[SCM] Samba Website Repository - branch master updated
Jule Anger
janger at samba.org
Wed Jul 27 10:02:11 UTC 2022
The branch, master has been updated
via e7896e9 NEWS[4.16.4]: Samba 4.16.4, 4.15.9 and 4.14.14 Security Releases Available for Download
from 0112f92 NEWS[4.16.3]: Samba 4.16.3 Available for Download
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e7896e963b75b65d95a52d535bb7d592ff646955
Author: Jule Anger <janger at samba.org>
Date: Wed Jul 27 10:38:46 2022 +0200
NEWS[4.16.4]: Samba 4.16.4, 4.15.9 and 4.14.14 Security Releases Available for Download
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/header_history.html | 3 +
history/samba-4.14.14.html | 70 ++++++++++++++
history/samba-4.15.9.html | 70 ++++++++++++++
history/samba-4.16.4.html | 67 ++++++++++++++
history/security.html | 28 ++++++
posted_news/20220727-081708.4.16.4.body.html | 52 +++++++++++
posted_news/20220727-081708.4.16.4.headline.html | 3 +
security/CVE-2022-2031.html | 111 +++++++++++++++++++++++
security/CVE-2022-32742.html | 88 ++++++++++++++++++
security/CVE-2022-32744.html | 89 ++++++++++++++++++
security/CVE-2022-32745.html | 81 +++++++++++++++++
security/CVE-2022-32746.html | 94 +++++++++++++++++++
12 files changed, 756 insertions(+)
create mode 100644 history/samba-4.14.14.html
create mode 100644 history/samba-4.15.9.html
create mode 100644 history/samba-4.16.4.html
create mode 100644 posted_news/20220727-081708.4.16.4.body.html
create mode 100644 posted_news/20220727-081708.4.16.4.headline.html
create mode 100644 security/CVE-2022-2031.html
create mode 100644 security/CVE-2022-32742.html
create mode 100644 security/CVE-2022-32744.html
create mode 100644 security/CVE-2022-32745.html
create mode 100644 security/CVE-2022-32746.html
Changeset truncated at 500 lines:
diff --git a/history/header_history.html b/history/header_history.html
index 00c4105..523e9f3 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,10 +9,12 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.16.4.html">samba-4.16.4</a></li>
<li><a href="samba-4.16.3.html">samba-4.16.3</a></li>
<li><a href="samba-4.16.2.html">samba-4.16.2</a></li>
<li><a href="samba-4.16.1.html">samba-4.16.1</a></li>
<li><a href="samba-4.16.0.html">samba-4.16.0</a></li>
+ <li><a href="samba-4.15.9.html">samba-4.15.9</a></li>
<li><a href="samba-4.15.8.html">samba-4.15.8</a></li>
<li><a href="samba-4.15.7.html">samba-4.15.7</a></li>
<li><a href="samba-4.15.6.html">samba-4.15.6</a></li>
@@ -22,6 +24,7 @@
<li><a href="samba-4.15.2.html">samba-4.15.2</a></li>
<li><a href="samba-4.15.1.html">samba-4.15.1</a></li>
<li><a href="samba-4.15.0.html">samba-4.15.0</a></li>
+ <li><a href="samba-4.14.14.html">samba-4.14.14</a></li>
<li><a href="samba-4.14.13.html">samba-4.14.13</a></li>
<li><a href="samba-4.14.12.html">samba-4.14.12</a></li>
<li><a href="samba-4.14.11.html">samba-4.14.11</a></li>
diff --git a/history/samba-4.14.14.html b/history/samba-4.14.14.html
new file mode 100644
index 0000000..b5f4793
--- /dev/null
+++ b/history/samba-4.14.14.html
@@ -0,0 +1,70 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.14.14 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.14.14 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.14.14.tar.gz">Samba 4.14.14 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.14.14.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.14.13-4.14.14.diffs.gz">Patch (gzipped) against Samba 4.14.13</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.14.13-4.14.14.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ===============================
+ Release Notes for Samba 4.14.14
+ July 27, 2022
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with
+ changing passwords.
+ https://www.samba.org/samba/security/CVE-2022-2031.html
+
+o CVE-2022-32744: Samba AD users can forge password change requests for any user.
+ https://www.samba.org/samba/security/CVE-2022-32744.html
+
+o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
+ or modify request.
+ https://www.samba.org/samba/security/CVE-2022-32745.html
+
+o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
+ process with an LDAP add or modify request.
+ https://www.samba.org/samba/security/CVE-2022-32746.html
+
+o CVE-2022-32742: Server memory information leak via SMB1.
+ https://www.samba.org/samba/security/CVE-2022-32742.html
+
+Changes since 4.14.13
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 15085: CVE-2022-32742.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 15009: CVE-2022-32746.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15047: CVE-2022-2031.
+
+o Isaac Boukris <iboukris at gmail.com>
+ * BUG 15047: CVE-2022-2031.
+
+o Joseph Sutton <josephsutton at catalyst.net.nz>
+ * BUG 15008: CVE-2022-32745.
+ * BUG 15009: CVE-2022-32746.
+ * BUG 15047: CVE-2022-2031.
+ * BUG 15074: CVE-2022-32744.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.15.9.html b/history/samba-4.15.9.html
new file mode 100644
index 0000000..173d648
--- /dev/null
+++ b/history/samba-4.15.9.html
@@ -0,0 +1,70 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.15.9 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.15.9 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.15.9.tar.gz">Samba 4.15.9 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.15.9.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.15.8-4.15.9.diffs.gz">Patch (gzipped) against Samba 4.15.8</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.15.8-4.15.9.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.15.9
+ July 27, 2022
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with
+ changing passwords.
+ https://www.samba.org/samba/security/CVE-2022-2031.html
+
+o CVE-2022-32744: Samba AD users can forge password change requests for any user.
+ https://www.samba.org/samba/security/CVE-2022-32744.html
+
+o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
+ or modify request.
+ https://www.samba.org/samba/security/CVE-2022-32745.html
+
+o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
+ process with an LDAP add or modify request.
+ https://www.samba.org/samba/security/CVE-2022-32746.html
+
+o CVE-2022-32742: Server memory information leak via SMB1.
+ https://www.samba.org/samba/security/CVE-2022-32742.html
+
+Changes since 4.15.8
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 15085: CVE-2022-32742.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 15009: CVE-2022-32746.
+
+o Isaac Boukris <iboukris at gmail.com>
+ * BUG 15047: CVE-2022-2031.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15047: CVE-2022-2031.
+
+o Joseph Sutton <josephsutton at catalyst.net.nz>
+ * BUG 15008: CVE-2022-32745.
+ * BUG 15009: CVE-2022-32746.
+ * BUG 15047: CVE-2022-2031.
+ * BUG 15074: CVE-2022-32744.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.16.4.html b/history/samba-4.16.4.html
new file mode 100644
index 0000000..acda866
--- /dev/null
+++ b/history/samba-4.16.4.html
@@ -0,0 +1,67 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.16.4 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.16.4 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.16.4.tar.gz">Samba 4.16.4 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.16.4.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.16.3-4.16.4.diffs.gz">Patch (gzipped) against Samba 4.16.3</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.16.3-4.16.4.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.16.4
+ July 27, 2022
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with
+ changing passwords.
+ https://www.samba.org/samba/security/CVE-2022-2031.html
+
+o CVE-2022-32744: Samba AD users can forge password change requests for any user.
+ https://www.samba.org/samba/security/CVE-2022-32744.html
+
+o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
+ or modify request.
+ https://www.samba.org/samba/security/CVE-2022-32745.html
+
+o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
+ process with an LDAP add or modify request.
+ https://www.samba.org/samba/security/CVE-2022-32746.html
+
+o CVE-2022-32742: Server memory information leak via SMB1.
+ https://www.samba.org/samba/security/CVE-2022-32742.html
+
+Changes since 4.16.3
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 15085: CVE-2022-32742.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 15009: CVE-2022-32746.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15047: CVE-2022-2031.
+
+o Joseph Sutton <josephsutton at catalyst.net.nz>
+ * BUG 15008: CVE-2022-32745.
+ * BUG 15009: CVE-2022-32746.
+ * BUG 15047: CVE-2022-2031.
+ * BUG 15074: CVE-2022-32744.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 54118f8..2b9ed15 100755
--- a/history/security.html
+++ b/history/security.html
@@ -32,6 +32,34 @@ link to full release notes for each release.</p>
<td><em>Details</em></td>
</tr>
+ <tr>
+ <td>27 July 2022</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.16.4-security-2022-07-27.patch">
+ patch for Samba 4.16.4</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.15.9-security-2022-07-27.patch">
+ patch for Samba 4.15.9</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.14.14-security-2022-07-27.patch">
+ patch for Samba 4.14.14</a><br />
+ </td>
+ <td>CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745 and CVE-2022-32746.
+ Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031">CVE-2022-2031</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742">CVE-2022-32742</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744">CVE-2022-32744</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745">CVE-2022-32745</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746">CVE-2022-32746</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2022-2031.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-32742.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-32744.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-32745.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-32746.html">Announcement</a>.
+ </td>
+
<tr>
<td>31 January 2022</td>
<td><a href="/samba/ftp/patches/security/samba-4.15.5-security-2022-01-31.patch">
diff --git a/posted_news/20220727-081708.4.16.4.body.html b/posted_news/20220727-081708.4.16.4.body.html
new file mode 100644
index 0000000..eae2068
--- /dev/null
+++ b/posted_news/20220727-081708.4.16.4.body.html
@@ -0,0 +1,52 @@
+<!-- BEGIN: posted_news/20220727-081708.4.16.4.body.html -->
+<h5><a name="4.16.4">27 July 2022</a></h5>
+<p class=headline>Samba 4.16.4, 4.15.9 and 4.14.14 Security Releases are available for Download</p>
+<p>
+These are Security Releases in order to address
+<a href="/samba/security/CVE-2022-2031.html">CVE-2022-2031</a>,
+<a href="/samba/security/CVE-2022-32742.html">CVE-2022-32742</a>,
+<a href="/samba/security/CVE-2022-32744.html">CVE-2022-32744</a>,
+<a href="/samba/security/CVE-2022-32745.html">CVE-2022-32745</a> and
+<a href="/samba/security/CVE-2022-32746.html">CVE-2022-32746</a>.
+</p>
+
+<p>
+If you are building/using ldb from a system library, you'll
+also need the related updated ldb tarball, otherwise you can ignore it.
+</p>
+
+<p>
+The uncompressed Samba tarball has been signed using GnuPG (ID AA99442FB680B620).
+</p>
+
+<p>
+The uncompressed ldb tarballs have been signed using GnuPG (ID 4793916113084025).
+</p>
+
+<p>
+The Samba 4.16.4 source code can be
+<a href="https://download.samba.org/pub/samba/stable/samba-4.16.4.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.16.3-4.16.4.diffs.gz">patch against Samba 4.16.3</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.16.4.html">the release notes for more info</a>.
+The ldb 2.5.2 release for use with Samba 4.16.4 can be
+<a href="https://download.samba.org/pub/ldb/ldb-2.5.2.tar.gz">downloaded here</a>.
+</p>
+
+<p>
+The Samba 4.15.9 source code can be
+<a href="https://download.samba.org/pub/samba/stable/samba-4.15.9.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.15.8-4.15.9.diffs.gz">patch against Samba 4.15.8</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.15.9.html">the release notes for more info</a>.
+The ldb 2.4.4 release for use with Samba 4.15.9 can be
+<a href="https://download.samba.org/pub/ldb/ldb-2.4.4.tar.gz">downloaded here</a>.
+</p>
+
+<p>
+The Samba 4.14.14 source code can be
+<a href="https://download.samba.org/pub/samba/stable/samba-4.14.14.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.14.13-4.14.14.diffs.gz">patch against Samba 4.14.13</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.14.14.html">the release notes for more info</a>.
+The ldb 2.3.4 release for use with Samba 4.14.14 can be
+<a href="https://download.samba.org/pub/ldb/ldb-2.3.4.tar.gz">downloaded here</a>.
+</p>
+<!-- END: posted_news/20220727-081708.4.16.4.body.html -->
diff --git a/posted_news/20220727-081708.4.16.4.headline.html b/posted_news/20220727-081708.4.16.4.headline.html
new file mode 100644
index 0000000..a2e8d28
--- /dev/null
+++ b/posted_news/20220727-081708.4.16.4.headline.html
@@ -0,0 +1,3 @@
+<!-- BEGIN: posted_news/20220727-081708.4.16.4.headline.html -->
+<li> 27 July 2022 <a href="#4.16.4">Samba 4.16.4, 4.15.9 and 4.14.14 Security Releases are available for Download</a></li>
+<!-- END: posted_news/20220727-081708.4.16.4.headline.html -->
diff --git a/security/CVE-2022-2031.html b/security/CVE-2022-2031.html
new file mode 100644
index 0000000..36e9247
--- /dev/null
+++ b/security/CVE-2022-2031.html
@@ -0,0 +1,111 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2022-2031.html:</H2>
+
+<p>
+<pre>
+===========================================================
+== Subject: Samba AD users can bypass certain restrictions
+== associated with changing passwords.
+==
+== CVE ID#: CVE-2022-2031
+==
+== Versions: All versions of Samba prior to 4.16.4
+==
+== Summary: The KDC and the kpasswd service share a single account
+== and set of keys, allowing them to decrypt each other's
+== tickets. A user who has been requested to change their
+== password can exploit this to obtain and use tickets to
+== other services.
+===========================================================
+
+===========
+Description
+===========
+
+The KDC and the kpasswd service share a single account and set of
+keys. In certain cases, this makes the two services susceptible to
+confusion.
+
+When a user's password has expired, that user is requested to change
+their password. Until doing so, the user is restricted to only
+acquiring tickets to kpasswd.
+
+However, a vulnerability meant that the kpasswd's principal, when
+canonicalized, was set to that of the TGS (Ticket-Granting Service),
+thus yielding TGTs from ordinary kpasswd requests. These TGTs could be
+used to perform an Elevation of Privilege attack by obtaining service
+tickets and using services in the forest. This vulnerability existed
+in versions of Samba built with Heimdal Kerberos.
+
+A separate vulnerability in Samba versions below 4.16, and in Samba
+built with MIT Kerberos, led the KDC to accept kpasswd tickets as if
+they were TGTs, with the same overall outcome.
+
+On the reverse side of the issue, password changes could be effected
+by presenting TGTs as if they were kpasswd tickets. TGTs having
+potentially longer lifetimes than kpasswd tickets, the value of a
+stolen cache containing a TGT was hence increased to an attacker, with
+the possibility of indefinite control over an account by means of a
+password change.
+
+Finally, kpasswd service tickets would be accepted for changes to
+one's own password, contrary to the requirement that tickets be
+acquired with an initial KDC request in such cases.
+
+As part of the mitigations, the lifetime of kpasswd tickets has been
+restricted to a maximum of two minutes. The KDC will not longer accept
+TGTs with two minutes or less left to live, to make sure it does not
+accept kpasswd tickets.
+
+==================
+Patch Availability
+==================
+
+Patches addressing these issues have been posted to:
+
+ https://www.samba.org/samba/security/
+
+Additionally, Samba 4.16.4, 4.15.9, and 4.14.14 have been issued
+as security releases to correct the defect. Samba administrators are
+advised to upgrade to these releases or apply the patch as soon
+as possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N (5.4)
+
+==========
+Workaround
+==========
+
+kpasswd is not a critical protocol for the AD DC in most installations, it can
+be disabled by setting "kpasswd port = 0" in the smb.conf.
+
+=======
+Credits
+=======
+
+Originally reported by Luke Howard.
+
+Patches provided by Joseph Sutton and Andreas Schneider of the Samba
+team.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+
+</pre>
+</body>
+</html>
diff --git a/security/CVE-2022-32742.html b/security/CVE-2022-32742.html
new file mode 100644
index 0000000..4dcaf8f
--- /dev/null
+++ b/security/CVE-2022-32742.html
@@ -0,0 +1,88 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2022-32742.html:</H2>
+
+<p>
+<pre>
+====================================================================
+== Subject: Server memory information leak via SMB1.
+==
+== CVE ID#: CVE-2022-32742
+==
+== Versions: All versions of Samba.
+==
--
Samba Website Repository
More information about the samba-cvs
mailing list