The branch, master has been updated via 496265a Announce Samba 4.1.7, 4.0.25 and 3.6.25. from 09703db Our lists are now only on lists.samba.org
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 496265ab221a5f2781a721a377f967aecc55b34b Author: Karolin Seeger <ksee...@samba.org> Date: Mon Feb 23 11:02:47 2015 +0100 Announce Samba 4.1.7, 4.0.25 and 3.6.25. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240 (Unexpected code execution in smbd). Signed-off-by: Karolin Seeger <ksee...@samba.org> ----------------------------------------------------------------------- Summary of changes: generated_news/latest_10_bodies.html | 33 +++++++++------ generated_news/latest_10_headlines.html | 5 ++- generated_news/latest_2_bodies.html | 31 +++++++++----- history/header_history.html | 3 ++ history/samba-3.6.25.html | 65 +++++++++++++++++++++++++++++ history/samba-4.0.25.html | 49 ++++++++++++++++++++++ history/samba-4.1.17.html | 49 ++++++++++++++++++++++ history/security.html | 19 +++++++++ security/CVE-2015-0240.html | 73 +++++++++++++++++++++++++++++++++ 9 files changed, 303 insertions(+), 24 deletions(-) create mode 100755 history/samba-3.6.25.html create mode 100755 history/samba-4.0.25.html create mode 100755 history/samba-4.1.17.html create mode 100644 security/CVE-2015-0240.html Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index b23c8f2..743799b 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,24 @@ + <h5><a name="4.1.17">23 February 2015</a></h5> + <p class="headline">Samba 4.1.17, 4.0.25 and 3.6.25 <b>Security + Releases</b> Available for Download</p> + <p>These are security releases in order to address + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240">CVE-2015-0240</a> + (<b>Unexpected code execution in smbd</b>). + </p> + + <p>The uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA).</p> + <p> + The source code can be downloaded here: + <li><a href="http://samba.org/samba/ftp/stable/samba-4.1.17.tar.gz">download + Samba 4.1.17</a>,</li> + <li><a href="http://samba.org/samba/ftp/stable/samba-4.0.25.tar.gz">download + Samba 4.0.25</a>,</li> + <li><a href="http://samba.org/samba/ftp/stable/samba-3.6.25.tar.gz">download + Samba 3.6.25</a>.</li> + </p> + + <h5><a name="CfP2015">29 January 2015</a></h5> <p class="headline">Call for Papers SambaXP 2015</p> <p>From May 19th to 21st 2015 developers and users will meet again in @@ -112,15 +133,3 @@ using GnuPG (ID 6568B7EA). The source code can be <a href="https://download.samba.org/pub/samba/rc/samba-4.2.0rc2.tar.gz">downloaded now</a>. See <a href="https://download.samba.org/pub/samba/rc/WHATSNEW-4.2.0rc2.txt"> the release notes for more info</a>.</p> - - - <h5><a name="4.2.0rc1">01 October 2014</a></h5> - <p class="headline">Samba 4.2.0rc1 Available for Download</p> - <p>This is the first release candidate of the upcoming Samba 4.2 release - series.</p> - -<p>The uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -<a href="https://download.samba.org/pub/samba/rc/samba-4.2.0rc1.tar.gz">downloaded -now</a>. See <a href="https://download.samba.org/pub/samba/rc/WHATSNEW-4.2.0rc1.txt"> -the release notes for more info</a>.</p> diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index b8c2c93..df0dac2 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,7 @@ <ul> + <li> 23 February 2015 <a href="#4.1.17">Samba 4.1.17, 4.0.25 and 3.6.25 Security + Releases Available for Download (CVE-2015-0240)</a></li> + <li> 29 January 2015 <a href="#CfP2015">Call for Papers SambaXP 2015</a></li> <li> 16 January 2015 <a href="#4.2.0rc4">Samba 4.2.0rc4 Available for @@ -18,6 +21,4 @@ <li> 20 October 2014 <a href="#4.1.13">Samba 4.1.13 Available for Download</a></li> <li> 15 October 2014 <a href="#4.2.0rc2">Samba 4.2.0rc2 Available for Download</a></li> - - <li> 01 October 2014 <a href="#4.2.0rc1">Samba 4.2.0rc1 Available for Download</a></li> </ul> diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index b311860..390bd00 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,3 +1,24 @@ + <h5><a name="4.1.17">23 February 2015</a></h5> + <p class="headline">Samba 4.1.17, 4.0.25 and 3.6.25 <b>Security + Releases</b> Available for Download</p> + <p>These are security releases in order to address + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240">CVE-2015-0240</a> + (<b>Unexpected code execution in smbd</b>). + </p> + + <p>The uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA).</p> + <p> + The source code can be downloaded here: + <li><a href="http://samba.org/samba/ftp/stable/samba-4.1.17.tar.gz">download + Samba 4.1.17</a>,</li> + <li><a href="http://samba.org/samba/ftp/stable/samba-4.0.25.tar.gz">download + Samba 4.0.25</a>,</li> + <li><a href="http://samba.org/samba/ftp/stable/samba-3.6.25.tar.gz">download + Samba 3.6.25</a>.</li> + </p> + + <h5><a name="CfP2015">29 January 2015</a></h5> <p class="headline">Call for Papers SambaXP 2015</p> <p>From May 19th to 21st 2015 developers and users will meet again in @@ -7,13 +28,3 @@ 28th 2015. Please find all necessary information at the <a href="http://sambaXP.org">conference site</a>.</p> - <h5><a name="4.2.0rc4">16 January 2015</a></h5> - <p class="headline">Samba 4.2.0rc4 Available for Download</p> - <p>This is the fourth release candidate of the upcoming Samba 4.2 release - series. It includes the fix for CVE-2014-8143 and other bug fixes.</p> - -<p>The uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -<a href="https://download.samba.org/pub/samba/rc/samba-4.2.0rc4.tar.gz">downloaded -now</a>. See <a href="https://download.samba.org/pub/samba/rc/WHATSNEW-4.2.0rc4.txt"> -the release notes for more info</a>.</p> diff --git a/history/header_history.html b/history/header_history.html index 59c4ae5..5c2f874 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -10,6 +10,7 @@ <li class="navSub"> <ul> <li><a href="/samba/security/CVE-2013-0454.html">CVE-2013-0454</a></li> + <li><a href="samba-4.1.17.html">samba-4.1.17</a></li> <li><a href="samba-4.1.16.html">samba-4.1.16</a></li> <li><a href="samba-4.1.15.html">samba-4.1.15</a></li> <li><a href="samba-4.1.14.html">samba-4.1.14</a></li> @@ -27,6 +28,7 @@ <li><a href="samba-4.1.2.html">samba-4.1.2</a></li> <li><a href="samba-4.1.1.html">samba-4.1.1</a></li> <li><a href="samba-4.1.0.html">samba-4.1.0</a></li> + <li><a href="samba-4.0.25.html">samba-4.0.25</a></li> <li><a href="samba-4.0.24.html">samba-4.0.24</a></li> <li><a href="samba-4.0.23.html">samba-4.0.23</a></li> <li><a href="samba-4.0.22.html">samba-4.0.22</a></li> @@ -52,6 +54,7 @@ <li><a href="samba-4.0.2.html">samba-4.0.2</a></li> <li><a href="samba-4.0.1.html">samba-4.0.1</a></li> <li><a href="samba-4.0.0.html">samba-4.0.0</a></li> + <li><a href="samba-3.6.25.html">samba-3.6.25</a></li> <li><a href="samba-3.6.24.html">samba-3.6.24</a></li> <li><a href="samba-3.6.23.html">samba-3.6.23</a></li> <li><a href="samba-3.6.22.html">samba-3.6.22</a></li> diff --git a/history/samba-3.6.25.html b/history/samba-3.6.25.html new file mode 100755 index 0000000..b40ea6b --- /dev/null +++ b/history/samba-3.6.25.html @@ -0,0 +1,65 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Release Notes Archive</title> +</head> + +<body> + + <H2>Samba 3.6.25 Available for Download</H2> + +<p> +<pre> + ============================== + Release Notes for Samba 3.6.25 + February 23, 2015 + ============================== + + +This is a security release in order to address CVE-2015-0240 (Unexpected +code execution in smbd). + +o CVE-2015-0240: + All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an + unexpected code execution vulnerability in the smbd file server + daemon. + + A malicious client could send packets that may set up the stack in + such a way that the freeing of memory in a subsequent anonymous + netlogon packet could allow execution of arbitrary code. This code + would execute with root privileges. + +o CVE-2014-0178: + In preparing a response to an authenticated FSCTL_GET_SHADOW_COPY_DATA + or FSCTL_SRV_ENUMERATE_SNAPSHOTS client request, affected versions of + Samba do not initialize 8 bytes of the 16 byte SRV_SNAPSHOT_ARRAY + response field. The uninitialized buffer is sent back to the client. + + A non-default VFS module providing the get_shadow_copy_data_fn() hook + must be explicitly enabled for Samba to process the aforementioned + client requests. Therefore, only configurations with "shadow_copy" or + "shadow_copy2" specified for the "vfs objects" parameter are vulnerable. + + +Changes since 3.6.24: +--------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer + in netlogon server could lead to security vulnerability. + + +o JiÅà ŠaÅ¡ek <jiri.sa...@oracle.com> + * BUG 10549: CVE-2014-0178: Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS + response. + + +o Andreas Schneider <a...@samba.org> + * BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference + a NULL pointer./auth: Make sure that creds_out is initialized with NULL. +</pre> + +</body> +</html> diff --git a/history/samba-4.0.25.html b/history/samba-4.0.25.html new file mode 100755 index 0000000..00420cd --- /dev/null +++ b/history/samba-4.0.25.html @@ -0,0 +1,49 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Release Notes Archive</title> +</head> + +<body> + + <H2>Samba 4.0.25 Available for Download</H2> + +<p> +<pre> + ============================== + Release Notes for Samba 4.0.25 + February 23, 2015 + ============================== + + +This is a security release in order to address CVE-2015-0240 (Unexpected +code execution in smbd). + +o CVE-2015-0240: + All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an + unexpected code execution vulnerability in the smbd file server + daemon. + + A malicious client could send packets that may set up the stack in + such a way that the freeing of memory in a subsequent anonymous + netlogon packet could allow execution of arbitrary code. This code + would execute with root privileges. + + +Changes since 4.0.24: +--------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer + in netlogon server could lead to security vulnerability. + + +o Andreas Schneider <a...@samba.org> + * BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference + a NULL pointer./auth: Make sure that creds_out is initialized with NULL. +</pre> + +</body> +</html> diff --git a/history/samba-4.1.17.html b/history/samba-4.1.17.html new file mode 100755 index 0000000..800bd0f --- /dev/null +++ b/history/samba-4.1.17.html @@ -0,0 +1,49 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Release Notes Archive</title> +</head> + +<body> + + <H2>Samba 4.1.17 Available for Download</H2> + +<p> +<pre> + ============================== + Release Notes for Samba 4.1.17 + February 23, 2015 + ============================== + + +This is a security release in order to address CVE-2015-0240 (Unexpected +code execution in smbd). + +o CVE-2015-0240: + All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an + unexpected code execution vulnerability in the smbd file server + daemon. + + A malicious client could send packets that may set up the stack in + such a way that the freeing of memory in a subsequent anonymous + netlogon packet could allow execution of arbitrary code. This code + would execute with root privileges. + + +Changes since 4.1.16: +--------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer + in netlogon server could lead to security vulnerability. + + +o Andreas Schneider <a...@samba.org> + * BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference + a NULL pointer. +</pre> + +</body> +</html> diff --git a/history/security.html b/history/security.html index 41be446..3fc7c05 100755 --- a/history/security.html +++ b/history/security.html @@ -22,6 +22,25 @@ link to full release notes for each release.</p> </tr> <tr> + <td>23 Feb 2015</td> + <td><a href="/samba/ftp/patches/security/samba-4.1.16-CVE-2015-0240.patch"> + patch for Samba 4.1.16</a><br /> + <a href="/samba/ftp/patches/security/samba-4.0.24-CVE-2015-0240.patch"> + patch for Samba 4.0.24</a><br /> + <a href="/samba/ftp/patches/security/samba-3.6.24-CVE-2015-0240.patch"> + patch for Samba 3.6.24</a><br /> + <a href="/samba/ftp/patches/security/samba-3.5.22-CVE-2015-0240.patch"> + patch for Samba 3.5.22</a><br /> + <td>Unexpected code execution in smbd. + </td> + <td>3.5.0 - 4.2.0rc4</td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240">CVE-2015-0240</a> + </td> + <td><a href="/samba/security/CVE-2015-0240">Announcement</a> + </td> + </tr> + + <tr> <td>15 Jan 2015</td> <td><a href="/samba/ftp/patches/security/samba-4.1.15-CVE-2014-8143.patch"> patch for Samba 4.1.15</a><br /> diff --git a/security/CVE-2015-0240.html b/security/CVE-2015-0240.html new file mode 100644 index 0000000..49a33c0 --- /dev/null +++ b/security/CVE-2015-0240.html @@ -0,0 +1,73 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Security Announcement Archive</title> +</head> + +<body> + + <H2>CVE-2015-0240.html:</H2> + +<p> +<pre> +=========================================================== +== Subject: Unexpected code execution in smbd. +== +== CVE ID#: CVE-2015-0240 +== +== Versions: Samba 3.5.0 to 4.2.0rc4 +== +== Summary: Unauthenticated code execution attack on +== smbd file services. +== +=========================================================== + +=========== +Description +=========== + +All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an +unexpected code execution vulnerability in the smbd file server +daemon. + +A malicious client could send packets that may set up the stack in +such a way that the freeing of memory in a subsequent anonymous +netlogon packet could allow execution of arbitrary code. This code +would execute with root privileges. + +================== +Patch Availability +================== + +A patch addressing this defect has been posted to + + http://www.samba.org/samba/security/ + +Additionally, Samba 4.2.0rc5, 4.1.17, 4.0.25 and 3.6.25 have been +issued as security releases to correct the defect. Patches against +older Samba versions are available at http://samba.org/samba/patches/. +Samba vendors and administrators running affected versions are advised +to upgrade or apply the patch as soon as possible. + +========== +Workaround +========== + +On Samba versions 4.0.0 and above, add the line: + +rpc_server:netlogon=disabled + +to the [global] section of your smb.conf. For Samba versions 3.6.x and +earlier, this workaround is not available. + +======= +Credits +======= + +This problem was found by Richard van Eeden of Microsoft Vulnerability +Research, who also provided the fix. +</pre> +</body> +</html> -- Samba Website Repository