[SCM] Samba Website Repository - branch master updated
Jule Anger
janger at samba.org
Tue Oct 25 09:11:13 UTC 2022
The branch, master has been updated
via 0e65e3e NEWS[4.17.2]: Samba 4.17.2, 4.16.6 and 4.15.11 Security Releases Available for Download
from b820158 NEWS[4.17.1]: Samba 4.17.1 Available for Download
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0e65e3e7b4928125ba981e0d6987d415e80f5969
Author: Jule Anger <janger at samba.org>
Date: Tue Oct 25 09:06:52 2022 +0200
NEWS[4.17.2]: Samba 4.17.2, 4.16.6 and 4.15.11 Security Releases Available for Download
Signed-off-by: Jule Anger <janger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/header_history.html | 3 +
history/samba-4.15.11.html | 50 ++++++++++++
history/samba-4.16.6.html | 42 ++++++++++
history/samba-4.17.2.html | 49 ++++++++++++
history/security.html | 22 ++++++
posted_news/20221024-105707.4.17.2.body.html | 31 ++++++++
posted_news/20221024-105707.4.17.2.headline.html | 3 +
security/CVE-2022-3437.html | 98 ++++++++++++++++++++++++
security/CVE-2022-3592.html | 87 +++++++++++++++++++++
9 files changed, 385 insertions(+)
create mode 100644 history/samba-4.15.11.html
create mode 100644 history/samba-4.16.6.html
create mode 100644 history/samba-4.17.2.html
create mode 100644 posted_news/20221024-105707.4.17.2.body.html
create mode 100644 posted_news/20221024-105707.4.17.2.headline.html
create mode 100644 security/CVE-2022-3437.html
create mode 100644 security/CVE-2022-3592.html
Changeset truncated at 500 lines:
diff --git a/history/header_history.html b/history/header_history.html
index 840b27e..9348c26 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,14 +9,17 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.17.2.html">samba-4.17.2</a></li>
<li><a href="samba-4.17.1.html">samba-4.17.1</a></li>
<li><a href="samba-4.17.0.html">samba-4.17.0</a></li>
+ <li><a href="samba-4.16.6.html">samba-4.16.6</a></li>
<li><a href="samba-4.16.5.html">samba-4.16.5</a></li>
<li><a href="samba-4.16.4.html">samba-4.16.4</a></li>
<li><a href="samba-4.16.3.html">samba-4.16.3</a></li>
<li><a href="samba-4.16.2.html">samba-4.16.2</a></li>
<li><a href="samba-4.16.1.html">samba-4.16.1</a></li>
<li><a href="samba-4.16.0.html">samba-4.16.0</a></li>
+ <li><a href="samba-4.15.11.html">samba-4.15.11</a></li>
<li><a href="samba-4.15.10.html">samba-4.15.10</a></li>
<li><a href="samba-4.15.9.html">samba-4.15.9</a></li>
<li><a href="samba-4.15.8.html">samba-4.15.8</a></li>
diff --git a/history/samba-4.15.11.html b/history/samba-4.15.11.html
new file mode 100644
index 0000000..b01a1e3
--- /dev/null
+++ b/history/samba-4.15.11.html
@@ -0,0 +1,50 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.15.11 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.15.11 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.15.11.tar.gz">Samba 4.15.11 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.15.11.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.15.10-4.15.11.diffs.gz">Patch (gzipped) against Samba 4.15.10</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.15.10-4.15.11.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ===============================
+ Release Notes for Samba 4.15.11
+ October 25, 2022
+ ===============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
+ unwrap_des() and unwrap_des3() routines of Heimdal (included
+ in Samba).
+ https://www.samba.org/samba/security/CVE-2022-3437.html
+
+Changes since 4.15.10
+---------------------
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 15193: Allow rebuild of Centos 8 images after move to vault for Samba
+ 4.15.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15193: Allow rebuild of Centos 8 images after move to vault for Samba
+ 4.15.
+
+o Joseph Sutton <josephsutton at catalyst.net.nz>
+ * BUG 15134: CVE-2022-3437.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.16.6.html b/history/samba-4.16.6.html
new file mode 100644
index 0000000..4423bf2
--- /dev/null
+++ b/history/samba-4.16.6.html
@@ -0,0 +1,42 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.16.6 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.16.6 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.16.6.tar.gz">Samba 4.16.6 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.16.6.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.16.5-4.16.6.diffs.gz">Patch (gzipped) against Samba 4.16.5</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.16.5-4.16.6.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.16.6
+ October 25, 2022
+ ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
+ unwrap_des() and unwrap_des3() routines of Heimdal (included
+ in Samba).
+ https://www.samba.org/samba/security/CVE-2022-3437.html
+
+Changes since 4.16.5
+---------------------
+
+o Joseph Sutton <josephsutton at catalyst.net.nz>
+ * BUG 15134: CVE-2022-3437.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.17.2.html b/history/samba-4.17.2.html
new file mode 100644
index 0000000..cb19766
--- /dev/null
+++ b/history/samba-4.17.2.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.17.2 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.17.2 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.17.2.tar.gz">Samba 4.17.2 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.17.2.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.17.1-4.17.2.diffs.gz">Patch (gzipped) against Samba 4.17.1</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.17.1-4.17.2.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.17.2
+ October 25, 2022
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
+ unwrap_des() and unwrap_des3() routines of Heimdal (included
+ in Samba).
+ https://www.samba.org/samba/security/CVE-2022-3437.html
+
+o CVE-2022-3592: A malicious client can use a symlink to escape the exported
+ directory.
+ https://www.samba.org/samba/security/CVE-2022-3592.html
+
+Changes since 4.17.1
+--------------------
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 15207: CVE-2022-3592.
+
+o Joseph Sutton <josephsutton at catalyst.net.nz>
+ * BUG 15134: CVE-2022-3437.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 2b9ed15..5bbfad7 100755
--- a/history/security.html
+++ b/history/security.html
@@ -33,6 +33,28 @@ link to full release notes for each release.</p>
</tr>
<tr>
+ <td>25 October 2022</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.17.2-security-2022-10-25.patch">
+ patch for Samba 4.17.2</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.16.6-security-2022-10-25.patch">
+ patch for Samba 4.16.6</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.15.11-security-2022-10-25.patch">
+ patch for Samba 4.15.11</a><br />
+ </td>
+ <td>CVE-2022-3437 and CVE-2022-3592.
+ Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437">CVE-2022-3437</a>,
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592">CVE-2022-3592</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2022-3437.html">Announcement</a>,
+<a href="/samba/security/CVE-2022-3592.html">Announcement</a>.
+ </td>
+ <tr>
+
<td>27 July 2022</td>
<td><a href="/samba/ftp/patches/security/samba-4.16.4-security-2022-07-27.patch">
patch for Samba 4.16.4</a><br />
diff --git a/posted_news/20221024-105707.4.17.2.body.html b/posted_news/20221024-105707.4.17.2.body.html
new file mode 100644
index 0000000..2dac3b0
--- /dev/null
+++ b/posted_news/20221024-105707.4.17.2.body.html
@@ -0,0 +1,31 @@
+<!-- BEGIN: posted_news/20221024-105707.4.17.2.body.html -->
+<h5><a name="4.17.2">25 October 2022</a></h5>
+<p class=headline>Samba 4.17.2, 4.16.6 and 4.15.11 Security Releases are available for Download</p>
+<p>
+These are Security Releases in order to address
+<a href="/samba/security/CVE-2022-3437.html">CVE-2022-3437</a> and
+<a href="/samba/security/CVE-2022-3592.html">CVE-2022-3592</a>.
+</p>
+
+<p>
+The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620).
+</p>
+
+<p>
+The 4.17.2 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.17.2.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.17.1-4.17.2.diffs.gz">patch against Samba 4.17.1</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.17.2.html">the release notes for more info</a>.
+</p>
+
+<p>
+The 4.16.6 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.16.6.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.16.5-4.16.6.diffs.gz">patch against Samba 4.16.5</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.16.6.html">the release notes for more info</a>.
+</p>
+
+<p>
+The 4.15.11 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.15.11.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.15.10-4.15.11.diffs.gz">patch against Samba 4.15.10</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.15.11.html">the release notes for more info</a>.
+</p>
+<!-- END: posted_news/20221024-105707.4.17.2.body.html -->
diff --git a/posted_news/20221024-105707.4.17.2.headline.html b/posted_news/20221024-105707.4.17.2.headline.html
new file mode 100644
index 0000000..b98f46b
--- /dev/null
+++ b/posted_news/20221024-105707.4.17.2.headline.html
@@ -0,0 +1,3 @@
+<!-- BEGIN: posted_news/20221024-105707.4.17.2.headline.html -->
+<li> 25 October 2022 <a href="#4.17.2">Samba 4.17.2, 4.16.6 and 4.15.11 Security Releases are available for Download</a></li>
+<!-- END: posted_news/20221024-105707.4.17.2.headline.html -->
diff --git a/security/CVE-2022-3437.html b/security/CVE-2022-3437.html
new file mode 100644
index 0000000..19ec46f
--- /dev/null
+++ b/security/CVE-2022-3437.html
@@ -0,0 +1,98 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2022-3437.html:</H2>
+
+<p>
+<pre>
+===========================================================
+== Subject: Buffer overflow in Heimdal unwrap_des3()
+==
+== CVE ID#: CVE-2022-3437
+==
+== Versions: All versions of Samba since Samba 4.0 compiled
+== with Heimdal Kerberos
+==
+== Summary: There is a limited write heap buffer overflow
+== in the GSSAPI unwrap_des() and unwrap_des3()
+== routines of Heimdal (included in Samba).
+===========================================================
+
+===========
+Description
+===========
+
+The DES (for Samba 4.11 and earlier) and Triple-DES decryption
+routines in the Heimdal GSSAPI library allow a length-limited write
+buffer overflow on malloc() allocated memory when presented with a
+maliciously small packet.
+
+Examples of where Samba can use GSSAPI include the client and
+fileserver for SMB1 (unix extensions), DCE/RPC in all use cases and
+LDAP in the Active Directory Domain Controller.
+
+However not all Samba installations are impacted! Samba is often
+compiled to use the system MIT Kerberos using the
+--with-system-mitkrb5 argument and these installations are not
+impacted, as the vulnerable code is not compiled into Samba.
+
+However when, as is the default, Samba is compiled to use the internal
+Heimdal Kerberos library the vulnerable unwrap_des3() is used.
+
+(The single-DES use case, along with the equally vulnerable
+unwrap_des() is only compiled into Samba 4.11 and earlier).
+
+The primary use of Samba's internal Heimdal is for the Samba AD DC,
+but this vulnerability does impact fileserver deployments built with
+the default build options.
+
+==================
+Patch Availability
+==================
+
+Patches addressing both these issues have been posted to:
+
+ https://www.samba.org/samba/security/
+
+Additionally, Samba 4.15.11, 4.16.6 and 4.17.2 have been issued
+as security releases to correct the defect. Samba administrators are
+advised to upgrade to these releases or apply the patch as soon
+as possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L (5.9)
+
+==========
+Workaround
+==========
+
+Compiling Samba with --with-system-mitkrb5 will avoid this issue.
+
+=======
+Credits
+=======
+
+Originally reported by Evgeny Legerov of Intevydis.
+
+Patches provided by Joseph Sutton of Catalyst and the Samba Team,
+advisory written by Andrew Bartlett of Catalyst and the Samba Team.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+
+
+</pre>
+</body>
+</html>
diff --git a/security/CVE-2022-3592.html b/security/CVE-2022-3592.html
new file mode 100644
index 0000000..d9b7ad2
--- /dev/null
+++ b/security/CVE-2022-3592.html
@@ -0,0 +1,87 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2022-3592.html:</H2>
+
+<p>
+<pre>
+===========================================================
+== Subject: Wide links protection broken
+==
+== CVE ID#: CVE-2022-3592
+==
+== Versions: All versions of Samba since 4.17.0
+==
+== Summary: A malicious client can use a symlink to escape
+== the exported directory
+===========================================================
+
+===========
+Description
+===========
+
+Samba 4.17 introduced following symlinks in user space with the intent
+to properly check symlink targets to stay within the share that was
+configured by the administrator. The check does not properly cover a
+corner case, so that a user can create a symbolic link that will make
+smbd escape the configured share path.
+
+Clients that have write access to the exported part of the file system
+under a share via SMB1 unix extensions or NFS can create symlinks can
+use the vulnerability to get access to all of the server's file
+system.
+
+==================
+Patch Availability
+==================
+
+Patches addressing this issue has been posted to:
+
+ https://www.samba.org/samba/security/
+
+Samba 4.17.2 has been issued as a security releases to correct the
+defect. Samba administrators are advised to upgrade to this release as
+soon as possible.
+
+==================
+CVSSv3.1 calculation
+==================
+
+CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N (5.4)
+
+=================================
+Workaround and mitigating factors
+=================================
+
+Do not enable SMB1 (please note SMB1 is disabled by default in Samba
+from version 4.11.0 and onwards). This prevents the creation of
+symbolic links via SMB1. If SMB1 must be enabled for backwards
+compatibility then add the parameter:
+
+unix extensions = no
+
+to the [global] section of your smb.conf and restart smbd. This
+prevents SMB1 clients from creating symlinks on the exported file
+system.
+
+However, if the same region of the file system is also exported using
+NFS, NFS clients can create symlinks that potentially can also hit the
+race condition. For non-patched versions of Samba we recommend only
+exporting areas of the file system by either SMB2 or NFS, not both.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+
+
+</pre>
+</body>
+</html>
\ No newline at end of file
--
Samba Website Repository
More information about the samba-cvs
mailing list