[SCM] Samba Shared Repository - branch v3-5-stable updated
The branch, v3-5-stable has been updated via f6b6d3b swat: Use additional nonce on XSRF protection via e9cd100 swat: Use X-Frame-Options header to avoid clickjacking via 4f0de0f WHATSNEW: Prepare release notes for Samba 3.5.21. from 71dbced WHATSNEW: Start release notes for Samba 3.5.21. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable - Log - commit f6b6d3bf9d43d45560d352b76c12fe0c87a16fa3 Author: Kai Blin k...@samba.org Date: Mon Jan 28 23:13:43 2013 +0100 swat: Use additional nonce on XSRF protection If the user had a weak password on the root account of a machine running SWAT, there still was a chance of being targetted by an XSRF on a malicious web site targetting the SWAT setup. Use a random nonce stored in secrets.tdb to close this possible attack window. Thanks to Jann Horn for reporting this issue. Signed-off-by: Kai Blin k...@samba.org Fix bug #9577: CVE-2013-0214: Potential XSRF in SWAT. commit e9cd10049e0b5c1e24e454cc3277eb4bea033dfb Author: Kai Blin k...@samba.org Date: Fri Jan 18 23:11:07 2013 +0100 swat: Use X-Frame-Options header to avoid clickjacking Jann Horn reported a potential clickjacking vulnerability in SWAT where the SWAT page could be embedded into an attacker's page using a frame or iframe and then used to trick the user to change Samba settings. Avoid this by telling the browser to refuse the frame embedding via the X-Frame-Options: DENY header. Signed-off-by: Kai Blin k...@samba.org Fix bug #9576 - CVE-2013-0213: Clickjacking issue in SWAT. commit 4f0de0faf15e2c157ad88800a11648c181d82b65 Author: Karolin Seeger ksee...@samba.org Date: Tue Jan 29 10:49:29 2013 +0100 WHATSNEW: Prepare release notes for Samba 3.5.21. This is a Security Release in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT). Karolin --- Summary of changes: WHATSNEW.txt | 37 +++-- source3/web/cgi.c| 39 ++- source3/web/swat.c |5 - source3/web/swat_proto.h |1 + 4 files changed, 62 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c96f46f..a7766a9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,19 +1,44 @@ == Release Notes for Samba 3.5.21 -, 2013 +January 30, 2013 == -This is the latest stable release of Samba 3.5. - -Major enhancements in Samba 3.5.21 include: - -o - -Changes since 3.5.19: +This is a security release in order to address +CVE-2013-0213 (Clickjacking issue in SWAT) and +CVE-2013-0214 (Potential XSRF in SWAT). + +o CVE-2013-0213: + All current released versions of Samba are vulnerable to clickjacking in the + Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into + a malicious web page via a frame or iframe and then overlaid by other content, + an attacker could trick an administrator to potentially change Samba settings. + + In order to be vulnerable, SWAT must have been installed and enabled + either as a standalone server launched from inetd or xinetd, or as a + CGI plugin to Apache. If SWAT has not been installed or enabled (which + is the default install state for Samba) this advisory can be ignored. + +o CVE-2013-0214: + All current released versions of Samba are vulnerable to a cross-site + request forgery in the Samba Web Administration Tool (SWAT). By guessing a + user's password and then tricking a user who is authenticated with SWAT into + clicking a manipulated URL on a different web page, it is possible to manipulate + SWAT. + + In order to be vulnerable, the attacker needs to know the victim's password. + Additionally SWAT must have been installed and enabled either as a standalone + server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has + not been installed or enabled (which is the default install state for Samba) + this advisory can be ignored. + + +Changes since 3.5.20: - -o Jeremy Allison j...@samba.org +o Kai Blin k...@samba.org +* BUG 9576: CVE-2013-0213: Fix clickjacking issue in SWAT. +* BUG 9577: CVE-2013-0214: Fix potential XSRF in SWAT. ## diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 0c8e9cb..afa2e63 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -45,6 +45,7 @@ static const char *baseurl; static char *pathinfo; static char *C_user;
[SCM] Samba Shared Repository - annotated tag samba-3.5.21 created
The annotated tag, samba-3.5.21 has been created at fd775354f326e343342a744fe6da1e677c657dc2 (tag) tagging f6b6d3bf9d43d45560d352b76c12fe0c87a16fa3 (commit) replaces samba-3.5.20 tagged by Karolin Seeger on Tue Jan 29 12:26:30 2013 +0100 - Log - tag samba-3.5.21 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (GNU/Linux) iD8DBQBRB7HsbzORW2Vot+oRAr2fAJ9UPLEPH7xZHjlNM7oFJsHjZiGNtwCgjmyN 7vjCfXlVB9NQp0smztDgAlY= =tO1T -END PGP SIGNATURE- Kai Blin (2): swat: Use X-Frame-Options header to avoid clickjacking swat: Use additional nonce on XSRF protection Karolin Seeger (3): VERSION: Bump version number up to 3.5.21. WHATSNEW: Start release notes for Samba 3.5.21. WHATSNEW: Prepare release notes for Samba 3.5.21. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via 91f4275 swat: Use additional nonce on XSRF protection via 7122594 swat: Use X-Frame-Options header to avoid clickjacking via 184d5ab WHATSNEW: Prepare release notes for Samba 3.6.12. from 5f8ab89 WHATSNEW: Start release notes for Samba 3.6.12. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit 91f4275873ebeda8f57684f09df67162ae80515a Author: Kai Blin k...@samba.org Date: Mon Jan 28 21:41:07 2013 +0100 swat: Use additional nonce on XSRF protection If the user had a weak password on the root account of a machine running SWAT, there still was a chance of being targetted by an XSRF on a malicious web site targetting the SWAT setup. Use a random nonce stored in secrets.tdb to close this possible attack window. Thanks to Jann Horn for reporting this issue. Signed-off-by: Kai Blin k...@samba.org Fix bug #9577: CVE-2013-0214: Potential XSRF in SWAT. commit 71225948a249f079120282740fcc39fd6faa880e Author: Kai Blin k...@samba.org Date: Fri Jan 18 23:11:07 2013 +0100 swat: Use X-Frame-Options header to avoid clickjacking Jann Horn reported a potential clickjacking vulnerability in SWAT where the SWAT page could be embedded into an attacker's page using a frame or iframe and then used to trick the user to change Samba settings. Avoid this by telling the browser to refuse the frame embedding via the X-Frame-Options: DENY header. Signed-off-by: Kai Blin k...@samba.org Fix bug #9576 - CVE-2013-0213: Clickjacking issue in SWAT. commit 184d5ab26a553ca7ef3f529e90e4dd8c9aded75d Author: Karolin Seeger ksee...@samba.org Date: Tue Jan 29 09:45:06 2013 +0100 WHATSNEW: Prepare release notes for Samba 3.6.12. This is a Security Release in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT). Karolin --- Summary of changes: WHATSNEW.txt | 35 ++- source3/web/cgi.c| 40 ++-- source3/web/swat.c |5 - source3/web/swat_proto.h |1 + 4 files changed, 61 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2f414bc..8d058e3 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,19 +1,44 @@ == Release Notes for Samba 3.6.12 - March 18, 2013 + January 30, 2013 == -This is is the latest stable release of Samba 3.6. - -Major enhancements in Samba 3.6.12 include: +This is a security release in order to address +CVE-2013-0213 (Clickjacking issue in SWAT) and +CVE-2013-0214 (Potential XSRF in SWAT). + +o CVE-2013-0213: + All current released versions of Samba are vulnerable to clickjacking in the + Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into + a malicious web page via a frame or iframe and then overlaid by other content, + an attacker could trick an administrator to potentially change Samba settings. + + In order to be vulnerable, SWAT must have been installed and enabled + either as a standalone server launched from inetd or xinetd, or as a + CGI plugin to Apache. If SWAT has not been installed or enabled (which + is the default install state for Samba) this advisory can be ignored. + +o CVE-2013-0214: + All current released versions of Samba are vulnerable to a cross-site + request forgery in the Samba Web Administration Tool (SWAT). By guessing a + user's password and then tricking a user who is authenticated with SWAT into + clicking a manipulated URL on a different web page, it is possible to manipulate + SWAT. + + In order to be vulnerable, the attacker needs to know the victim's password. + Additionally SWAT must have been installed and enabled either as a standalone + server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has + not been installed or enabled (which is the default install state for Samba) + this advisory can be ignored. -o Changes since 3.6.11: -o Jeremy Allison j...@samba.org +o Kai Blin k...@samba.org +* BUG 9576: CVE-2013-0213: Fix clickjacking issue in SWAT. +* BUG 9577: CVE-2013-0214: Fix potential XSRF in SWAT. ## diff --git a/source3/web/cgi.c b/source3/web/cgi.c index ef1b856..861bc84 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -48,6 +48,7 @@ static const char *baseurl; static char *pathinfo; static char *C_user; static char
[SCM] Samba Shared Repository - annotated tag samba-3.6.12 created
The annotated tag, samba-3.6.12 has been created at 0095b0780a555e86ae041c749d8bb256b66d5eca (tag) tagging 91f4275873ebeda8f57684f09df67162ae80515a (commit) replaces samba-3.6.11 tagged by Karolin Seeger on Tue Jan 29 12:25:48 2013 +0100 - Log - tag samba-3.6.12 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (GNU/Linux) iD8DBQBRB7HPbzORW2Vot+oRAprCAJsGAbtdGy0NV+SWNmpjB+Pe87yJYACfZURm SqngdLC5jmLaeQrrJD4XY2M= =qYlx -END PGP SIGNATURE- Kai Blin (2): swat: Use X-Frame-Options header to avoid clickjacking swat: Use additional nonce on XSRF protection Karolin Seeger (3): VERSION: Bump version number up to 3.6.12. WHATSNEW: Start release notes for Samba 3.6.12. WHATSNEW: Prepare release notes for Samba 3.6.12. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-stable updated
The branch, v4-0-stable has been updated via 1c2abd4 VERSION: Bump version number up to 4.0.2. via 0b40842 WHATSNEW: Update release notes for Samba 4.0.2. via 6762959 swat: Use additional nonce on XSRF protection via 4f24f1c swat: Use X-Frame-Options header to avoid clickjacking from d2e9007 VERSION: Bump version number up to 4.0.1. (CVE-2013-0172) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable - Log - commit 1c2abd4cffe63bdc95449d97c9e823e96de04a8e Author: Karolin Seeger ksee...@samba.org Date: Tue Jan 29 11:11:55 2013 +0100 VERSION: Bump version number up to 4.0.2. Bug 9576 - CVE-2013-0213: Clickjacking issue in SWAT. Bug 9577 - CVE-2013-0214: Potential XSRF in SWAT. Signed-off-by: Karolin Seeger ksee...@samba.org commit 0b4084297fa893eccf4054091bb0a1ba02f57304 Author: Karolin Seeger ksee...@samba.org Date: Tue Jan 29 11:09:41 2013 +0100 WHATSNEW: Update release notes for Samba 4.0.2. Bug 9576 - CVE-2013-0213: Clickjacking issue in SWAT. Bug 9577 - CVE-2013-0214: Potential XSRF in SWAT. Signed-off-by: Karolin Seeger ksee...@samba.org commit 6762959a45bfc78183055162ae583733e589062f Author: Kai Blin k...@samba.org Date: Sun Jan 20 08:58:08 2013 +0100 swat: Use additional nonce on XSRF protection If the user had a weak password on the root account of a machine running SWAT, there still was a chance of being targetted by an XSRF on a malicious web site targetting the SWAT setup. Use a random nonce stored in secrets.tdb to close this possible attack window. Thanks to Jann Horn for reporting this issue. Signed-off-by: Kai Blin k...@samba.org Fix bug #9577 - CVE-2013-0214: Potential XSRF in SWAT. commit 4f24f1c72088867e683bcd2207807ef4da272420 Author: Kai Blin k...@samba.org Date: Fri Jan 18 23:11:07 2013 +0100 swat: Use X-Frame-Options header to avoid clickjacking Jann Horn reported a potential clickjacking vulnerability in SWAT where the SWAT page could be embedded into an attacker's page using a frame or iframe and then used to trick the user to change Samba settings. Avoid this by telling the browser to refuse the frame embedding via the X-Frame-Options: DENY header. Signed-off-by: Kai Blin k...@samba.org Fix bug #9576 - CVE-2013-0213: Clickjacking issue in SWAT. --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 70 - source3/web/cgi.c| 39 - source3/web/swat.c |5 ++- source3/web/swat_proto.h |1 + 5 files changed, 99 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index d7d5459..f1cc2a6 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=1 +SAMBA_VERSION_RELEASE=2 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 5c69ca9..0711f96 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,70 @@ = + Release Notes for Samba 4.0.2 + January 30, 2013 + = + + +This is a security release in order to address +CVE-2013-0213 (Clickjacking issue in SWAT) and +CVE-2013-0214 (Potential XSRF in SWAT). + +o CVE-2013-0213: + All current released versions of Samba are vulnerable to clickjacking in the + Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into + a malicious web page via a frame or iframe and then overlaid by other content, + an attacker could trick an administrator to potentially change Samba settings. + + In order to be vulnerable, SWAT must have been installed and enabled + either as a standalone server launched from inetd or xinetd, or as a + CGI plugin to Apache. If SWAT has not been installed or enabled (which + is the default install state for Samba) this advisory can be ignored. + +o CVE-2013-0214: + All current released versions of Samba are vulnerable to a cross-site + request forgery in the Samba Web Administration Tool (SWAT). By guessing a + user's password and then tricking a user who is authenticated with SWAT into + clicking a manipulated URL on a different web page, it is possible to manipulate + SWAT. + + In order to be vulnerable, the attacker needs to know the victim's password. + Additionally SWAT must have been installed and enabled either as a standalone + server launched from inetd or xinetd, or as a CGI plugin to
[SCM] Samba Shared Repository - annotated tag samba-4.0.2 created
The annotated tag, samba-4.0.2 has been created at 64d15c762b19d98117424a3bbcb451ce09f55e94 (tag) tagging 1c2abd4cffe63bdc95449d97c9e823e96de04a8e (commit) replaces samba-4.0.1 tagged by Karolin Seeger on Tue Jan 29 11:28:54 2013 +0100 - Log - samba: tag release samba-4.0.2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (GNU/Linux) iD8DBQBRB6RubzORW2Vot+oRAmMvAJ91FizNdkPx4rAtacXQ5KEk55AwuwCeJ/Rh iB577cvQ5Z3HhRqv9q4JJYU= =DSGO -END PGP SIGNATURE- Kai Blin (2): swat: Use X-Frame-Options header to avoid clickjacking swat: Use additional nonce on XSRF protection Karolin Seeger (2): WHATSNEW: Update release notes for Samba 4.0.2. VERSION: Bump version number up to 4.0.2. --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via e6160ed Announce Samba 4.0.4, 3.6.12 and 3.5.21. from 3160184 samba-fr moved to hosting at renater http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit e6160ed77a7c41f8cb5dfd7931f11c99d0fa2731 Author: Karolin Seeger ksee...@samba.org Date: Wed Jan 30 09:59:15 2013 +0100 Announce Samba 4.0.4, 3.6.12 and 3.5.21. CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT) Karolin --- Summary of changes: generated_news/latest_10_bodies.html| 49 +--- generated_news/latest_10_headlines.html |4 +- generated_news/latest_2_bodies.html | 52 ++ history/header_history.html |3 + history/samba-3.5.21.html | 59 history/samba-3.6.12.html | 59 history/samba-4.0.2.html| 59 history/security.html | 18 ++ latest_stable_release.html |6 +- security/CVE-2013-0213.html | 80 +++ security/CVE-2013-0214.html | 92 +++ 11 files changed, 456 insertions(+), 25 deletions(-) create mode 100755 history/samba-3.5.21.html create mode 100755 history/samba-3.6.12.html create mode 100755 history/samba-4.0.2.html create mode 100644 security/CVE-2013-0213.html create mode 100644 security/CVE-2013-0214.html Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index a666f9c..e4bc79d 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,43 @@ + h5a name=4.0.230 January 2013/a/h5 + p class=headlineSamba 4.0.2, 3.6.12 and 3.5.21 bSecurity Releases/b Available for Download/p + pThese are security releases in order to address + a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213;CVE-2013-0213/a + (Samba 3.0.x to 4.0.1 (incl.) are affected by a bclickjacking issue in SWAT/b) and br + a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214;CVE-2013-0214 /a + (Samba 3.0.x to 4.0.1 (incl.) are affected by a bpotential XSRF in SWAT/b)./p + +pThe uncompressed tarballs and patch files have been signed +using GnuPG (ID 6568B7EA)./p +p +The source code can be downloaded here: +lia href=http://samba.org/samba/ftp/stable/samba-4.0.2.tar.gz;download +Samba 4.0.2/a,/li +lia href=http://samba.org/samba/ftp/stable/samba-3.6.12.tar.gz;download +Samba 3.6.12/a,/li +lia href=http://samba.org/samba/ftp/stable/samba-3.5.21.tar.gz;download +Samba 3.5.21/a./li +/p + +p +Patches against the parents are also available: +lia href=http://samba.org/samba/ftp/patches/patch-4.0.1-4.0.2.diffs.gz;patch Samba +4.0.1/4.0.2/a,/li +lia href=http://samba.org/samba/ftp/patches/patch-3.6.11-3.6.12.diffs.gz;patch +Samba 3.6.11/3.6.12/a,/li +lia href=http://samba.org/samba/ftp/patches/patch-3.5.20-3.5.21.diffs.gz;patch +Samba 3.5.20/3.5.21/a./li +/p + +p +Please see the release notes for more info: +lia href=http://samba.org/samba/history/samba-4.0.2.html;release notes +Samba 4.0.2/a,/li +lia href=http://samba.org/samba/history/samba-3.6.12.html;release notes +Samba 3.6.12/a,/li +lia href=http://samba.org/samba/history/samba-3.5.21.html;release notes +Samba 3.5.21/a./li +/p + h5a name=3.6.1121 January 2013/a/h5 p class=headlineSamba 3.6.11 Available for Download/p pThis is the latest stable release of the Samba 3.6 series./p @@ -98,12 +138,3 @@ See a href=https://download.samba.org/pub/samba/rc/WHATSNEW-4-0-0rc5.txt;the using GnuPG (ID 6568B7EA). The source code can be a href=http://samba.org/samba/ftp/stable/samba-3.5.19.tar.gz;downloaded now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.5.18-3.5.19.diffs.gz;patch against Samba 3.5.18/a is also available. See a href=http://samba.org/samba/history/samba-3.5.19.html;the release notes for more info/a./p - - h5a name=4.0.0rc430 October 2012/a/h5 - p class=headlineSamba 4.0.0rc4 Available for Download/p - pThis is the fourth release candidate of the Samba 4.0 series./p - -pThe uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=https://download.samba.org/pub/samba/rc/samba-4.0.0rc4.tar.gz;downloaded now/a. -See a href=https://download.samba.org/pub/samba/rc/WHATSNEW-4-0-0rc4.txt;the release notes for more info/a./p diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index 492893b..4d5c638 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,6 @@ ul +
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via fecbc7c Add missing description to the security page. from e6160ed Announce Samba 4.0.4, 3.6.12 and 3.5.21. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit fecbc7c5764a22978353c52e956a464202266f87 Author: Karolin Seeger ksee...@samba.org Date: Wed Jan 30 10:08:01 2013 +0100 Add missing description to the security page. Karolin --- Summary of changes: history/security.html |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/history/security.html b/history/security.html index 2df2d4e..06a3257 100755 --- a/history/security.html +++ b/history/security.html @@ -29,7 +29,7 @@ link to full release notes for each release./p patch for Samba 3.6.11/a a href=/samba/ftp/patches/security/samba-3.5.20-CVE-2013-0213-CVE-2013-0214.patch patch for Samba 3.5.20/a - td/td + tdClickjacking issue and potential XSRF in SWAT./td td3.0.x-4.0.1/td tda href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213;CVE-2013-0213/a, a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214;CVE-2013-0214/a -- Samba Website Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 2d8c6de WHATSNEW: Start release notes for Samba 3.6.13. via a9f770e VERSION: Bump version number up to 3.6.13. via a36370e swat: Use additional nonce on XSRF protection via 4eb9c2d swat: Use X-Frame-Options header to avoid clickjacking via 02396c3 WHATSNEW: Prepare release notes for Samba 3.6.12. from 022e1d8 Fix bug #9585 - Samba 3.6.x not correctly signing any but the last response in a compound request/response http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 2d8c6de869b88d3c8c9313290ee285c419fec58a Author: Karolin Seeger ksee...@samba.org Date: Wed Jan 30 11:42:53 2013 +0100 WHATSNEW: Start release notes for Samba 3.6.13. Karolin commit a9f770e65876fbcfd3967a893dbd1f0770d2789a Author: Karolin Seeger ksee...@samba.org Date: Wed Jan 30 11:42:18 2013 +0100 VERSION: Bump version number up to 3.6.13. Karolin commit a36370e6d511da8d9e77c845778cce7fa627b994 Author: Kai Blin k...@samba.org Date: Mon Jan 28 21:41:07 2013 +0100 swat: Use additional nonce on XSRF protection If the user had a weak password on the root account of a machine running SWAT, there still was a chance of being targetted by an XSRF on a malicious web site targetting the SWAT setup. Use a random nonce stored in secrets.tdb to close this possible attack window. Thanks to Jann Horn for reporting this issue. Signed-off-by: Kai Blin k...@samba.org Fix bug #9577: CVE-2013-0214: Potential XSRF in SWAT. (cherry picked from commit 91f4275873ebeda8f57684f09df67162ae80515a) commit 4eb9c2d365e9238566f1155e1db440b7c92da4bb Author: Kai Blin k...@samba.org Date: Fri Jan 18 23:11:07 2013 +0100 swat: Use X-Frame-Options header to avoid clickjacking Jann Horn reported a potential clickjacking vulnerability in SWAT where the SWAT page could be embedded into an attacker's page using a frame or iframe and then used to trick the user to change Samba settings. Avoid this by telling the browser to refuse the frame embedding via the X-Frame-Options: DENY header. Signed-off-by: Kai Blin k...@samba.org Fix bug #9576 - CVE-2013-0213: Clickjacking issue in SWAT. (cherry picked from commit 71225948a249f079120282740fcc39fd6faa880e) commit 02396c30db14db3c5177431e48d81202467b9e60 Author: Karolin Seeger ksee...@samba.org Date: Tue Jan 29 09:45:06 2013 +0100 WHATSNEW: Prepare release notes for Samba 3.6.12. This is a Security Release in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT). Karolin (cherry picked from commit 184d5ab26a553ca7ef3f529e90e4dd8c9aded75d) --- Summary of changes: WHATSNEW.txt | 79 ++--- source3/VERSION |2 +- source3/web/cgi.c| 40 +++ source3/web/swat.c |5 ++- source3/web/swat_proto.h |1 + 5 files changed, 105 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2f414bc..d5b94c3 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,19 +1,20 @@ == - Release Notes for Samba 3.6.12 - March 18, 2013 + Release Notes for Samba 3.6.13 + March 18, 2013 == This is is the latest stable release of Samba 3.6. -Major enhancements in Samba 3.6.12 include: +Major enhancements in Samba 3.6.13 include: -o +o -Changes since 3.6.11: + +Changes since 3.6.12: -o Jeremy Allison j...@samba.org +o ## @@ -39,6 +40,72 @@ Release notes for older releases follow: == + Release Notes for Samba 3.6.12 + January 30, 2013 + == + + +This is a security release in order to address +CVE-2013-0213 (Clickjacking issue in SWAT) and +CVE-2013-0214 (Potential XSRF in SWAT). + +o CVE-2013-0213: + All current released versions of Samba are vulnerable to clickjacking in the + Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into + a malicious web page via a frame or iframe and then overlaid by other content, + an attacker could trick an administrator to potentially change Samba settings. + + In order to be vulnerable, SWAT must have been installed and enabled + either as a standalone server launched from inetd or xinetd,
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via 07eb335 WHATSNEW: Start release notes for Samba 3.6.13. via 4128d35 VERSION: Bump version number up to 3.6.13. from 91f4275 swat: Use additional nonce on XSRF protection http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit 07eb335759f27cb4f80d644634369661f64809ea Author: Karolin Seeger ksee...@samba.org Date: Wed Jan 30 11:42:53 2013 +0100 WHATSNEW: Start release notes for Samba 3.6.13. Karolin (cherry picked from commit 2d8c6de869b88d3c8c9313290ee285c419fec58a) commit 4128d35c1d0e914d37234fe5ff3b25e616ee4f77 Author: Karolin Seeger ksee...@samba.org Date: Wed Jan 30 11:42:18 2013 +0100 VERSION: Bump version number up to 3.6.13. Karolin (cherry picked from commit a9f770e65876fbcfd3967a893dbd1f0770d2789a) --- Summary of changes: WHATSNEW.txt| 46 -- source3/VERSION |2 +- 2 files changed, 45 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8d058e3..d5b94c3 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,45 @@ == + Release Notes for Samba 3.6.13 + March 18, 2013 + == + + +This is is the latest stable release of Samba 3.6. + +Major enhancements in Samba 3.6.13 include: + +o + + +Changes since 3.6.12: + + +o + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.6 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + +Release notes for older releases follow: + + + == Release Notes for Samba 3.6.12 January 30, 2013 == @@ -60,8 +101,9 @@ database (https://bugzilla.samba.org/). == The Samba Team == -Release notes for older releases follow: - + +-- + == Release Notes for Samba 3.6.11 diff --git a/source3/VERSION b/source3/VERSION index c36d474..ab58022 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=12 +SAMBA_VERSION_RELEASE=13 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-stable updated
The branch, v3-5-stable has been updated via 81aa6c38 VERSION: Bump Version number up to 3.5.22. from f6b6d3b swat: Use additional nonce on XSRF protection http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable - Log - commit 81aa6c38f50ee67e47987b0acfb3f9b8e728cc58 Author: Karolin Seeger ksee...@samba.org Date: Wed Jan 30 11:48:43 2013 +0100 VERSION: Bump Version number up to 3.5.22. Karolin --- Summary of changes: source3/VERSION |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/VERSION b/source3/VERSION index bdf294e..8f0d025 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=21 +SAMBA_VERSION_RELEASE=22 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 4eadddc VERSION: Bump version number up to 4.0.3. via baacf3e Merge commit 'samba-4.0.2' into v4-0-test via 1c2abd4 VERSION: Bump version number up to 4.0.2. via 0b40842 WHATSNEW: Update release notes for Samba 4.0.2. via 6762959 swat: Use additional nonce on XSRF protection via 4f24f1c swat: Use X-Frame-Options header to avoid clickjacking from 7ba52a1 Regression test for bug #9571 - Unlink after open causes smbd to panic http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 4eadddcfecc22fd2d5b71a0e2d019aa8d201d735 Author: Karolin Seeger ksee...@samba.org Date: Wed Jan 30 11:55:47 2013 +0100 VERSION: Bump version number up to 4.0.3. Signed-off-by: Karolin Seeger ksee...@samba.org Karolin commit baacf3e951628be656c2a624f683db53a6bbfdca Merge: 7ba52a12bb930cfaddc3092cac291e4f7d503c05 1c2abd4cffe63bdc95449d97c9e823e96de04a8e Author: Karolin Seeger ksee...@samba.org Date: Wed Jan 30 11:54:45 2013 +0100 Merge commit 'samba-4.0.2' into v4-0-test --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 70 - source3/web/cgi.c| 39 - source3/web/swat.c |5 ++- source3/web/swat_proto.h |1 + 5 files changed, 99 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index e3efbd7..8f3a310 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=2 +SAMBA_VERSION_RELEASE=3 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 5c69ca9..0711f96 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,70 @@ = + Release Notes for Samba 4.0.2 + January 30, 2013 + = + + +This is a security release in order to address +CVE-2013-0213 (Clickjacking issue in SWAT) and +CVE-2013-0214 (Potential XSRF in SWAT). + +o CVE-2013-0213: + All current released versions of Samba are vulnerable to clickjacking in the + Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into + a malicious web page via a frame or iframe and then overlaid by other content, + an attacker could trick an administrator to potentially change Samba settings. + + In order to be vulnerable, SWAT must have been installed and enabled + either as a standalone server launched from inetd or xinetd, or as a + CGI plugin to Apache. If SWAT has not been installed or enabled (which + is the default install state for Samba) this advisory can be ignored. + +o CVE-2013-0214: + All current released versions of Samba are vulnerable to a cross-site + request forgery in the Samba Web Administration Tool (SWAT). By guessing a + user's password and then tricking a user who is authenticated with SWAT into + clicking a manipulated URL on a different web page, it is possible to manipulate + SWAT. + + In order to be vulnerable, the attacker needs to know the victim's password. + Additionally SWAT must have been installed and enabled either as a standalone + server launched from inetd or xinetd, or as a CGI plugin to Apache. If SWAT has + not been installed or enabled (which is the default install state for Samba) + this advisory can be ignored. + + +Changes since 4.0.1: + + +o Kai Blin k...@samba.org +* BUG 9576: CVE-2013-0213: Fix clickjacking issue in SWAT. +* BUG 9577: CVE-2013-0214: Fix potential XSRF in SWAT. + + +### +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.0 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + = Release Notes for Samba 4.0.1
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7b0b1d6 smbd: Fix a typo via fa06414 smbd: Fix a typo from 394622e s3:winbindd: change getpwsid() to return a passwd struct for a group sid id-mapped with ID_TYPE_BOTH http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7b0b1d6d48d31a729f0ad176a8b53f8c3a8d2d16 Author: Volker Lendecke v...@samba.org Date: Wed Jan 30 15:53:27 2013 +0100 smbd: Fix a typo Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Christian Ambach a...@samba.org Autobuild-User(master): Christian Ambach a...@samba.org Autobuild-Date(master): Wed Jan 30 18:21:19 CET 2013 on sn-devel-104 commit fa064140edf13c16085acf061d781fa06abfce3b Author: Volker Lendecke v...@samba.org Date: Tue Jan 15 13:17:00 2013 +0100 smbd: Fix a typo Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Christian Ambach a...@samba.org --- Summary of changes: source3/lib/server_mutex.c |2 +- source3/smbd/process.c |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/server_mutex.c b/source3/lib/server_mutex.c index 619fbd0..41da0a1 100644 --- a/source3/lib/server_mutex.c +++ b/source3/lib/server_mutex.c @@ -29,7 +29,7 @@ may (in certain situations) cause connections to be reset, or access to be denied. - This locking allows smbd's mutlithread architecture to look + This locking allows smbd's multithread architecture to look like the single-connection that NT makes. */ struct named_mutex { diff --git a/source3/smbd/process.c b/source3/smbd/process.c index a02aeda..0d815f1 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -88,7 +88,7 @@ static bool smbd_lock_socket_internal(struct smbd_server_connection *sconn) return false; } - DEBUG(10,(pid[%d] got for socket lock\n, (int)getpid())); + DEBUG(10,(pid[%d] got socket lock\n, (int)getpid())); return true; } -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via c7b8e48 Update Sirius details from fecbc7c Add missing description to the security page. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit c7b8e48c4fa3b33d9e2fc9bd4ea262715ffece71 Author: Lars Müller l...@samba.org Date: Wed Jan 30 21:41:18 2013 +0100 Update Sirius details --- Summary of changes: support/uk.html | 11 +-- 1 files changed, 9 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/support/uk.html b/support/uk.html index 03f9e14..7628b3e 100644 --- a/support/uk.html +++ b/support/uk.html @@ -96,13 +96,20 @@ Sirius Corporation plc Rivermead House, Hamm Moor Lane Weybridge, Surrey, KT15 2SF -a href=http://www.siriusit.co.uk;http://www.siriusit.co.uk/a +a href=http://www.siriusopensource.com/samba-support;http://www.siriusopensource.com/samba-support/a 0870 608 0063 a href=mailto:i...@siriusit.co.uk;i...@siriusit.co.uk/a OR a href=mailto:sa...@siriusit.co.uk;sa...@siriusit.co.uk/a Kelly Flitter /small/pre p -We specialise in Open Source software. We provide consultancy services, training, support and managed services. +Sirius is the UK's leading open source services provider. Genuine +24/7/365 operation, and specialising in support, managed services, +outsourcing, consultancy, deployment and training. Trusted to look +after thousands of machines responsible for billions of pounds, euros +and dollars of business value. Sirius designs, builds, supports and +manages Samba systems since 1998 for diverse clients from Schools to +Specsavers, London Financial Institution to Local Authorities. Garages +to Governments. /pp Specialty samba capabilities: Enterprise deployment, Integration with policy based desktops, Integration with clients from XP to Windows 7, up to 24/7 technical support. /p -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 48d954b Fix the compound tests to correctly pass against Windows when run with --signing=required. via 1624d83 Add new function smbXcli_session_copy(), to be used when creating compound SMB2 requests. from 7b0b1d6 smbd: Fix a typo http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 48d954b90e6aa14721d236180df959a038416672 Author: Jeremy Allison j...@samba.org Date: Mon Jan 28 16:52:11 2013 -0800 Fix the compound tests to correctly pass against Windows when run with --signing=required. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.org Autobuild-User(master): Richard Sharpe sha...@samba.org Autobuild-Date(master): Thu Jan 31 03:53:55 CET 2013 on sn-devel-104 commit 1624d83fdeb675ee4032f5d3cabcf86d5b05a3cb Author: Jeremy Allison j...@samba.org Date: Mon Jan 28 16:51:25 2013 -0800 Add new function smbXcli_session_copy(), to be used when creating compound SMB2 requests. Copies the signing state needed to make client compound requests work on signed connections. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com --- Summary of changes: libcli/smb/smbXcli_base.c | 27 +++ libcli/smb/smbXcli_base.h |2 ++ source4/torture/smb2/compound.c | 12 ++-- 3 files changed, 35 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index c547515..421e884 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -4482,6 +4482,33 @@ struct smbXcli_session *smbXcli_session_create(TALLOC_CTX *mem_ctx, return session; } +struct smbXcli_session *smbXcli_session_copy(TALLOC_CTX *mem_ctx, + struct smbXcli_session *src) +{ + struct smbXcli_session *session; + + session = talloc_zero(mem_ctx, struct smbXcli_session); + if (session == NULL) { + return NULL; + } + session-smb2 = talloc_zero(session, struct smb2cli_session); + if (session-smb2 == NULL) { + talloc_free(session); + return NULL; + } + + session-conn = src-conn; + *session-smb2 = *src-smb2; + session-smb2_channel = src-smb2_channel; + session-disconnect_expired = src-disconnect_expired; + + DLIST_ADD_END(src-conn-sessions, session, struct smbXcli_session *); + talloc_set_destructor(session, smbXcli_session_destructor); + + return session; +} + + NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session, TALLOC_CTX *mem_ctx, DATA_BLOB *key) diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h index b720bc6..f7b60d3 100644 --- a/libcli/smb/smbXcli_base.h +++ b/libcli/smb/smbXcli_base.h @@ -260,6 +260,8 @@ NTSTATUS smbXcli_negprot(struct smbXcli_conn *conn, struct smbXcli_session *smbXcli_session_create(TALLOC_CTX *mem_ctx, struct smbXcli_conn *conn); +struct smbXcli_session *smbXcli_session_copy(TALLOC_CTX *mem_ctx, + struct smbXcli_session *src); NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session, TALLOC_CTX *mem_ctx, DATA_BLOB *key); diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c index e75f682..4a47e14 100644 --- a/source4/torture/smb2/compound.c +++ b/source4/torture/smb2/compound.c @@ -92,8 +92,8 @@ static bool test_compound_related1(struct torture_context *tctx, 0, /* capabilities */ 0 /* maximal_access */); - tree-session-smbXcli = smbXcli_session_create(tree-session, - tree-session-transport-conn); + tree-session-smbXcli = smbXcli_session_copy(tree-session, + tree-session-smbXcli); smb2cli_session_set_id_and_flags(tree-session-smbXcli, UINT64_MAX, 0); req[1] = smb2_close_send(tree, cl); @@ -171,8 +171,8 @@ static bool test_compound_related2(struct torture_context *tctx, 0, /* capabilities */ 0 /* maximal_access */); - tree-session-smbXcli = smbXcli_session_create(tree-session, - tree-session-transport-conn); + tree-session-smbXcli = smbXcli_session_copy(tree-session, +