The branch, master has been updated via 1e82af3 Update latest stable release... from eeddc3f Announce Samba 4.1.3, 4.0.13 and 3.6.22.
http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 1e82af366b35dbbde2745c285e295da7acd93efd Author: Karolin Seeger <ksee...@samba.org> Date: Mon Dec 9 06:19:52 2013 +0100 Update latest stable release... and add release notes for 4.1.3, 4.0.13 and 3.6.22. Signed-off-by: Karolin Seeger <ksee...@samba.org> ----------------------------------------------------------------------- Summary of changes: history/samba-3.6.22.html | 86 ++++++++++++++++++++++++++++++++++++++++++++ history/samba-4.0.13.html | 86 ++++++++++++++++++++++++++++++++++++++++++++ history/samba-4.1.3.html | 86 ++++++++++++++++++++++++++++++++++++++++++++ latest_stable_release.html | 6 ++-- 4 files changed, 261 insertions(+), 3 deletions(-) create mode 100755 history/samba-3.6.22.html create mode 100755 history/samba-4.0.13.html create mode 100755 history/samba-4.1.3.html Changeset truncated at 500 lines: diff --git a/history/samba-3.6.22.html b/history/samba-3.6.22.html new file mode 100755 index 0000000..6de5c00 --- /dev/null +++ b/history/samba-3.6.22.html @@ -0,0 +1,86 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Release Notes Archive</title> +</head> + +<body> + + <H2>Samba 3.6.22 Available for Download</H2> + +<p> +<pre> + ============================== + Release Notes for Samba 3.6.22 + December 9, 2013 + ============================== + + +This is a security release in order to address +CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and +CVE-2012-6150 (pam_winbind login without require_membership_of restrictions). + +o CVE-2013-4408: + Samba versions 3.4.0 and above (versions 3.4.0 - 3.4.17, 3.5.0 - + 3.5.22, 3.6.0 - 3.6.21, 4.0.0 - 4.0.12 and including 4.1.2) are + vulnerable to buffer overrun exploits in the client processing of + DCE-RPC packets. This is due to incorrect checking of the DCE-RPC + fragment length in the client code. + + This is a critical vulnerability as the DCE-RPC client code is part of + the winbindd authentication and identity mapping daemon, which is + commonly configured as part of many server installations (when joined + to an Active Directory Domain). A malicious Active Directory Domain + Controller or man-in-the-middle attacker impersonating an Active + Directory Domain Controller could achieve root-level access by + compromising the winbindd process. + + Samba server versions 3.4.0 - 3.4.17 and versions 3.5.0 - 3.5.22 are + also vulnerable to a denial of service attack (server crash) due to a + similar error in the server code of those versions. + + Samba server versions 3.6.0 and above (including all 3.6.x versions, + all 4.0.x versions and 4.1.x) are not vulnerable to this problem. + + In addition range checks were missing on arguments returned from calls + to the DCE-RPC functions LookupSids (lsa and samr), LookupNames (lsa and samr) + and LookupRids (samr) which could also cause similar problems. + + As this was found during an internal audit of the Samba code there are + no currently known exploits for this problem (as of December 9th 2013). + +o CVE-2012-6150: + Winbind allows for the further restriction of authenticated PAM logins using + the require_membership_of parameter. System administrators may specify a list + of SIDs or groups for which an authenticated user must be a member of. If an + authenticated user does not belong to any of the entries, then login should + fail. Invalid group name entries are ignored. + + Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from + authenticated users if the require_membership_of parameter specifies only + invalid group names. + + This is a vulnerability with low impact. All require_membership_of group + names must be invalid for this bug to be encountered. + + +Changes since 3.6.21: +--------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field. + + +o Stefan Metzmacher <me...@samba.org> + * BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field. + + +o Noel Power <noel.po...@suse.com> + * BUGs 10300, 10306: CVE-2012-6150: Fail authentication if user isn't + member of *any* require_membership_of specified groups. +</pre> + +</body> +</html> diff --git a/history/samba-4.0.13.html b/history/samba-4.0.13.html new file mode 100755 index 0000000..6ca5b08 --- /dev/null +++ b/history/samba-4.0.13.html @@ -0,0 +1,86 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Release Notes Archive</title> +</head> + +<body> + + <H2>Samba 4.0.13 Available for Download</H2> + +<p> +<pre> + ============================== + Release Notes for Samba 4.0.13 + December 9, 2013 + ============================== + + +This is a security release in order to address +CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and +CVE-2012-6150 (pam_winbind login without require_membership_of restrictions). + +o CVE-2013-4408: + Samba versions 3.4.0 and above (versions 3.4.0 - 3.4.17, 3.5.0 - + 3.5.22, 3.6.0 - 3.6.21, 4.0.0 - 4.0.12 and including 4.1.2) are + vulnerable to buffer overrun exploits in the client processing of + DCE-RPC packets. This is due to incorrect checking of the DCE-RPC + fragment length in the client code. + + This is a critical vulnerability as the DCE-RPC client code is part of + the winbindd authentication and identity mapping daemon, which is + commonly configured as part of many server installations (when joined + to an Active Directory Domain). A malicious Active Directory Domain + Controller or man-in-the-middle attacker impersonating an Active + Directory Domain Controller could achieve root-level access by + compromising the winbindd process. + + Samba server versions 3.4.0 - 3.4.17 and versions 3.5.0 - 3.5.22 are + also vulnerable to a denial of service attack (server crash) due to a + similar error in the server code of those versions. + + Samba server versions 3.6.0 and above (including all 3.6.x versions, + all 4.0.x versions and 4.1.x) are not vulnerable to this problem. + + In addition range checks were missing on arguments returned from calls + to the DCE-RPC functions LookupSids (lsa and samr), LookupNames (lsa and samr) + and LookupRids (samr) which could also cause similar problems. + + As this was found during an internal audit of the Samba code there are + no currently known exploits for this problem (as of December 9th 2013). + +o CVE-2012-6150: + Winbind allows for the further restriction of authenticated PAM logins using + the require_membership_of parameter. System administrators may specify a list + of SIDs or groups for which an authenticated user must be a member of. If an + authenticated user does not belong to any of the entries, then login should + fail. Invalid group name entries are ignored. + + Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from + authenticated users if the require_membership_of parameter specifies only + invalid group names. + + This is a vulnerability with low impact. All require_membership_of group + names must be invalid for this bug to be encountered. + + +Changes since 4.0.12: +--------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field. + + +o Stefan Metzmacher <me...@samba.org> + * BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field. + + +o Noel Power <noel.po...@suse.com> + * BUGs 10300, 10306: CVE-2012-6150: Fail authentication if user isn't + member of *any* require_membership_of specified groups. +</pre> + +</body> +</html> diff --git a/history/samba-4.1.3.html b/history/samba-4.1.3.html new file mode 100755 index 0000000..fb681e0 --- /dev/null +++ b/history/samba-4.1.3.html @@ -0,0 +1,86 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Release Notes Archive</title> +</head> + +<body> + + <H2>Samba 4.1.3 Available for Download</H2> + +<p> +<pre> + ============================= + Release Notes for Samba 4.1.3 + December 9, 2013 + ============================= + + +This is a security release in order to address +CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and +CVE-2012-6150 (pam_winbind login without require_membership_of restrictions). + +o CVE-2013-4408: + Samba versions 3.4.0 and above (versions 3.4.0 - 3.4.17, 3.5.0 - + 3.5.22, 3.6.0 - 3.6.21, 4.0.0 - 4.0.12 and including 4.1.2) are + vulnerable to buffer overrun exploits in the client processing of + DCE-RPC packets. This is due to incorrect checking of the DCE-RPC + fragment length in the client code. + + This is a critical vulnerability as the DCE-RPC client code is part of + the winbindd authentication and identity mapping daemon, which is + commonly configured as part of many server installations (when joined + to an Active Directory Domain). A malicious Active Directory Domain + Controller or man-in-the-middle attacker impersonating an Active + Directory Domain Controller could achieve root-level access by + compromising the winbindd process. + + Samba server versions 3.4.0 - 3.4.17 and versions 3.5.0 - 3.5.22 are + also vulnerable to a denial of service attack (server crash) due to a + similar error in the server code of those versions. + + Samba server versions 3.6.0 and above (including all 3.6.x versions, + all 4.0.x versions and 4.1.x) are not vulnerable to this problem. + + In addition range checks were missing on arguments returned from calls + to the DCE-RPC functions LookupSids (lsa and samr), LookupNames (lsa and samr) + and LookupRids (samr) which could also cause similar problems. + + As this was found during an internal audit of the Samba code there are + no currently known exploits for this problem (as of December 9th 2013). + +o CVE-2012-6150: + Winbind allows for the further restriction of authenticated PAM logins using + the require_membership_of parameter. System administrators may specify a list + of SIDs or groups for which an authenticated user must be a member of. If an + authenticated user does not belong to any of the entries, then login should + fail. Invalid group name entries are ignored. + + Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from + authenticated users if the require_membership_of parameter specifies only + invalid group names. + + This is a vulnerability with low impact. All require_membership_of group + names must be invalid for this bug to be encountered. + + +Changes since 4.1.2: +-------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field. + + +o Stefan Metzmacher <me...@samba.org> + * BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field. + + +o Noel Power <noel.po...@suse.com> + * BUGs 10300, 10306: CVE-2012-6150: Fail authentication if user isn't + member of *any* require_membership_of specified groups. +</pre> + +</body> +</html> diff --git a/latest_stable_release.html b/latest_stable_release.html index f67cb9f..e3aebfd 100644 --- a/latest_stable_release.html +++ b/latest_stable_release.html @@ -1,5 +1,5 @@ <p> - <a href="/samba/ftp/stable/samba-4.1.2.tar.gz">Samba 4.1.2 (gzipped)</a><br> - <a href="/samba/history/samba-4.1.2.html">Release Notes</a> · - <a href="/samba/ftp/stable/samba-4.1.2.tar.asc">Signature</a> + <a href="/samba/ftp/stable/samba-4.1.3.tar.gz">Samba 4.1.3 (gzipped)</a><br> + <a href="/samba/history/samba-4.1.3.html">Release Notes</a> · + <a href="/samba/ftp/stable/samba-4.1.3.tar.asc">Signature</a> </p> -- Samba Website Repository