[Announce] Samba 4.1.17, 4.0.25 and 3.6.25 Available for Download
Karolin Seeger
kseeger at samba.org
Mon Feb 23 03:45:07 MST 2015
Release Announcements
---------------------
Samba 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases in order
to address CVE-2015-0240 (Unexpected code execution in smbd.). For the sake of
completeness, Samba 4.2.0rc5 including a fix for this defect will follow soon,
but it won't be a dedicated security release and will therefore address other
bug fixes also.
o CVE-2015-0240:
All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
unexpected code execution vulnerability in the smbd file server
daemon.
A malicious client could send packets that may set up the stack in
such a way that the freeing of memory in a subsequent anonymous
netlogon packet could allow execution of arbitrary code. This code
would execute with root privileges.
Samba 3.6.25 also includes a fix for CVE-2014-0178 (Malformed
FSCTL_SRV_ENUMERATE_SNAPSHOTS response).
o CVE-2014-0178:
In preparing a response to an authenticated FSCTL_GET_SHADOW_COPY_DATA
or FSCTL_SRV_ENUMERATE_SNAPSHOTS client request, affected versions of
Samba do not initialize 8 bytes of the 16 byte SRV_SNAPSHOT_ARRAY
response field. The uninitialized buffer is sent back to the client.
A non-default VFS module providing the get_shadow_copy_data_fn() hook
must be explicitly enabled for Samba to process the aforementioned
client requests. Therefore, only configurations with "shadow_copy" or
"shadow_copy2" specified for the "vfs objects" parameter are vulnerable.
For more details and a patch for Samba 3.5.22, please see
http://www.samba.org/samba/history/security.html
Changes:
========
o Jeremy Allison <jra at samba.org>
* BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer
in netlogon server could lead to security vulnerability.
o Jiří Šašek <jiri.sasek at oracle.com>
* BUG 10549: CVE-2014-0178: Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS
response.
o Andreas Schneider <asn at samba.org>
* BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference
a NULL pointer./auth: Make sure that creds_out is initialized with NULL.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba correct product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
================
Download Details
================
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
http://download.samba.org/samba/ftp/stable/
The release notes are available online at:
http://www.samba.org/samba/history/samba-4.1.17.html
http://www.samba.org/samba/history/samba-4.0.25.html
http://www.samba.org/samba/history/samba-3.6.25.html
Binary packages will be made available on a volunteer basis from
http://download.samba.org/samba/ftp/Binary_Packages/
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
More information about the samba-technical
mailing list