Bug#719648: pu: samba/2:3.5.6~dfsg-3squeeze10
Package: release.debian.org
Severity: normal
Tags: squeeze
User: release.debian.org@packages.debian.org
Usertags: pu
Dear release team,
The Samba Team released a security update with a fix for CVE-2013-4124. Please
accept the attached patch for squeeze.
Thanks in advance.
Cheers,
Ivo
diff -Nru samba-3.5.6~dfsg/debian/changelog samba-3.5.6~dfsg/debian/changelog
--- samba-3.5.6~dfsg/debian/changelog 2013-01-31 10:11:53.000000000 +0100
+++ samba-3.5.6~dfsg/debian/changelog 2013-08-13 22:57:15.000000000 +0200
@@ -1,3 +1,15 @@
+samba (2:3.5.6~dfsg-3squeeze10) squeeze; urgency=low
+
+ [ Ivo De Decker ]
+ * Security update
+ * CVE-2013-4124: Denial of service - CPU loop and memory allocation
+ Closes: #718781
+
+ [ Jeroen Dekkers ]
+ * Fix rules files to stop parallel build from failing.
+
+ -- Ivo De Decker <ivo.dedecker@ugent.be> Tue, 13 Aug 2013 22:57:15 +0200
+
samba (2:3.5.6~dfsg-3squeeze9) stable-security; urgency=high
* Security update
diff -Nru samba-3.5.6~dfsg/debian/patches/security-CVE-2013-4124.patch samba-3.5.6~dfsg/debian/patches/security-CVE-2013-4124.patch
--- samba-3.5.6~dfsg/debian/patches/security-CVE-2013-4124.patch 1970-01-01 01:00:00.000000000 +0100
+++ samba-3.5.6~dfsg/debian/patches/security-CVE-2013-4124.patch 2013-08-13 22:56:31.000000000 +0200
@@ -0,0 +1,39 @@
+CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
+server to loop with DOS).
+
+ All current released versions of Samba are vulnerable to a denial of
+ service on an authenticated or guest connection. A malformed packet
+ can cause the smbd server to loop the CPU performing memory
+ allocations and preventing any further service.
+
+ A connection to a file share, or a local account is needed to exploit
+ this problem, either authenticated or unauthenticated if guest
+ connections are allowed.
+
+ This flaw is not exploitable beyond causing the code to loop
+ allocating memory, which may cause the machine to exceed memory
+ limits.
+
+diff -u -r --new-file --exclude .svn --exclude CVS samba-3.6.16/source3/smbd/nttrans.c samba-3.6.17/source3/smbd/nttrans.c
+--- samba-3.6.16/source3/smbd/nttrans.c 2013-06-19 09:35:24.000000000 +0200
++++ samba-3.6.17/source3/smbd/nttrans.c 2013-07-29 20:55:18.000000000 +0200
+@@ -989,7 +989,19 @@
+ if (next_offset == 0) {
+ break;
+ }
++
++ /* Integer wrap protection for the increment. */
++ if (offset + next_offset < offset) {
++ break;
++ }
++
+ offset += next_offset;
++
++ /* Integer wrap protection for while loop. */
++ if (offset + 4 < offset) {
++ break;
++ }
++
+ }
+
+ return ea_list_head;
diff -Nru samba-3.5.6~dfsg/debian/patches/series samba-3.5.6~dfsg/debian/patches/series
--- samba-3.5.6~dfsg/debian/patches/series 2013-01-31 10:17:33.000000000 +0100
+++ samba-3.5.6~dfsg/debian/patches/series 2013-08-13 22:56:31.000000000 +0200
@@ -35,3 +35,4 @@
debian-changes-2:3.5.6~dfsg-3squeeze8
security-CVE-2013-0213.patch
security-CVE-2013-0214.patch
+security-CVE-2013-4124.patch
diff -Nru samba-3.5.6~dfsg/debian/rules samba-3.5.6~dfsg/debian/rules
--- samba-3.5.6~dfsg/debian/rules 2013-01-31 10:07:07.000000000 +0100
+++ samba-3.5.6~dfsg/debian/rules 2013-08-13 22:56:31.000000000 +0200
@@ -91,7 +91,7 @@
touch configure-stamp
build: configure build-stamp
-build-stamp:
+build-stamp: configure
dh_testdir
$(MAKE) -C source3 samba3-idl
Reply to: