[Announce] Samba 4.5.3, 4.4.8 and 4.3.13 Security Releases Available for Download
Andreas Schneider
asn at samba.org
Mon Dec 19 18:32:41 UTC 2016
On Monday, 19 December 2016 18:20:08 CET Evgeny Sinelnikov wrote:
> Hello,
>
> we got a build problem for 4.3.13 and 4.4.8:
> ../auth/kerberos/kerberos_pac.c: In function 'check_pac_checksum':
> ../auth/kerberos/kerberos_pac.c:46:7: error:
> 'CKSUMTYPE_HMAC_SHA1_96_AES_256' undeclared (first use in this
> function)
> ../auth/kerberos/kerberos_pac.c:46:7: note: each undeclared identifier
> is reported only once for each function it appears in
> ../auth/kerberos/kerberos_pac.c:52:7: error:
> 'CKSUMTYPE_HMAC_SHA1_96_AES_128' undeclared (first use in this
> function)
>
> due patch bb64c550 not applied.
>
> commit bb64c550ae19b08ad4e6d8d26f68c2474cb251e6
> Author: Stefan Metzmacher <metze at samba.org>
> Date: Tue Jul 19 16:31:01 2016 +0200
>
> krb5_wrap: provide CKSUMTYPE_HMAC_SHA1_96_AES_*
>
> MIT only defined this as CKSUMTYPE_HMAC_SHA1_96_AES128,
> while Heimdal has CKSUMTYPE_HMAC_SHA1_96_AES_128.
>
> Signed-off-by: Stefan Metzmacher <metze at samba.org>
> Reviewed-by: Günther Deschner <gd at samba.org>
>
> 2016-12-19 13:18 GMT+04:00 Karolin Seeger <kseeger at samba.org>:
> > Release Announcements
> > ---------------------
> >
> > This is a security release in order to address the following CVEs:
> >
> > o CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
> >
> > Overflow Remote Code Execution Vulnerability).
> >
> > o CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers
> > in
> >
> > trusted realms).
> >
> > o CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege
> >
> > elevation).
> >
> > Please note that the patch for CVE-2016-2126 breaks the build with MIT
> > Kerberos in Samba 4.4.8 and 4.4.13. Samba 4.5.3 is not affected.
> >
> > A patch for this issue is available for Samba 4.4 and 4.3 here:
> > https://bugzilla.samba.org/show_bug.cgi?id=12471
^^^^^^^^^^^^^^^
HERE this link HERE
:P
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list