The branch, master has been updated
via 496265a Announce Samba 4.1.7, 4.0.25 and 3.6.25.
from 09703db Our lists are now only on lists.samba.org
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 496265ab221a5f2781a721a377f967aecc55b34b
Author: Karolin Seeger <ksee...@samba.org>
Date: Mon Feb 23 11:02:47 2015 +0100
Announce Samba 4.1.7, 4.0.25 and 3.6.25.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077
CVE-2015-0240 (Unexpected code execution in smbd).
Signed-off-by: Karolin Seeger <ksee...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
generated_news/latest_10_bodies.html | 33 +++++++++------
generated_news/latest_10_headlines.html | 5 ++-
generated_news/latest_2_bodies.html | 31 +++++++++-----
history/header_history.html | 3 ++
history/samba-3.6.25.html | 65 +++++++++++++++++++++++++++++
history/samba-4.0.25.html | 49 ++++++++++++++++++++++
history/samba-4.1.17.html | 49 ++++++++++++++++++++++
history/security.html | 19 +++++++++
security/CVE-2015-0240.html | 73 +++++++++++++++++++++++++++++++++
9 files changed, 303 insertions(+), 24 deletions(-)
create mode 100755 history/samba-3.6.25.html
create mode 100755 history/samba-4.0.25.html
create mode 100755 history/samba-4.1.17.html
create mode 100644 security/CVE-2015-0240.html
Changeset truncated at 500 lines:
diff --git a/generated_news/latest_10_bodies.html
b/generated_news/latest_10_bodies.html
index b23c8f2..743799b 100644
--- a/generated_news/latest_10_bodies.html
+++ b/generated_news/latest_10_bodies.html
@@ -1,3 +1,24 @@
+ <h5><a name="4.1.17">23 February 2015</a></h5>
+ <p class="headline">Samba 4.1.17, 4.0.25 and 3.6.25 <b>Security
+ Releases</b> Available for Download</p>
+ <p>These are security releases in order to address
+ <a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240";>CVE-2015-0240</a>
+ (<b>Unexpected code execution in smbd</b>).
+ </p>
+
+ <p>The uncompressed tarballs and patch files have been signed
+ using GnuPG (ID 6568B7EA).</p>
+ <p>
+ The source code can be downloaded here:
+ <li><a
href="http://samba.org/samba/ftp/stable/samba-4.1.17.tar.gz";>download
+ Samba 4.1.17</a>,</li>
+ <li><a
href="http://samba.org/samba/ftp/stable/samba-4.0.25.tar.gz";>download
+ Samba 4.0.25</a>,</li>
+ <li><a
href="http://samba.org/samba/ftp/stable/samba-3.6.25.tar.gz";>download
+ Samba 3.6.25</a>.</li>
+ </p>
+
+
<h5><a name="CfP2015">29 January 2015</a></h5>
<p class="headline">Call for Papers SambaXP 2015</p>
<p>From May 19th to 21st 2015 developers and users will meet again in
@@ -112,15 +133,3 @@ using GnuPG (ID 6568B7EA). The source code can be
<a
href="https://download.samba.org/pub/samba/rc/samba-4.2.0rc2.tar.gz";>downloaded
now</a>. See <a
href="https://download.samba.org/pub/samba/rc/WHATSNEW-4.2.0rc2.txt";>
the release notes for more info</a>.</p>
-
-
- <h5><a name="4.2.0rc1">01 October 2014</a></h5>
- <p class="headline">Samba 4.2.0rc1 Available for Download</p>
- <p>This is the first release candidate of the upcoming Samba 4.2 release
- series.</p>
-
-<p>The uncompressed tarballs and patch files have been signed
-using GnuPG (ID 6568B7EA). The source code can be
-<a
href="https://download.samba.org/pub/samba/rc/samba-4.2.0rc1.tar.gz";>downloaded
-now</a>. See <a
href="https://download.samba.org/pub/samba/rc/WHATSNEW-4.2.0rc1.txt";>
-the release notes for more info</a>.</p>
diff --git a/generated_news/latest_10_headlines.html
b/generated_news/latest_10_headlines.html
index b8c2c93..df0dac2 100644
--- a/generated_news/latest_10_headlines.html
+++ b/generated_news/latest_10_headlines.html
@@ -1,4 +1,7 @@
<ul>
+ <li> 23 February 2015 <a href="#4.1.17">Samba 4.1.17, 4.0.25 and 3.6.25
Security
+ Releases Available for Download (CVE-2015-0240)</a></li>
+
<li> 29 January 2015 <a href="#CfP2015">Call for Papers SambaXP
2015</a></li>
<li> 16 January 2015 <a href="#4.2.0rc4">Samba 4.2.0rc4 Available for
@@ -18,6 +21,4 @@
<li> 20 October 2014 <a href="#4.1.13">Samba 4.1.13 Available for
Download</a></li>
<li> 15 October 2014 <a href="#4.2.0rc2">Samba 4.2.0rc2 Available for
Download</a></li>
-
- <li> 01 October 2014 <a href="#4.2.0rc1">Samba 4.2.0rc1 Available for
Download</a></li>
</ul>
diff --git a/generated_news/latest_2_bodies.html
b/generated_news/latest_2_bodies.html
index b311860..390bd00 100644
--- a/generated_news/latest_2_bodies.html
+++ b/generated_news/latest_2_bodies.html
@@ -1,3 +1,24 @@
+ <h5><a name="4.1.17">23 February 2015</a></h5>
+ <p class="headline">Samba 4.1.17, 4.0.25 and 3.6.25 <b>Security
+ Releases</b> Available for Download</p>
+ <p>These are security releases in order to address
+ <a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240";>CVE-2015-0240</a>
+ (<b>Unexpected code execution in smbd</b>).
+ </p>
+
+ <p>The uncompressed tarballs and patch files have been signed
+ using GnuPG (ID 6568B7EA).</p>
+ <p>
+ The source code can be downloaded here:
+ <li><a
href="http://samba.org/samba/ftp/stable/samba-4.1.17.tar.gz";>download
+ Samba 4.1.17</a>,</li>
+ <li><a
href="http://samba.org/samba/ftp/stable/samba-4.0.25.tar.gz";>download
+ Samba 4.0.25</a>,</li>
+ <li><a
href="http://samba.org/samba/ftp/stable/samba-3.6.25.tar.gz";>download
+ Samba 3.6.25</a>.</li>
+ </p>
+
+
<h5><a name="CfP2015">29 January 2015</a></h5>
<p class="headline">Call for Papers SambaXP 2015</p>
<p>From May 19th to 21st 2015 developers and users will meet again in
@@ -7,13 +28,3 @@
28th 2015. Please find all necessary information at the
<a href="http://sambaXP.org";>conference site</a>.</p>
- <h5><a name="4.2.0rc4">16 January 2015</a></h5>
- <p class="headline">Samba 4.2.0rc4 Available for Download</p>
- <p>This is the fourth release candidate of the upcoming Samba 4.2
release
- series. It includes the fix for CVE-2014-8143 and other bug fixes.</p>
-
-<p>The uncompressed tarballs and patch files have been signed
-using GnuPG (ID 6568B7EA). The source code can be
-<a
href="https://download.samba.org/pub/samba/rc/samba-4.2.0rc4.tar.gz";>downloaded
-now</a>. See <a
href="https://download.samba.org/pub/samba/rc/WHATSNEW-4.2.0rc4.txt";>
-the release notes for more info</a>.</p>
diff --git a/history/header_history.html b/history/header_history.html
index 59c4ae5..5c2f874 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -10,6 +10,7 @@
<li class="navSub">
<ul>
<li><a
href="/samba/security/CVE-2013-0454.html">CVE-2013-0454</a></li>
+ <li><a href="samba-4.1.17.html">samba-4.1.17</a></li>
<li><a href="samba-4.1.16.html">samba-4.1.16</a></li>
<li><a href="samba-4.1.15.html">samba-4.1.15</a></li>
<li><a href="samba-4.1.14.html">samba-4.1.14</a></li>
@@ -27,6 +28,7 @@
<li><a href="samba-4.1.2.html">samba-4.1.2</a></li>
<li><a href="samba-4.1.1.html">samba-4.1.1</a></li>
<li><a href="samba-4.1.0.html">samba-4.1.0</a></li>
+ <li><a href="samba-4.0.25.html">samba-4.0.25</a></li>
<li><a href="samba-4.0.24.html">samba-4.0.24</a></li>
<li><a href="samba-4.0.23.html">samba-4.0.23</a></li>
<li><a href="samba-4.0.22.html">samba-4.0.22</a></li>
@@ -52,6 +54,7 @@
<li><a href="samba-4.0.2.html">samba-4.0.2</a></li>
<li><a href="samba-4.0.1.html">samba-4.0.1</a></li>
<li><a href="samba-4.0.0.html">samba-4.0.0</a></li>
+ <li><a href="samba-3.6.25.html">samba-3.6.25</a></li>
<li><a href="samba-3.6.24.html">samba-3.6.24</a></li>
<li><a href="samba-3.6.23.html">samba-3.6.23</a></li>
<li><a href="samba-3.6.22.html">samba-3.6.22</a></li>
diff --git a/history/samba-3.6.25.html b/history/samba-3.6.25.html
new file mode 100755
index 0000000..b40ea6b
--- /dev/null
+++ b/history/samba-3.6.25.html
@@ -0,0 +1,65 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 3.6.25 Available for Download</H2>
+
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 3.6.25
+ February 23, 2015
+ ==============================
+
+
+This is a security release in order to address CVE-2015-0240 (Unexpected
+code execution in smbd).
+
+o CVE-2015-0240:
+ All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
+ unexpected code execution vulnerability in the smbd file server
+ daemon.
+
+ A malicious client could send packets that may set up the stack in
+ such a way that the freeing of memory in a subsequent anonymous
+ netlogon packet could allow execution of arbitrary code. This code
+ would execute with root privileges.
+
+o CVE-2014-0178:
+ In preparing a response to an authenticated FSCTL_GET_SHADOW_COPY_DATA
+ or FSCTL_SRV_ENUMERATE_SNAPSHOTS client request, affected versions of
+ Samba do not initialize 8 bytes of the 16 byte SRV_SNAPSHOT_ARRAY
+ response field. The uninitialized buffer is sent back to the client.
+
+ A non-default VFS module providing the get_shadow_copy_data_fn() hook
+ must be explicitly enabled for Samba to process the aforementioned
+ client requests. Therefore, only configurations with "shadow_copy" or
+ "shadow_copy2" specified for the "vfs objects" parameter are vulnerable.
+
+
+Changes since 3.6.24:
+---------------------
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer
+ in netlogon server could lead to security vulnerability.
+
+
+o JiÅà ŠaÅ¡ek <jiri.sa...@oracle.com>
+ * BUG 10549: CVE-2014-0178: Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS
+ response.
+
+
+o Andreas Schneider <a...@samba.org>
+ * BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference
+ a NULL pointer./auth: Make sure that creds_out is initialized with NULL.
+</pre>
+
+</body>
+</html>
diff --git a/history/samba-4.0.25.html b/history/samba-4.0.25.html
new file mode 100755
index 0000000..00420cd
--- /dev/null
+++ b/history/samba-4.0.25.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 4.0.25 Available for Download</H2>
+
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.0.25
+ February 23, 2015
+ ==============================
+
+
+This is a security release in order to address CVE-2015-0240 (Unexpected
+code execution in smbd).
+
+o CVE-2015-0240:
+ All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
+ unexpected code execution vulnerability in the smbd file server
+ daemon.
+
+ A malicious client could send packets that may set up the stack in
+ such a way that the freeing of memory in a subsequent anonymous
+ netlogon packet could allow execution of arbitrary code. This code
+ would execute with root privileges.
+
+
+Changes since 4.0.24:
+---------------------
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer
+ in netlogon server could lead to security vulnerability.
+
+
+o Andreas Schneider <a...@samba.org>
+ * BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference
+ a NULL pointer./auth: Make sure that creds_out is initialized with NULL.
+</pre>
+
+</body>
+</html>
diff --git a/history/samba-4.1.17.html b/history/samba-4.1.17.html
new file mode 100755
index 0000000..800bd0f
--- /dev/null
+++ b/history/samba-4.1.17.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 4.1.17 Available for Download</H2>
+
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.1.17
+ February 23, 2015
+ ==============================
+
+
+This is a security release in order to address CVE-2015-0240 (Unexpected
+code execution in smbd).
+
+o CVE-2015-0240:
+ All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
+ unexpected code execution vulnerability in the smbd file server
+ daemon.
+
+ A malicious client could send packets that may set up the stack in
+ such a way that the freeing of memory in a subsequent anonymous
+ netlogon packet could allow execution of arbitrary code. This code
+ would execute with root privileges.
+
+
+Changes since 4.1.16:
+---------------------
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer
+ in netlogon server could lead to security vulnerability.
+
+
+o Andreas Schneider <a...@samba.org>
+ * BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference
+ a NULL pointer.
+</pre>
+
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 41be446..3fc7c05 100755
--- a/history/security.html
+++ b/history/security.html
@@ -22,6 +22,25 @@ link to full release notes for each release.</p>
</tr>
<tr>
+ <td>23 Feb 2015</td>
+ <td><a
href="/samba/ftp/patches/security/samba-4.1.16-CVE-2015-0240.patch">
+ patch for Samba 4.1.16</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.0.24-CVE-2015-0240.patch">
+ patch for Samba 4.0.24</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.6.24-CVE-2015-0240.patch">
+ patch for Samba 3.6.24</a><br />
+ <a href="/samba/ftp/patches/security/samba-3.5.22-CVE-2015-0240.patch">
+ patch for Samba 3.5.22</a><br />
+ <td>Unexpected code execution in smbd.
+ </td>
+ <td>3.5.0 - 4.2.0rc4</td>
+ <td><a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240";>CVE-2015-0240</a>
+ </td>
+ <td><a href="/samba/security/CVE-2015-0240">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
<td>15 Jan 2015</td>
<td><a
href="/samba/ftp/patches/security/samba-4.1.15-CVE-2014-8143.patch">
patch for Samba 4.1.15</a><br />
diff --git a/security/CVE-2015-0240.html b/security/CVE-2015-0240.html
new file mode 100644
index 0000000..49a33c0
--- /dev/null
+++ b/security/CVE-2015-0240.html
@@ -0,0 +1,73 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2015-0240.html:</H2>
+
+<p>
+<pre>
+===========================================================
+== Subject: Unexpected code execution in smbd.
+==
+== CVE ID#: CVE-2015-0240
+==
+== Versions: Samba 3.5.0 to 4.2.0rc4
+==
+== Summary: Unauthenticated code execution attack on
+== smbd file services.
+==
+===========================================================
+
+===========
+Description
+===========
+
+All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
+unexpected code execution vulnerability in the smbd file server
+daemon.
+
+A malicious client could send packets that may set up the stack in
+such a way that the freeing of memory in a subsequent anonymous
+netlogon packet could allow execution of arbitrary code. This code
+would execute with root privileges.
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 4.2.0rc5, 4.1.17, 4.0.25 and 3.6.25 have been
+issued as security releases to correct the defect. Patches against
+older Samba versions are available at http://samba.org/samba/patches/.
+Samba vendors and administrators running affected versions are advised
+to upgrade or apply the patch as soon as possible.
+
+==========
+Workaround
+==========
+
+On Samba versions 4.0.0 and above, add the line:
+
+rpc_server:netlogon=disabled
+
+to the [global] section of your smb.conf. For Samba versions 3.6.x and
+earlier, this workaround is not available.
+
+=======
+Credits
+=======
+
+This problem was found by Richard van Eeden of Microsoft Vulnerability
+Research, who also provided the fix.
+</pre>
+</body>
+</html>
--
Samba Website Repository
