[Announce] Samba 4.5.3, 4.4.8 and 4.3.13 Security Releases Available for Download

Andreas Schneider asn at samba.org
Mon Dec 19 18:32:41 UTC 2016


On Monday, 19 December 2016 18:20:08 CET Evgeny Sinelnikov wrote:
> Hello,
> 
> we got a build problem for 4.3.13 and 4.4.8:
> ../auth/kerberos/kerberos_pac.c: In function 'check_pac_checksum':
> ../auth/kerberos/kerberos_pac.c:46:7: error:
> 'CKSUMTYPE_HMAC_SHA1_96_AES_256' undeclared (first use in this
> function)
> ../auth/kerberos/kerberos_pac.c:46:7: note: each undeclared identifier
> is reported only once for each function it appears in
> ../auth/kerberos/kerberos_pac.c:52:7: error:
> 'CKSUMTYPE_HMAC_SHA1_96_AES_128' undeclared (first use in this
> function)
> 
> due patch bb64c550 not applied.
> 
> commit bb64c550ae19b08ad4e6d8d26f68c2474cb251e6
> Author: Stefan Metzmacher <metze at samba.org>
> Date:   Tue Jul 19 16:31:01 2016 +0200
> 
>     krb5_wrap: provide CKSUMTYPE_HMAC_SHA1_96_AES_*
> 
>     MIT only defined this as CKSUMTYPE_HMAC_SHA1_96_AES128,
>     while Heimdal has CKSUMTYPE_HMAC_SHA1_96_AES_128.
> 
>     Signed-off-by: Stefan Metzmacher <metze at samba.org>
>     Reviewed-by: G√ľnther Deschner <gd at samba.org>
> 
> 2016-12-19 13:18 GMT+04:00 Karolin Seeger <kseeger at samba.org>:
> > Release Announcements
> > ---------------------
> > 
> > This is a security release in order to address the following CVEs:
> > 
> > o  CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
> > 
> >    Overflow Remote Code Execution Vulnerability).
> > 
> > o  CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers
> > in
> > 
> >    trusted realms).
> > 
> > o  CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege
> > 
> >    elevation).
> > 
> > Please note that the patch for CVE-2016-2126 breaks the build with MIT
> > Kerberos in Samba 4.4.8 and 4.4.13. Samba 4.5.3 is not affected.
> > 
> > A patch for this issue is available for Samba 4.4 and 4.3 here:
> >   https://bugzilla.samba.org/show_bug.cgi?id=12471

                 ^^^^^^^^^^^^^^^
               HERE  this link  HERE


:P


-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org



More information about the samba-technical mailing list