--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu
Dear release team,
The Samba Team released a security update with a fix for CVE-2013-4124. Please
accept the attached patch for wheezy.
Thanks in advance.
Cheers,
Ivo
diff -Nru samba-3.6.6/debian/changelog samba-3.6.6/debian/changelog
--- samba-3.6.6/debian/changelog 2013-04-15 23:56:50.000000000 +0200
+++ samba-3.6.6/debian/changelog 2013-08-13 21:10:11.000000000 +0200
@@ -1,3 +1,11 @@
+samba (2:3.6.6-6+deb7u1) wheezy; urgency=low
+
+ * Security update
+ * CVE-2013-4124: Denial of service - CPU loop and memory allocation
+ Closes: #718781
+
+ -- Ivo De Decker <ivo.dedecker@ugent.be> Tue, 13 Aug 2013 21:10:11 +0200
+
samba (2:3.6.6-6) unstable; urgency=low
* Team upload.
diff -Nru samba-3.6.6/debian/patches/security-CVE-2013-4124.patch samba-3.6.6/debian/patches/security-CVE-2013-4124.patch
--- samba-3.6.6/debian/patches/security-CVE-2013-4124.patch 1970-01-01 01:00:00.000000000 +0100
+++ samba-3.6.6/debian/patches/security-CVE-2013-4124.patch 2013-08-13 16:59:11.000000000 +0200
@@ -0,0 +1,39 @@
+CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
+server to loop with DOS).
+
+ All current released versions of Samba are vulnerable to a denial of
+ service on an authenticated or guest connection. A malformed packet
+ can cause the smbd server to loop the CPU performing memory
+ allocations and preventing any further service.
+
+ A connection to a file share, or a local account is needed to exploit
+ this problem, either authenticated or unauthenticated if guest
+ connections are allowed.
+
+ This flaw is not exploitable beyond causing the code to loop
+ allocating memory, which may cause the machine to exceed memory
+ limits.
+
+diff -u -r --new-file --exclude .svn --exclude CVS samba-3.6.16/source3/smbd/nttrans.c samba-3.6.17/source3/smbd/nttrans.c
+--- samba-3.6.16/source3/smbd/nttrans.c 2013-06-19 09:35:24.000000000 +0200
++++ samba-3.6.17/source3/smbd/nttrans.c 2013-07-29 20:55:18.000000000 +0200
+@@ -989,7 +989,19 @@
+ if (next_offset == 0) {
+ break;
+ }
++
++ /* Integer wrap protection for the increment. */
++ if (offset + next_offset < offset) {
++ break;
++ }
++
+ offset += next_offset;
++
++ /* Integer wrap protection for while loop. */
++ if (offset + 4 < offset) {
++ break;
++ }
++
+ }
+
+ return ea_list_head;
diff -Nru samba-3.6.6/debian/patches/series samba-3.6.6/debian/patches/series
--- samba-3.6.6/debian/patches/series 2013-01-31 20:53:43.000000000 +0100
+++ samba-3.6.6/debian/patches/series 2013-08-13 16:59:11.000000000 +0200
@@ -24,3 +24,4 @@
0001-ndr-fix-push-pull-DATA_BLOB-with-NDR_NOALIGN.patch
security-CVE-2013-0213.patch
security-CVE-2013-0214.patch
+security-CVE-2013-4124.patch
--- End Message ---
--- Begin Message ---
- To: 719642-close@bugs.debian.org
- Subject: Bug#719642: fixed in libmodplug 1:0.8.8.1-1+squeeze2+git20130828
- From: Zed Pobre <zed@debian.org>
- Date: Sun, 08 Sep 2013 21:02:33 +0000
- Message-id: <E1VIm7t-0004es-6o@franck.debian.org>
Source: libmodplug
Source-Version: 1:0.8.8.1-1+squeeze2+git20130828
We believe that the bug you reported is fixed in the latest version of
libmodplug, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 719642@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Zed Pobre <zed@debian.org> (supplier of updated libmodplug package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 02 Sep 2013 22:22:22 -0400
Source: libmodplug
Binary: libmodplug1 libmodplug-dev
Architecture: source all amd64
Version: 1:0.8.8.1-1+squeeze2+git20130828
Distribution: oldstable-security
Urgency: high
Maintainer: Zed Pobre <zed@debian.org>
Changed-By: Zed Pobre <zed@debian.org>
Description:
libmodplug-dev - development files for mod music based on ModPlug
libmodplug1 - shared libraries for mod music based on ModPlug
Closes: 719642
Changes:
libmodplug (1:0.8.8.1-1+squeeze2+git20130828) oldstable-security; urgency=high
.
* Merge all changes from latest upstream Git repository (0.8.8.4 with
additional patches), including the following security changes:
* CVE-2013-4233: fix integer overflow in load_abc.cpp
* CVE-2013-4234: fix heap overflows in abc_MIDI_drum and abc_MIDI_gchord
* Closes: #719642
Checksums-Sha1:
580dd0b4ddefa22214bede588c9879a68de2bf52 1823 libmodplug_0.8.8.1-1+squeeze2+git20130828.dsc
2fe235e50c4061544ea2ed483589e7ca50b665f2 45463 libmodplug_0.8.8.1-1+squeeze2+git20130828.diff.gz
baba5af7330fc302da4e535949edd7db18bedea1 27282 libmodplug-dev_0.8.8.1-1+squeeze2+git20130828_all.deb
f7e415c9904fee17d719c1af43c2d6bdfdb95f2b 181022 libmodplug1_0.8.8.1-1+squeeze2+git20130828_amd64.deb
Checksums-Sha256:
d880162a280bdf6dff07fd8f1213a79f9500e78b10d30c04d1dd5348a32ee4de 1823 libmodplug_0.8.8.1-1+squeeze2+git20130828.dsc
fc73939b936c8f866560732819ea14a1b455f0f2fcdd2fc20881342d70fea75b 45463 libmodplug_0.8.8.1-1+squeeze2+git20130828.diff.gz
ea3889820ae3991fb28f77bffa0a5cd8391dd1ac323a283b4f363c2d1055cec9 27282 libmodplug-dev_0.8.8.1-1+squeeze2+git20130828_all.deb
0f66cb9b9b50c323a253b75faa5a45362231dbc7e2fc2b9dd4afe1dd70f99a9a 181022 libmodplug1_0.8.8.1-1+squeeze2+git20130828_amd64.deb
Files:
9c5e9a23385f285b40b02dc55d137f00 1823 libs optional libmodplug_0.8.8.1-1+squeeze2+git20130828.dsc
1a8e082bb7802085d4cb7b7e123c7281 45463 libs optional libmodplug_0.8.8.1-1+squeeze2+git20130828.diff.gz
4afd55ecc3b158fd356850c2445bbe82 27282 libdevel optional libmodplug-dev_0.8.8.1-1+squeeze2+git20130828_all.deb
65f36767a1fbe94dff19363de472af31 181022 libs optional libmodplug1_0.8.8.1-1+squeeze2+git20130828_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJSJUvRAAoJEEj0fFjWHGKDp+QQALA3iX4Zx+n/WrTaZLjtW5U/
CADLGjXybEUCwUG7QfpPQqVvqyP8rst4ImKLZCoAch2cFatUtbGUSXk69bX2GXBE
09D52pOcH9tdf7l1nimYQDRzyn40R83gAPn0lcIYAaeMnWwKHv+4ZKUrtoybMXdt
6luuKURp1tnhQZkA5d4+8z1Lh48y1CL4161POqNAYQlD0SPkiWnucrhwbsw8GewW
F5uWA0FbssyQXcFRxfRhtXMfEsYxle9Y/8xlD9rws52lIM0yfoJWr3w5LaKN8+et
98s8NxDPMgjwJwCSJG/t/u7L8hWU4L/DVerg5iR4N3ee8/9p62BAsDGDdp3indSr
ULXBjnJzWHxHJe07t3FloRmS6cpo99koEdkLnYZaDuJh1VjAurE0GK13NVdW9muN
A2rmHcWbpMg9stm1QVOUUSpXMQYl5BfvbWKCS4dMHxIgZ+KLZfjXAphgmqO30WIK
g9UN8Q+8DfTklANSEmJ6n3ixuIS0ZLe7U3UwsoUdRAZY7L83Cd/7QJABrla/cljS
CD9L0CTO7qpJffkbaEESxyGHzKMXpJ9alkT/dQYoZawESW78YXaon3g8Le3A+4/C
HRQWzGzcPj4ImESWPawXBrNkQDn9e0z6d6/gDzuggRzGVce2xXa7vRSNMAJK3WmT
0ipTMRXd1zmNBhVs4tK4
=d5FL
-----END PGP SIGNATURE-----
--- End Message ---