The branch, v4-5-test has been updated via 3de773e VERSION: Bump version up to 4.5.13... via 6e6361e VERSION: Release Samba 4.5.12 for CVE-2017-11103 via 31b6d82 WHATSNEW: Add release notes for Samba 4.5.12 via 229735b CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation from af9d932 VERSION: Bump version up to 4.5.12...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-test - Log ----------------------------------------------------------------- commit 3de773efc3cafeef164f6455f042ea2c941d81fd Author: Stefan Metzmacher <me...@samba.org> Date: Wed Jul 12 13:41:23 2017 +0200 VERSION: Bump version up to 4.5.13... and re-enable GIT_SNAPSHOTS. Signed-off-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 57 +++++++++++++++++++++++++++++++++++++-- source4/heimdal/lib/krb5/ticket.c | 4 +-- 3 files changed, 58 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 5942c84..3439134 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=12 +SAMBA_VERSION_RELEASE=13 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 0c022e7..a519b6c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,57 @@ ============================== + Release Notes for Samba 4.5.12 + July 12, 2017 + ============================== + + +This is a security release in order to address the following defect: + +o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass) + +======= +Details +======= + +o CVE-2017-11103 (Heimdal): + All versions of Samba from 4.0.0 onwards using embedded Heimdal + Kerberos are vulnerable to a man-in-the-middle attack impersonating + a trusted server, who may gain elevated access to the domain by + returning malicious replication or authorization data. + + Samba binaries built against MIT Kerberos are not vulnerable. + + +Changes since 4.5.11: +--------------------- + +o Jeffrey Altman <jalt...@secure-endpoints.com> + * BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + ============================== Release Notes for Samba 4.5.11 July 6, 2017 ============================== @@ -85,8 +138,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================== Release Notes for Samba 4.5.10 diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index 064bbfb..5a317c7 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -641,8 +641,8 @@ _krb5_extract_ticket(krb5_context context, /* check server referral and save principal */ ret = _krb5_principalname2krb5_principal (context, &tmp_principal, - rep->kdc_rep.ticket.sname, - rep->kdc_rep.ticket.realm); + rep->enc_part.sname, + rep->enc_part.srealm); if (ret) goto out; if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){ -- Samba Shared Repository