[Announce] Samba 4.8.4, 4.7.9 and 4.6.16 Security Releases Available for Download
Karolin Seeger
kseeger at samba.org
Tue Aug 14 08:33:42 UTC 2018
Release Announcements
---------------------
These are security releases in order to address the following defects:
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
o CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
Samba 4.8.4 addresses all CVEs listed above, Samba 4.7.9 all except CVE 2018-1140 and 4.6.16 only CVE-2018-10858 and CVE-2018-10919. Please see the release notes for details.
=======
Details
=======
o CVE-2018-1139:
Vulnerability that allows authentication via NTLMv1 even if disabled.
o CVE-2018-1140:
Missing null pointer checks may crash the Samba AD DC, both over
DNS and LDAP.
o CVE-2018-10858:
A malicious server could return a directory entry that could corrupt
libsmbclient memory.
o CVE-2018-10918:
Missing null pointer checks may crash the Samba AD DC, over the
authenticated DRSUAPI RPC service.
o CVE-2018-10919:
Missing access control checks allow discovery of confidential attribute
values via authenticated LDAP search expressions.
Changes:
--------
o Jeremy Allison <jra at samba.org>
* BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
returns from malicious servers.
o Andrew Bartlett <abartlet at samba.org>
* BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140
* BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
not servicePrincipalName is set on a user.
o Tim Beale <timbeale at catalyst.net.nz>
* BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via
searches.
o Günther Deschner <gd at samba.org>
* BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
is disabled via "ntlm auth".
o Andrej Gessel <Andrej.Gessel at janztec.com>
* BUG 13374: CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
ltdb_index_dn_attr().
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
================
Download Details
================
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6F33915B6568B7EA). The source code can be downloaded
from:
https://download.samba.org/pub/samba/stable/
The release notes are available online at:
https://www.samba.org/samba/history/samba-4.8.4.html
https://www.samba.org/samba/history/samba-4.7.9.html
https://www.samba.org/samba/history/samba-4.6.16.html
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180814/4c3f3052/signature.sig>
More information about the samba-technical
mailing list