The branch, master has been updated via 8767547 NEWS[4.6.6]: Samba 4.6.6, 4.5.12 and 4.4.15 Available for Download via de78c05 history/security.html: use https:// links to cve.mitre.org from 2d24171 Add Samba 4.5.11.
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 87675472f69ecd525a3616a54981ca9247741a09 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 12 11:23:34 2017 +0200 NEWS[4.6.6]: Samba 4.6.6, 4.5.12 and 4.4.15 Available for Download Signed-off-by: Stefan Metzmacher <me...@samba.org> commit de78c05447ee7291ae4b8be60680005ce1b087af Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 12 12:46:23 2017 +0200 history/security.html: use https:// links to cve.mitre.org metze ----------------------------------------------------------------------- Summary of changes: history/header_history.html | 3 + history/samba-4.4.15.html | 52 +++++++ history/samba-4.5.12.html | 52 +++++++ history/samba-4.6.6.html | 52 +++++++ history/security.html | 185 +++++++++++++----------- posted_news/20170712-101055.4.6.6.body.html | 24 +++ posted_news/20170712-101055.4.6.6.headline.html | 3 + security/CVE-2017-11103.html | 89 ++++++++++++ 8 files changed, 374 insertions(+), 86 deletions(-) create mode 100644 history/samba-4.4.15.html create mode 100644 history/samba-4.5.12.html create mode 100644 history/samba-4.6.6.html create mode 100644 posted_news/20170712-101055.4.6.6.body.html create mode 100644 posted_news/20170712-101055.4.6.6.headline.html create mode 100644 security/CVE-2017-11103.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index b6d7d22..03f4f1b 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,12 +9,14 @@ <li><a href="/samba/history/">Release Notes</a> <li class="navSub"> <ul> + <li><a href="samba-4.6.5.html">samba-4.6.6</a></li> <li><a href="samba-4.6.5.html">samba-4.6.5</a></li> <li><a href="samba-4.6.4.html">samba-4.6.4</a></li> <li><a href="samba-4.6.3.html">samba-4.6.3</a></li> <li><a href="samba-4.6.2.html">samba-4.6.2</a></li> <li><a href="samba-4.6.1.html">samba-4.6.1</a></li> <li><a href="samba-4.6.0.html">samba-4.6.0</a></li> + <li><a href="samba-4.5.11.html">samba-4.5.12</a></li> <li><a href="samba-4.5.11.html">samba-4.5.11</a></li> <li><a href="samba-4.5.10.html">samba-4.5.10</a></li> <li><a href="samba-4.5.9.html">samba-4.5.9</a></li> @@ -27,6 +29,7 @@ <li><a href="samba-4.5.2.html">samba-4.5.2</a></li> <li><a href="samba-4.5.1.html">samba-4.5.1</a></li> <li><a href="samba-4.5.0.html">samba-4.5.0</a></li> + <li><a href="samba-4.4.14.html">samba-4.4.15</a></li> <li><a href="samba-4.4.14.html">samba-4.4.14</a></li> <li><a href="samba-4.4.13.html">samba-4.4.13</a></li> <li><a href="samba-4.4.12.html">samba-4.4.12</a></li> diff --git a/history/samba-4.4.15.html b/history/samba-4.4.15.html new file mode 100644 index 0000000..131d15e --- /dev/null +++ b/history/samba-4.4.15.html @@ -0,0 +1,52 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<title>Samba 4.4.15 - Release Notes</title> +</head> +<body> +<H2>Samba 4.4.15 Available for Download</H2> +<p> +<a href="https://download.samba.org/pub/samba/stable/samba-4.4.15.tar.gz">Samba 4.4.15 (gzipped)</a><br> +<a href="https://download.samba.org/pub/samba/stable/samba-4.4.15.tar.asc">Signature</a> +</p> +<p> +<a href="https://download.samba.org/pub/samba/patches/samba-4.4.14-4.4.15.diffs.gz">Patch (gzipped) against Samba 4.4.14</a><br> +<a href="https://download.samba.org/pub/samba/patches/samba-4.4.14-4.4.15.diffs.asc">Signature</a> +</p> +<p> +<pre> + ============================== + Release Notes for Samba 4.4.15 + July 12, 2017 + ============================== + + +This is a security release in order to address the following defect: + +o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass) + +======= +Details +======= + +o CVE-2017-11103 (Heimdal): + All versions of Samba from 4.0.0 onwards using embedded Heimdal + Kerberos are vulnerable to a man-in-the-middle attack impersonating + a trusted server, who may gain elevated access to the domain by + returning malicious replication or authorization data. + + Samba binaries built against MIT Kerberos are not vulnerable. + + +Changes since 4.4.14: +--------------------- + +o Jeffrey Altman <jalt...@secure-endpoints.com> + * BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation + + +</pre> +</p> +</body> +</html> diff --git a/history/samba-4.5.12.html b/history/samba-4.5.12.html new file mode 100644 index 0000000..8791ad1 --- /dev/null +++ b/history/samba-4.5.12.html @@ -0,0 +1,52 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<title>Samba 4.5.12 - Release Notes</title> +</head> +<body> +<H2>Samba 4.5.12 Available for Download</H2> +<p> +<a href="https://download.samba.org/pub/samba/stable/samba-4.5.12.tar.gz">Samba 4.5.12 (gzipped)</a><br> +<a href="https://download.samba.org/pub/samba/stable/samba-4.5.12.tar.asc">Signature</a> +</p> +<p> +<a href="https://download.samba.org/pub/samba/patches/samba-4.5.11-4.5.12.diffs.gz">Patch (gzipped) against Samba 4.5.11</a><br> +<a href="https://download.samba.org/pub/samba/patches/samba-4.5.11-4.5.12.diffs.asc">Signature</a> +</p> +<p> +<pre> + ============================== + Release Notes for Samba 4.5.12 + July 12, 2017 + ============================== + + +This is a security release in order to address the following defect: + +o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass) + +======= +Details +======= + +o CVE-2017-11103 (Heimdal): + All versions of Samba from 4.0.0 onwards using embedded Heimdal + Kerberos are vulnerable to a man-in-the-middle attack impersonating + a trusted server, who may gain elevated access to the domain by + returning malicious replication or authorization data. + + Samba binaries built against MIT Kerberos are not vulnerable. + + +Changes since 4.5.11: +--------------------- + +o Jeffrey Altman <jalt...@secure-endpoints.com> + * BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation + + +</pre> +</p> +</body> +</html> diff --git a/history/samba-4.6.6.html b/history/samba-4.6.6.html new file mode 100644 index 0000000..5d34853 --- /dev/null +++ b/history/samba-4.6.6.html @@ -0,0 +1,52 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<title>Samba 4.6.6 - Release Notes</title> +</head> +<body> +<H2>Samba 4.6.6 Available for Download</H2> +<p> +<a href="https://download.samba.org/pub/samba/stable/samba-4.6.6.tar.gz">Samba 4.6.6 (gzipped)</a><br> +<a href="https://download.samba.org/pub/samba/stable/samba-4.6.6.tar.asc">Signature</a> +</p> +<p> +<a href="https://download.samba.org/pub/samba/patches/samba-4.6.5-4.6.6.diffs.gz">Patch (gzipped) against Samba 4.6.5</a><br> +<a href="https://download.samba.org/pub/samba/patches/samba-4.6.5-4.6.6.diffs.asc">Signature</a> +</p> +<p> +<pre> + ============================= + Release Notes for Samba 4.6.6 + July 12, 2017 + ============================= + + +This is a security release in order to address the following defect: + +o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass) + +======= +Details +======= + +o CVE-2017-11103 (Heimdal): + All versions of Samba from 4.0.0 onwards using embedded Heimdal + Kerberos are vulnerable to a man-in-the-middle attack impersonating + a trusted server, who may gain elevated access to the domain by + returning malicious replication or authorization data. + + Samba binaries built against MIT Kerberos are not vulnerable. + + +Changes since 4.6.5: +--------------------- + +o Jeffrey Altman <jalt...@secure-endpoints.com> + * BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation + + +</pre> +</p> +</body> +</html> diff --git a/history/security.html b/history/security.html index c2081ea..8f8dd63 100755 --- a/history/security.html +++ b/history/security.html @@ -22,13 +22,26 @@ link to full release notes for each release.</p> </tr> <tr> + <td>12 July 2017</td> + <td><a href="/samba/ftp/patches/security/samba-4.x.y-CVE-2017-11103.patch"> + patch for Samba 4.x.y</a><br /> + <td>Orpheus' Lyre mutual authentication validation bypass. + </td> + <td>All versions between Samba 4.0.0 and 4.6.6/4.5.12/4.4.15</td> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103">CVE-2017-11103</a> + </td> + <td><a href="/samba/security/CVE-2017-11103.html">Announcement</a> + </td> + </tr> + + <tr> <td>24 May 2017</td> <td><a href="/samba/ftp/patches/security/samba-4.6.3-4.5.9-4.4.13-CVE-2017-7494.patch"> patch for Samba 4.6.3, 4.5.9, 4.4.13</a><br /> <td>Remote code execution from a writable share. </td> <td>All versions between Samba 3.5.0 and 4.6.4/4.5.10/4.4.14</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494">CVE-2017-7494</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494">CVE-2017-7494</a> </td> <td><a href="/samba/security/CVE-2017-7494.html">Announcement</a> </td> @@ -45,7 +58,7 @@ link to full release notes for each release.</p> <td>Symlink race allows access outside share definition. </td> <td>All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2619">CVE-2017-2619</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2619">CVE-2017-2619</a> </td> <td><a href="/samba/security/CVE-2017-2619.html">Announcement</a> </td> @@ -62,9 +75,9 @@ link to full release notes for each release.</p> <td>Numerous CVEs. Please see the announcements for details. </td> <td>please refer to the advisories</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2123">CVE-2016-2123</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2125">CVE-2016-2125</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2126">CVE-2016-2126</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2123">CVE-2016-2123</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2125">CVE-2016-2125</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2126">CVE-2016-2126</a> </td> <td><a href="/samba/security/CVE-2016-2123.html">Announcement</a>, <a href="/samba/security/CVE-2016-2125.html">Announcement</a>, @@ -83,7 +96,7 @@ link to full release notes for each release.</p> <td>Client side SMB2/3 required signing can be downgraded. </td> <td>4.0.0 - 4.4.4</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119">CVE-2016-2119</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2119">CVE-2016-2119</a> </td> <td><a href="/samba/security/CVE-2016-2119.html">Announcement</a> </td> @@ -104,14 +117,14 @@ link to full release notes for each release.</p> <td>Numerous CVEs. Please see the announcements for details. </td> <td>please refer to the advisories</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370">CVE-2015-5370</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110">CVE-2016-2110</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111">CVE-2016-2111</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112">CVE-2016-2112</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113">CVE-2016-2113</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114">CVE-2016-2114</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115">CVE-2016-2115</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118">CVE-2016-2118</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370">CVE-2015-5370</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110">CVE-2016-2110</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111">CVE-2016-2111</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112">CVE-2016-2112</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113">CVE-2016-2113</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114">CVE-2016-2114</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115">CVE-2016-2115</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118">CVE-2016-2118</a> </td> <td><a href="/samba/security/CVE-2015-5370.html">Announcement</a> <a href="/samba/security/CVE-2016-2110.html">Announcement</a> @@ -135,8 +148,8 @@ link to full release notes for each release.</p> <td>Incorrect ACL get/set allowed on symlink path, Out-of-bounds read in internal DNS server. </td> <td>please refer to the advisories</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7560">CVE-2015-7560</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0771">CVE-2016-0771</a>, + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7560">CVE-2015-7560</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0771">CVE-2016-0771</a>, </td> <td><a href="/samba/security/CVE-2015-7560.html">Announcement</a> <a href="/samba/security/CVE-2016-0771.html">Announcement</a> @@ -156,13 +169,13 @@ link to full release notes for each release.</p> <td>Numerous CVEs. Please see the announcements for details. </td> <td>3.0.0 to 4.3.2</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223">CVE-2015-3223</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252">CVE-2015-5252</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296">CVE-2015-5296</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299">CVE-2015-5299</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330">CVE-2015-5330</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7540">CVE-2015-7540</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8467">CVE-2015-8467</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223">CVE-2015-3223</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252">CVE-2015-5252</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296">CVE-2015-5296</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299">CVE-2015-5299</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330">CVE-2015-5330</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7540">CVE-2015-7540</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8467">CVE-2015-8467</a> </td> <td><a href="/samba/security/CVE-2015-3223.html">Announcement</a> <a href="/samba/security/CVE-2015-5252.html">Announcement</a> @@ -187,7 +200,7 @@ link to full release notes for each release.</p> <td>Unexpected code execution in smbd. </td> <td>3.5.0 - 4.2.0rc4</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240">CVE-2015-0240</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240">CVE-2015-0240</a> </td> <td><a href="/samba/security/CVE-2015-0240.html">Announcement</a> </td> @@ -202,7 +215,7 @@ link to full release notes for each release.</p> <td>Elevation of privilege to Active Directory Domain Controller. </td> <td>4.0.0 - 4.1.15</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143">CVE-2014-8143</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143">CVE-2014-8143</a> </td> <td><a href="/samba/security/CVE-2014-8143.html">Announcement</a> </td> @@ -217,7 +230,7 @@ link to full release notes for each release.</p> <td>Remote code execution in nmbd. </td> <td>4.0.0 - 4.1.10</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560">CVE-2014-3560</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560">CVE-2014-3560</a> </td> <td><a href="/samba/security/CVE-2014-3560.html">Announcement</a> </td> @@ -234,8 +247,8 @@ link to full release notes for each release.</p> <td>Denial of service - CPU loop, Denial of service - Server crash/memory corruption. </td> <td>please refer to the advisories</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244">CVE-2014-0244</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493">CVE-2014-3493</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244">CVE-2014-0244</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493">CVE-2014-3493</a> </td> <td><a href="/samba/security/CVE-2014-0244.html">Announcement</a> <a href="/samba/security/CVE-2014-3493.html">Announcement</a> @@ -253,8 +266,8 @@ link to full release notes for each release.</p> <td>Uninitialized memory exposure, Potential DOS in Samba internal DNS server. </td> <td>please refer to the advisories</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178">CVE-2014-0178</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0239">CVE-2014-0239</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178">CVE-2014-0178</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0239">CVE-2014-0239</a> </td> <td><a href="/samba/security/CVE-2014-0178.html">Announcement</a> <a href="/samba/security/CVE-2014-0239.html">Announcement</a> @@ -273,8 +286,8 @@ link to full release notes for each release.</p> or directory ACL by mistake. </td> <td>please refer to the advisories</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496">CVE-2013-4496</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442">CVE-2013-6442</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496">CVE-2013-4496</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442">CVE-2013-6442</a> </td> <td><a href="/samba/security/CVE-2013-4496.html">Announcement</a> <a href="/samba/security/CVE-2013-6442.html">Announcement</a> @@ -296,8 +309,8 @@ link to full release notes for each release.</p> <td>DCE-RPC fragment length field is incorrectly checked, pam_winbind login without require_membership_of restrictions.</td> <td>please refer to the advisories</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408">CVE-2013-4408</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150">CVE-2012-6150</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408">CVE-2013-4408</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150">CVE-2012-6150</a> </td> <td><a href="/samba/security/CVE-2013-4408.html">Announcement</a> <a href="/samba/security/CVE-2012-6150.html">Announcement</a> @@ -315,8 +328,8 @@ link to full release notes for each release.</p> <td>ACLs are not checked on opening an alternate data stream on a file or directory, Private key in key.pem world readable.</td> <td>3.2.0 - 4.1.0, 4.0.0 - 4.0.10, 4.1.0</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475">CVE-2013-4475</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4476">CVE-2013-4476</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475">CVE-2013-4475</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4476">CVE-2013-4476</a> </td> <td><a href="/samba/security/CVE-2013-4475.html">Announcement</a> <a href="/samba/security/CVE-2013-4476.html">Announcement</a> @@ -334,7 +347,7 @@ link to full release notes for each release.</p> <td>Denial of service - CPU loop and memory allocation.</td> <td>3.0.x-4.0.7</td> <td><a - href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124">CVE-2013-4124</a> + href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124">CVE-2013-4124</a> </td> <td><a href="/samba/security/CVE-2013-4124.html">Announcement</a> </td> @@ -346,7 +359,7 @@ link to full release notes for each release.</p> patch for Samba 3.6.5</a> <td>A writable configured share might get read only</td> <td>3.6.0 - 3.6.5 (inclusive)</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454">CVE-2013-0454</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454">CVE-2013-0454</a> </td> <td><a href="/samba/security/CVE-2013-0454.html">Announcement</a> </td> @@ -359,7 +372,7 @@ link to full release notes for each release.</p> <td>World-writeable files may be created in additional shares on a Samba 4.0 AD DC.</td> <td>4.0.0rc6-4.0.3</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1863">CVE-2013-1863</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1863">CVE-2013-1863</a> </td> <td><a href="/samba/security/CVE-2013-1863.html">Announcement</a> </td> @@ -375,8 +388,8 @@ link to full release notes for each release.</p> patch for Samba 3.5.20</a><br /> <td>Clickjacking issue and potential XSRF in SWAT.</td> <td>3.0.x-4.0.1</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213">CVE-2013-0213</a>, - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214">CVE-2013-0214</a> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213">CVE-2013-0213</a>, + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214">CVE-2013-0214</a> </td> <td><a href="/samba/security/CVE-2013-0213.html">Announcement</a> <a href="/samba/security/CVE-2013-0214.html">Announcement</a> @@ -390,7 +403,7 @@ link to full release notes for each release.</p> <td>Samba 4.0 as an AD DC may provide authenticated users with write access to LDAP directory objects.</td> <td>4.0.0</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0172">CVE-2013-0172</a></td> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0172">CVE-2013-0172</a></td> <td><a href="/samba/security/CVE-2013-0172.html">Announcement</a></td> </tr> @@ -405,7 +418,7 @@ link to full release notes for each release.</p> <td>Incorrect permission checks when granting/removing privileges can compromise file server security.</td> <td>3.4.x-3.6.4</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111">CVE-2012-2111</a></td> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111">CVE-2012-2111</a></td> <td><a href="/samba/security/CVE-2012-2111.html">Announcement</a></td> </tr> @@ -425,7 +438,7 @@ link to full release notes for each release.</p> patch for Samba 3.6.3</a><br /> <td>"root" credential remote code execution</td> <td>all current releases</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182">CVE-2012-1182</a></td> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182">CVE-2012-1182</a></td> <td><a href="/samba/security/CVE-2012-1182.html">Announcement</a></td> </tr> @@ -439,7 +452,7 @@ link to full release notes for each release.</p> patch for Samba 3.3</a><br /> <td>Remote code execution vulnerability in smbd</td> <td>pre-3.4</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0870">CVE-2012-0870</a></td> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0870">CVE-2012-0870</a></td> <td><a href="/samba/security/CVE-2012-0870.html">Announcement</a></td> </tr> @@ -449,7 +462,7 @@ link to full release notes for each release.</p> patch for Samba 3.6.2</a> <td>Memory leak/Denial of service</td> <td>3.6.0-3.6.2</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0817">CVE-2012-0817</a></td> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0817">CVE-2012-0817</a></td> <td><a href="/samba/security/CVE-2012-0817.html">Announcement</a></td> </tr> @@ -463,7 +476,7 @@ link to full release notes for each release.</p> patch for Samba 3.5.9</a><br /> <td>Cross-Site Request Forgery in SWAT</td> <td>all current releases</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522">CVE-2011-2522</a></td> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522">CVE-2011-2522</a></td> <td><a href="/samba/security/CVE-2011-2522.html">Announcement</a></td> </tr> @@ -477,7 +490,7 @@ link to full release notes for each release.</p> patch for Samba 3.5.9</a><br /> <td>Cross-Site Scripting vulnerability in SWAT</td> <td>all current releases</td> - <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694">CVE-2011-2694</a></td> + <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694">CVE-2011-2694</a></td> <td><a href="/samba/security/CVE-2011-2694.html">Announcement</a></td> -- Samba Website Repository