[SCM] Samba Website Repository - branch master updated
Jule Anger
janger at samba.org
Tue Nov 15 15:44:15 UTC 2022
The branch, master has been updated
via 1d1e4d5 NEWS[4.17.3]: Samba 4.17.3, 4.16.7 and 4.15.12 Security Releases are available for Download
from 0e65e3e NEWS[4.17.2]: Samba 4.17.2, 4.16.6 and 4.15.11 Security Releases Available for Download
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1d1e4d5b32742b436f1b56e47e7788c45bdf5942
Author: Jule Anger <janger at samba.org>
Date: Tue Nov 15 08:10:55 2022 +0100
NEWS[4.17.3]: Samba 4.17.3, 4.16.7 and 4.15.12 Security Releases are available for Download
Signed-off-by: Jule Anger <janger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/header_history.html | 3 +
history/samba-4.15.12.html | 44 ++++++++++
history/{samba-4.16.6.html => samba-4.16.7.html} | 35 ++++----
history/samba-4.17.3.html | 45 ++++++++++
history/security.html | 22 +++++
posted_news/20221115-072401.4.17.3.body.html | 30 +++++++
posted_news/20221115-072401.4.17.3.headline.html | 3 +
security/CVE-2022-42898.html | 101 +++++++++++++++++++++++
8 files changed, 267 insertions(+), 16 deletions(-)
create mode 100644 history/samba-4.15.12.html
copy history/{samba-4.16.6.html => samba-4.16.7.html} (51%)
create mode 100644 history/samba-4.17.3.html
create mode 100644 posted_news/20221115-072401.4.17.3.body.html
create mode 100644 posted_news/20221115-072401.4.17.3.headline.html
create mode 100644 security/CVE-2022-42898.html
Changeset truncated at 500 lines:
diff --git a/history/header_history.html b/history/header_history.html
index 9348c26..945c471 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,9 +9,11 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.17.3.html">samba-4.17.3</a></li>
<li><a href="samba-4.17.2.html">samba-4.17.2</a></li>
<li><a href="samba-4.17.1.html">samba-4.17.1</a></li>
<li><a href="samba-4.17.0.html">samba-4.17.0</a></li>
+ <li><a href="samba-4.16.7.html">samba-4.16.7</a></li>
<li><a href="samba-4.16.6.html">samba-4.16.6</a></li>
<li><a href="samba-4.16.5.html">samba-4.16.5</a></li>
<li><a href="samba-4.16.4.html">samba-4.16.4</a></li>
@@ -19,6 +21,7 @@
<li><a href="samba-4.16.2.html">samba-4.16.2</a></li>
<li><a href="samba-4.16.1.html">samba-4.16.1</a></li>
<li><a href="samba-4.16.0.html">samba-4.16.0</a></li>
+ <li><a href="samba-4.15.12.html">samba-4.15.12</a></li>
<li><a href="samba-4.15.11.html">samba-4.15.11</a></li>
<li><a href="samba-4.15.10.html">samba-4.15.10</a></li>
<li><a href="samba-4.15.9.html">samba-4.15.9</a></li>
diff --git a/history/samba-4.15.12.html b/history/samba-4.15.12.html
new file mode 100644
index 0000000..34ccc83
--- /dev/null
+++ b/history/samba-4.15.12.html
@@ -0,0 +1,44 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.15.12 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.15.12 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.15.12.tar.gz">Samba 4.15.12 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.15.12.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.15.11-4.15.12.diffs.gz">Patch (gzipped) against Samba 4.15.11</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.15.11-4.15.12.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ===============================
+ Release Notes for Samba 4.15.12
+ November 15, 2022
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against
+ integer overflows when parsing a PAC on a 32-bit system, which
+ allowed an attacker with a forged PAC to corrupt the heap.
+ https://www.samba.org/samba/security/CVE-2022-42898.html
+
+Changes since 4.15.11
+---------------------
+o Joseph Sutton <josephsutton at catalyst.net.nz>
+ * BUG 15203: CVE-2022-42898
+
+o Nicolas Williams <nico at twosigma.com>
+ * BUG 15203: CVE-2022-42898
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.16.6.html b/history/samba-4.16.7.html
similarity index 51%
copy from history/samba-4.16.6.html
copy to history/samba-4.16.7.html
index 4423bf2..6aa8756 100644
--- a/history/samba-4.16.6.html
+++ b/history/samba-4.16.7.html
@@ -2,38 +2,41 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title>Samba 4.16.6 - Release Notes</title>
+<title>Samba 4.16.7 - Release Notes</title>
</head>
<body>
-<H2>Samba 4.16.6 Available for Download</H2>
+<H2>Samba 4.16.7 Available for Download</H2>
<p>
-<a href="https://download.samba.org/pub/samba/stable/samba-4.16.6.tar.gz">Samba 4.16.6 (gzipped)</a><br>
-<a href="https://download.samba.org/pub/samba/stable/samba-4.16.6.tar.asc">Signature</a>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.16.7.tar.gz">Samba 4.16.7 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.16.7.tar.asc">Signature</a>
</p>
<p>
-<a href="https://download.samba.org/pub/samba/patches/samba-4.16.5-4.16.6.diffs.gz">Patch (gzipped) against Samba 4.16.5</a><br>
-<a href="https://download.samba.org/pub/samba/patches/samba-4.16.5-4.16.6.diffs.asc">Signature</a>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.16.6-4.16.7.diffs.gz">Patch (gzipped) against Samba 4.16.6</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.16.6-4.16.7.diffs.asc">Signature</a>
</p>
<p>
<pre>
==============================
- Release Notes for Samba 4.16.6
- October 25, 2022
+ Release Notes for Samba 4.16.7
+ November 15, 2022
==============================
-This is a security release in order to address the following defect:
+This is a security release in order to address the following defects:
-o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
- unwrap_des() and unwrap_des3() routines of Heimdal (included
- in Samba).
- https://www.samba.org/samba/security/CVE-2022-3437.html
+o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against
+ integer overflows when parsing a PAC on a 32-bit system, which
+ allowed an attacker with a forged PAC to corrupt the heap.
+ https://www.samba.org/samba/security/CVE-2022-42898.html
-Changes since 4.16.5
----------------------
+Changes since 4.16.6
+--------------------
o Joseph Sutton <josephsutton at catalyst.net.nz>
- * BUG 15134: CVE-2022-3437.
+ * BUG 15203: CVE-2022-42898
+
+o Nicolas Williams <nico at twosigma.com>
+ * BUG 15203: CVE-2022-42898
</pre>
diff --git a/history/samba-4.17.3.html b/history/samba-4.17.3.html
new file mode 100644
index 0000000..562b067
--- /dev/null
+++ b/history/samba-4.17.3.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.17.3 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.17.3 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.17.3.tar.gz">Samba 4.17.3 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.17.3.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.17.2-4.17.3.diffs.gz">Patch (gzipped) against Samba 4.17.2</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.17.2-4.17.3.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.17.3
+ November 15, 2022
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+
+o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against
+ integer overflows when parsing a PAC on a 32-bit system, which
+ allowed an attacker with a forged PAC to corrupt the heap.
+ https://www.samba.org/samba/security/CVE-2022-42898.html
+
+Changes since 4.17.2
+--------------------
+o Joseph Sutton <josephsutton at catalyst.net.nz>
+ * BUG 15203: CVE-2022-42898
+
+o Nicolas Williams <nico at twosigma.com>
+ * BUG 15203: CVE-2022-42898
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 5bbfad7..64c9dec 100755
--- a/history/security.html
+++ b/history/security.html
@@ -32,6 +32,28 @@ link to full release notes for each release.</p>
<td><em>Details</em></td>
</tr>
+ <tr>
+ <td>15 November 2022</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.17.3-security-2022-11-15.patch">
+ patch for Samba 4.17.3</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.16.7-security-2022-11-15.patch">
+ patch for Samba 4.16.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.15.12-security-2022-11-15.patch">
+ patch for Samba 4.15.12</a><br />
+ </td>
+ <td>Samba's Kerberos libraries and AD DC failed to guard against integer
+ overflows when parsing a PAC on a 32-bit system, which allowed an attacker
+ with a forged PAC to corrupt the heap.
+ </td>
+ <td>All versions of Samba prior to 4.15.12, 4.16.7, 4.17.3.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898">CVE-2022-42898</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2022-42898.html">Announcement</a>.
+ </td>
+
+
<tr>
<td>25 October 2022</td>
<td><a href="/samba/ftp/patches/security/samba-4.17.2-security-2022-10-25.patch">
diff --git a/posted_news/20221115-072401.4.17.3.body.html b/posted_news/20221115-072401.4.17.3.body.html
new file mode 100644
index 0000000..d270dda
--- /dev/null
+++ b/posted_news/20221115-072401.4.17.3.body.html
@@ -0,0 +1,30 @@
+<!-- BEGIN: posted_news/20221115-072401.4.17.3.body.html -->
+<h5><a name="4.17.3">15 November 2022</a></h5>
+<p class=headline>Samba 4.17.3, 4.16.7 and 4.15.12 Security Releases are available for Download</p>
+<p>
+These are Security Releases in order to address
+<a href="/samba/security/CVE-2022-42898.html">CVE-2022-42898</a> and
+</p>
+<p>
+<p>
+The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620).
+</p>
+
+<p>
+The 4.17.3 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.17.3.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.17.2-4.17.3.diffs.gz">patch against Samba 4.17.2</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.17.3.html">the release notes for more info</a>.
+</p>
+
+<p>
+The 4.16.7 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.16.7.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.16.6-4.16.7.diffs.gz">patch against Samba 4.16.6</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.16.7.html">the release notes for more info</a>.
+</p>
+
+<p>
+The 4.15.12 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.15.12.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.15.11-4.15.12.diffs.gz">patch against Samba 4.15.11</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.15.12.html">the release notes for more info</a>.
+</p>
+<!-- END: posted_news/20221115-072401.4.17.3.body.html -->
diff --git a/posted_news/20221115-072401.4.17.3.headline.html b/posted_news/20221115-072401.4.17.3.headline.html
new file mode 100644
index 0000000..dea8434
--- /dev/null
+++ b/posted_news/20221115-072401.4.17.3.headline.html
@@ -0,0 +1,3 @@
+<!-- BEGIN: posted_news/20221115-072401.4.17.3.headline.html -->
+<li> 15 November 2022 <a href="#4.17.3">Samba 4.17.3, 4.16.7 and 4.15.12 Security Releases are available for Download</a></li>
+<!-- END: posted_news/20221115-072401.4.17.3.headline.html -->
diff --git a/security/CVE-2022-42898.html b/security/CVE-2022-42898.html
new file mode 100644
index 0000000..3824c1a
--- /dev/null
+++ b/security/CVE-2022-42898.html
@@ -0,0 +1,101 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2022-42898.html:</H2>
+
+<p>
+<pre>
+===========================================================
+== Subject: Samba buffer overflow vulnerabilities on 32-bit
+== systems
+==
+== CVE ID#: CVE-2022-42898
+==
+== Versions: All versions of Samba prior to 4.15.12, 4.16.7, 4.17.3
+==
+== Summary: Samba's Kerberos libraries and AD DC failed to guard
+== against integer overflows when parsing a PAC on a 32-bit
+== system, which allowed an attacker with a forged PAC to
+== corrupt the heap.
+===========================================================
+
+===========
+Description
+===========
+
+The Kerberos libraries used by Samba provide a mechanism for
+authenticating a user or service by means of tickets that can contain
+Privilege Attribute Certificates (PACs).
+
+Both the Heimdal and MIT Kerberos libraries, and so the embedded
+Heimdal shipped by Samba suffer from an integer multiplication
+overflow when calculating how many bytes to allocate for a buffer for
+the parsed PAC.
+
+On a 32-bit system an overflow allows placement of 16-byte chunks of
+entirely attacker- controlled data.
+
+(Because the user's control over this calculation is limited to an
+unsigned 32-bit value, 64-bit systems are not impacted).
+
+The server most vulnerable is the KDC, as it will parse an
+attacker-controlled PAC in the S4U2Proxy handler.
+
+The secondary risk is to Kerberos-enabled file server installations in
+a non-AD realm. A non-AD Heimdal KDC controlling such a realm may
+pass on an attacker-controlled PAC within the service ticket.
+
+==================
+Patch Availability
+==================
+
+Patches addressing these issues have been posted to:
+
+ https://www.samba.org/samba/security/
+
+Additionally, Samba 4.15.12, 4.16.7, and 4.17.3 have been issued
+as security releases to correct the defect. Samba administrators are
+advised to upgrade to these releases or apply the patch as soon
+as possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L (6.4)
+
+==========================
+Workaround and mitigations
+==========================
+
+* No workaround on 32-bit systems as an AD DC
+* file servers are only impacted if in a non-AD domain
+* 64-bit systems are not exploitable.
+
+=======
+Credits
+=======
+
+Originally reported by Greg Hudson with the aid of oss-fuzz.
+
+Patches provided by Nicolas Williams of Heimdal and Joseph Sutton of
+Catlyst and the Samba team.
+
+Advisory by Joseph Sutton and Andrew Bartlett of Catalyst and the
+Samba Team based on text and analysis by Greg Hudson.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+
+</pre>
+</body>
+</html>
--
Samba Website Repository
More information about the samba-cvs
mailing list