Author: kseeger Date: 2008-11-27 10:58:16 +0000 (Thu, 27 Nov 2008) New Revision: 1247
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1247 Log: Announce Samba 3.0.33 and 3.2.5. Karolin Added: trunk/history/samba-3.0.33.html trunk/history/samba-3.2.5.html trunk/security/CVE-2008-4314.html Modified: trunk/devel/index.html trunk/header_columns.html trunk/history/header_history.html trunk/history/index.html trunk/history/security.html trunk/index.html Changeset: Modified: trunk/devel/index.html =================================================================== --- trunk/devel/index.html 2008-10-15 19:55:15 UTC (rev 1246) +++ trunk/devel/index.html 2008-11-27 10:58:16 UTC (rev 1247) @@ -20,8 +20,8 @@ 3.0.x and 2.2.x versions of Samba, which are no longer in active development. </p> -<p>The latest production release is <em>Samba 3.2.4</em> (<a -href="/samba/history/samba-3.2.4.html">release notes</a> and <a +<p>The latest production release is <em>Samba 3.2.5</em> (<a +href="/samba/history/samba-3.2.5.html">release notes</a> and <a href="/samba/download/">download</a>).</p> <p>With the release of version 3 of the GPL, the Samba Team has decided to @@ -60,12 +60,13 @@ </li> <li> <h4><em>v3-0-test</em></h4> - <p>This is the current branch for 3.0.x development + <p>This is the current branch for 3.0.x maintenance (critical bugfix and security fixes <em>only</em>).</p> </li> <li> <h4><em>v3-0-stable</em></h4> - <p>This branch is not used any longer.</p> + <p>This is the current branch for 3.0.x maintenance releases. + (critical bugfix and security fixes <em>only</em>).</p> </li> <li> <h4><em>v3-2-test</em></h4> Modified: trunk/header_columns.html =================================================================== --- trunk/header_columns.html 2008-10-15 19:55:15 UTC (rev 1246) +++ trunk/header_columns.html 2008-11-27 10:58:16 UTC (rev 1247) @@ -130,16 +130,16 @@ <div class="releases"> <h4>Current Stable Release</h4> <ul> - <li><a href="/samba/ftp/stable/samba-3.2.4.tar.gz">Samba 3.2.4 (gzipped)</a></li> - <li><a href="/samba/history/samba-3.2.4.html">Release Notes</a></li> - <li><a href="/samba/ftp/stable/samba-3.2.4.tar.asc">Signature</a></li> + <li><a href="/samba/ftp/stable/samba-3.2.5.tar.gz">Samba 3.2.5 (gzipped)</a></li> + <li><a href="/samba/history/samba-3.2.5.html">Release Notes</a></li> + <li><a href="/samba/ftp/stable/samba-3.2.5.tar.asc">Signature</a></li> </ul> <h4>Historical</h4> <ul> - <li><a href="/samba/ftp/stable/samba-3.0.32.tar.gz">Samba 3.0.32 (gzipped)</a></li> - <li><a href="/samba/history/samba-3.0.32.html">Release Notes</a></li> - <li><a href="/samba/ftp/stable/samba-3.0.32.tar.asc">Signature</a></li> + <li><a href="/samba/ftp/stable/samba-3.0.33.tar.gz">Samba 3.0.33 (gzipped)</a></li> + <li><a href="/samba/history/samba-3.0.33.html">Release Notes</a></li> + <li><a href="/samba/ftp/stable/samba-3.0.33.tar.asc">Signature</a></li> </ul> <h4>Maintenance</h4> Modified: trunk/history/header_history.html =================================================================== --- trunk/history/header_history.html 2008-10-15 19:55:15 UTC (rev 1246) +++ trunk/history/header_history.html 2008-11-27 10:58:16 UTC (rev 1247) @@ -77,11 +77,13 @@ <div class="notes"> <h6>Release Notes</h6> <ul> + <li><a href="samba-3.2.5.html">samba-3.2.5</a></li> <li><a href="samba-3.2.4.html">samba-3.2.4</a></li> <li><a href="samba-3.2.3.html">samba-3.2.3</a></li> <li><a href="samba-3.2.2.html">samba-3.2.2</a></li> <li><a href="samba-3.2.1.html">samba-3.2.1</a></li> <li><a href="samba-3.2.0.html">samba-3.2.0</a></li> + <li><a href="samba-3.0.33.html">samba-3.0.33</a></li> <li><a href="samba-3.0.32.html">samba-3.0.32</a></li> <li><a href="samba-3.0.31.html">samba-3.0.31</a></li> <li><a href="samba-3.0.30.html">samba-3.0.30</a></li> Modified: trunk/history/index.html =================================================================== --- trunk/history/index.html 2008-10-15 19:55:15 UTC (rev 1246) +++ trunk/history/index.html 2008-11-27 10:58:16 UTC (rev 1247) @@ -6,8 +6,8 @@ <div class="latest"> <ul> - <li>Latest Release — <a href="/samba/#latest">Samba 3.2.4</a></li> - <li>Current Stable Release — <a href="/samba/#latest">Samba 3.2.4</a></li> + <li>Latest Release — <a href="/samba/#latest">Samba 3.2.5</a></li> + <li>Current Stable Release — <a href="/samba/#latest">Samba 3.2.5</a></li> <!-- Second link will point to #stable on this page when current release is a development release --> </ul> </div> Added: trunk/history/samba-3.0.33.html =================================================================== --- trunk/history/samba-3.0.33.html 2008-10-15 19:55:15 UTC (rev 1246) +++ trunk/history/samba-3.0.33.html 2008-11-27 10:58:16 UTC (rev 1247) @@ -0,0 +1,49 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Release Notes Archive</title> +</head> + +<body> + + <H2>Samba 3.0.33 Available for Download</H2> + +<p> +<pre> + ============================== + Release Notes for Samba 3.0.33 + November, 27 2008 + ============================== + + +This is a security release in order to address <a +href="/samba/security/">CVE-2008-4314</a> ("Potential leak of +arbitrary memory contents"). + + o CVE-2008-4314 + Samba 3.0.29 to 3.2.4 can potentially leak + arbitrary memory contents to malicious + clients. + +The original security announcement for this and past advisories can +be found http://www.samba.org/samba/security/ + +###################################################################### +Changes +####### + +Changes since 3.0.32 +-------------------- + + +o Volker Lendecke <[EMAIL PROTECTED]> + * Fix for CVE-2008-4314. +</pre> + +<p>Please refer to the original <a href="/samba/history/samba-3.0.33.html">Samba +3.0.32 Release Notes</a> for more details regarding changes in +previous releases.</p> +</body> +</html> Property changes on: trunk/history/samba-3.0.33.html ___________________________________________________________________ Name: svn:executable + * Added: trunk/history/samba-3.2.5.html =================================================================== --- trunk/history/samba-3.2.5.html 2008-10-15 19:55:15 UTC (rev 1246) +++ trunk/history/samba-3.2.5.html 2008-11-27 10:58:16 UTC (rev 1247) @@ -0,0 +1,48 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Release Notes Archive</title> +</head> + +<body> + + <H2>Samba 3.2.5 Available for Download</H2> + +<p> +<pre> + ============================== + Release Notes for Samba 3.2.5 + November, 27 2008 + ============================== + + +This is a security release in order to address <a +href="/samba/security/">CVE-2008-4314</a> ("Potential leak of +arbitrary memory contents"). + + o CVE-2008-4314 + Samba 3.0.29 to 3.2.4 can potentially leak + arbitrary memory contents to malicious + clients. + +The original security announcement for this and past advisories can +be found http://www.samba.org/samba/security/ + +###################################################################### +Changes +####### + +Changes since 3.2.4 +------------------- + + +o Volker Lendecke <[EMAIL PROTECTED]> + * Fix for CVE-2008-4314. +</pre> +<p>Please refer to the original <a href="/samba/history/samba-3.2.4.html">Samba +3.2.4 Release Notes</a> for more details regarding changes in +previous releases.</p> +</body> +</html> Property changes on: trunk/history/samba-3.2.5.html ___________________________________________________________________ Name: svn:executable + * Modified: trunk/history/security.html =================================================================== --- trunk/history/security.html 2008-10-15 19:55:15 UTC (rev 1246) +++ trunk/history/security.html 2008-11-27 10:58:16 UTC (rev 1247) @@ -22,7 +22,19 @@ </tr> <tr> - <td>27 August 2008</td> + <td>27 Nov 2008</td> + <td><a href="/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch"> + patch for Samba 3.0.32</a> + <a href="/samba/ftp/patches/security/samba-3.2.4-CVE-2008-4314.patch"> + patch for Samba 3.2.4</a></td> + <td>Potential leak of arbitrary memory contents</td> + <td>Samba 3.0.29 - 3.2.4</td> + <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314">CVE-2008-4314</a></td> + <td><a href="/samba/security/CVE-2008-4314.html">Announcement</a></td> + </tr> + + <tr> + <td>27 Aug 2008</td> <td><a href="/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-1.patch"> patch 1 for Samba 3.2.2</a> <a href="/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-2.patch"> Modified: trunk/index.html =================================================================== --- trunk/index.html 2008-10-15 19:55:15 UTC (rev 1246) +++ trunk/index.html 2008-11-27 10:58:16 UTC (rev 1247) @@ -19,7 +19,39 @@ <h2>Current Release</h2> + <h4><a name="latest">27 November 2008</a></h4> + <p class="headline">Samba 3.2.5 Available for Download</p> + + <p>This is a security release to address CVE-2008-4314. The + <a href="/samba/security/CVE-2008-4314">original advisory</a> + is available online. A + <a href="/samba/ftp/patches/security/samba-3.2.5-CVE-2008-4314.patch"> + patch for Samba 3.2.4</a> is available. This security + advisory is applicable from Samba 3.0.29 to 3.2.4. Past security + advisories are available on our <a href="/samba/security/">security page</a>.</p> + + <p>The uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA). The source code can be + <a href="/samba/ftp/stable/samba-3.2.5.tar.gz">downloaded now</a>. + See <a href="/samba/history/samba-3.2.5.html">the release notes for more info</a>.</p> + + <h4>27 November 2008</h4> + <p class="headline">Samba 3.0.33 Available for Download</p> + + <p>This is a security release to address CVE-2008-4314. The + <a href="/samba/security/CVE-2008-4314">original advisory</a> + is available online. A + <a href="/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch"> + patch for Samba 3.0.32</a> is available. This security + advisory is applicable from Samba 3.0.29 to 3.2.4. Past security + advisories are available on our <a href="/samba/security/">security page</a>.</p> + + <p>The uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA). The source code can be + <a href="/samba/ftp/stable/samba-3.0.33.tar.gz">downloaded now</a>. + See <a href="/samba/history/samba-3.0.33.html">the release notes for more info</a>.</p> <h4>2 October 2008</h4> + <p class="headline">Samba 3.3.0pre2 Available for Download</p> <p>Samba 3.3.0pre2 is now available for download. This is a @@ -47,7 +79,7 @@ be made available on a volunteer basis and can be found in the <a href="/samba/ftp/Binary_Packages/">Binary_Packages download area</a>.</p> - <h4><a name="latest">18 September 2008</a></h4> + <h4>18 September 2008</h4> <p class="headline">Samba 3.2.4 Available for Download</p> <p>This is the latest bug fix release for Samba 3.2 and is the Added: trunk/security/CVE-2008-4314.html =================================================================== --- trunk/security/CVE-2008-4314.html 2008-10-15 19:55:15 UTC (rev 1246) +++ trunk/security/CVE-2008-4314.html 2008-11-27 10:58:16 UTC (rev 1247) @@ -0,0 +1,84 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Security Announcement Archive</title> +</head> + +<body> + + <H2>CVE-2008-4314: </H2> + +<p> +<pre> +=========================================================== +== Subject: Potential leak of arbitrary memory contents +== +== CVE ID#: CVE-2008-4314 +== +== Versions: Samba 3.0.29 - 3.2.4 (inclusive) +== +== Summary: Samba 3.0.29 to 3.2.4 can potentially leak +== arbitrary memory contents to malicious +== clients +== +=========================================================== + +=========== +Description +=========== + +Samba 3.0.29 and beyond contain a change to deal with gcc 4 +optimizations. Part of the change modified range checking for client-generated +offsets of secondary trans, trans2 and nttrans requests. These requests are +used to transfer arbitrary amounts of memory from clients to servers and back +using small SMB requests and contain two offsets: One offset (A) pointing into +the PDU sent by the client and one (B) to direct the transferred contents into +the buffer built on the server side. While the range checking for offset (B) is +correct, a cut&paste error lets offset (A) pass completely unchecked against +overflow. + +The buffers passed into trans, trans2 and nttrans undergo higher-level +processing like DCE/RPC requests or listing directories. The missing bounds +check means that a malicious client can make the server do this higher-level +processing on arbitrary memory contents of the smbd process handling the +request. It is unknown if that can be abused to pass arbitrary memory contents +back to the client, but an important barrier is missing from the affected Samba +versions. + + +================== +Patch Availability +================== + +A patch addressing this defect has been posted to + + http://www.samba.org/samba/security/ + +Additionally, Samba 3.2.5 and 3.0.33 have been issued as security +releases to correct the defect. Samba administrators are +advised to upgrade to 3.2.5 (or 3.0.33) or apply the patch as soon +as possible. + + +========== +Workaround +========== + +None. + +======= +Credits +======= + +This flaw was found during a code review internal to the Samba Team. + + +========================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +========================================================== +</pre> +</body> +</html>