Samba prior to 4.15.5 are vulnerable to a malicious
+client using a server symlink to determine if a file or directory
+exists in an area of the server file system not exported under the
+share definition. SMB1 with unix extensions has to be enabled in order
+for this attack to succeed.
+
+Clients that have write access to the exported part of the file system
+under a share via SMB1 unix extensions or via NFS can create symlinks
+that point to arbitrary files or directories on the server filesystem.
+
+Clients can then use SMB1 unix extension information queries to
+determine if the target of the symlink exists or not by examining
+error codes returned from the smbd server. There is no ability to
+access these files or directories, only to determine if they exist or
+not.
+
+If SMB1 is turned off and only SMB2 is used, or unix extensions are
+not enabled then there is no way to discover if a symlink points to a
+valid target or not via SMB2. For this reason, even if symlinks are
+created via NFS, if the Samba server does not allow SMB1 with unix
+extensions there is no way to exploit this bug.
+
+Finding out what files or directories exist on a file server can help
+attackers guess system user names or the exact operating system
+release and applications running on the server hosting Samba which may
+help mount further attacks.
+
+SMB1 has been disabled on Samba since version 4.11.0 and
+onwards. Exploitation of this bug has not been seen in the wild.
+
+==================
+Patch Availability
+==================
+
+Patches addressing this issue has been posted to:
+
+    https://www.samba.org/samba/security/
+
+Samba version 4.15.5 has been issued as a security release to correct
+the defect. Samba administrators are advised to upgrade to this
+release as soon as possible. Due to the complexity of the fixes needed
+for this problem, back ports to earlier Samba versions have not been
+provided. For users of earlier Samba versions, please see the
+"Workaround and mitigating factors" section of this document.
+
+==================
+CVSSv3.1 calculation
+==================
+
+CVSS:AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:N/MAC:L/MPR:L/MUI:N/MS:U/MC:H/MI:N/MA:N
+
+base score of 4.2
+
+=================================
+Workaround and mitigating factors
+=================================
+
+Do not enable SMB1 (please note SMB1 is disabled by default in Samba
+from version 4.11.0 and onwards). This prevents the creation or
+querying of symbolic links via SMB1. If SMB1 must be enabled for
+backwards compatibility then add the parameter:
+
+unix extensions = no
+
+to the [global] section of your smb.conf and restart smbd. This
+prevents SMB1 clients from creating or reading symlinks on the
+exported file system.
+
+However, if the same region of the file system is also exported
+allowing write access via NFS, NFS clients can create symlinks that
+allow SMB1 with unix extensions clients to discover the existance of
+the NFS created symlink targets.  For non-patched versions of Samba we
+recommend only exporting areas of the file system by either SMB2 or
+NFS, not both.
+
+=======
+Credits
+=======
+
+Reported by Stefan Behrens of <sbehrens at giantdisaster.de>
+Jeremy Allison of Google and the Samba Team provided the fix.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>
diff --git a/security/CVE-2021-44142.html b/security/CVE-2021-44142.html
new file mode 100644
index 0000000..8c7e491
--- /dev/null
+++ b/security/CVE-2021-44142.html
@@ -0,0 +1,97 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2022-44142.html:</H2>
+
+<p>
+<pre>
+=================================================================
+== Subject:     Out-of-bounds heap read/write vulnerability
+==              in VFS module vfs_fruit allows code execution
+==
+== CVE ID#:     CVE-2021-44142
+==
+== Versions:    All versions of Samba prior to 4.13.17
+==
+== Summary:     This vulnerability allows remote attackers to
+==              execute arbitrary code as root on affected Samba
+==              installations that use the VFS module vfs_fruit.
+=================================================================
+
+===========
+Description
+===========
+
+All versions of Samba prior to 4.13.17 are vulnerable to an
+out-of-bounds heap read write vulnerability that allows remote
+attackers to execute arbitrary code as root on affected Samba
+installations that use the VFS module vfs_fruit.
+
+The specific flaw exists within the parsing of EA metadata when
+opening files in smbd. Access as a user that has write access to a
+file's extended attributes is required to exploit this
+vulnerability. Note that this could be a guest or unauthenticated user
+if such users are allowed write access to file extended attributes.
+
+The problem in vfs_fruit exists in the default configuration of the
+fruit VFS module using fruit:metadata=netatalk or fruit:resource=file.
+If both options are set to different settings than the default values,
+the system is not affected by the security issue.
+
+==================
+Patch Availability
+==================
+
+Patches addressing both these issues have been posted to:
+
+    https://www.samba.org/samba/security/
+
+Additionally, Samba 4.13.17, 4.14.12 and 4.15.5 have been issued as
+security releases to correct the defect. Samba administrators are
+advised to upgrade to these releases or apply the patch as soon
+as possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
+
+Base score 9.9.
+
+==========
+Workaround
+==========
+
+As a workaround remove the "fruit" VFS module from the list of
+configured VFS objects in any "vfs objects" line in the Samba
+configuration smb.conf.
+
+Note that changing the VFS module settings fruit:metadata or
+fruit:resource to use the unaffected setting causes all stored
+information to be inaccessible and will make it appear to macOS
+clients as if the information is lost.
+
+
+=======
+Credits
+=======
+
+Originally reported by Orange Tsai from DEVCORE.
+
+Patches provided by Ralph Böhme of the Samba team.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.


-- 
Samba Website Repository



More information about the samba-cvs mailing list