[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Announce] Samba 4.7.3, 4.6.11 and 4.5.15 Security Releases Available for Download



Hi,

As you can see bellow, two samba CVEs have been un-embargoed.

Current status:
- I've build, tested and uploaded sid,
- I'm currently rebuilding stretch-security (I forgot "-sa").
Salvatore, where should I upload?
- I've build, tested and uploaded jessie-security in embargoed.
Salvatore will handle the DSA.
- I've prepared wheezy-lts. Should I upload?

Regards

Mathieu

2017-11-21 9:38 GMT+01:00 Karolin Seeger via samba-announce
<samba-announce@lists.samba.org>:
> Release Announcements
> ---------------------
>
> These are a security releases in order to address the following defects:
>
> o  CVE-2017-14746 (Use-after-free vulnerability.)
> o  CVE-2017-15275 (Server heap memory information leak.)
>
>
> =======
> Details
> =======
>
> o  CVE-2017-14746:
>    All versions of Samba from 4.0.0 onwards are vulnerable to a use after
>    free vulnerability, where a malicious SMB1 request can be used to
>    control the contents of heap memory via a deallocated heap pointer. It
>    is possible this may be used to compromise the SMB server.
>
> o  CVE-2017-15275:
>    All versions of Samba from 3.6.0 onwards are vulnerable to a heap
>    memory information leak, where server allocated heap memory may be
>    returned to the client without being cleared.
>
>    There is no known vulnerability associated with this error, but
>    uncleared heap memory may contain previously used data that may help
>    an attacker compromise the server via other methods. Uncleared heap
>    memory may potentially contain password hashes or other high-value
>    data.
>
> For more details and workarounds, please see the security advisories:
>
>    o https://www.samba.org/samba/security/CVE-2017-14746.html
>    o https://www.samba.org/samba/security/CVE-2017-15275.html
>
>
> Changes:
> --------
>
> o  Jeremy Allison <jra@samba.org>
>    * BUG 13041: CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug.
>    * BUG 13077: CVE-2017-15275: s3: smbd: Chain code can return uninitialized
>      memory when talloc buffer is grown.
>
>
> #######################################
> Reporting bugs & Development Discussion
> #######################################
>
> Please discuss this release on the samba-technical mailing list or by
> joining the #samba-technical IRC channel on irc.freenode.net.
>
> If you do report problems then please try to send high quality
> feedback. If you don't provide vital information to help us track down
> the problem then you will probably be ignored.  All bug reports should
> be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
> database (https://bugzilla.samba.org/).
>
>
> ======================================================================
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ======================================================================
>
>
>
> ================
> Download Details
> ================
>
> The uncompressed tarballs and patch files have been signed
> using GnuPG (ID 6F33915B6568B7EA).  The source code can be downloaded
> from:
>
>         https://download.samba.org/pub/samba/stable/
>
> The release notes are available online at:
>
>         https://www.samba.org/samba/history/samba-4.7.3.html
>         https://www.samba.org/samba/history/samba-4.6.11.html
>         https://www.samba.org/samba/history/samba-4.5.15.html
>
> Our Code, Our Bugs, Our Responsibility.
> (https://bugzilla.samba.org/)
>
>                         --Enjoy
>                         The Samba Team



-- 
Mathieu


Reply to: