[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#863268: marked as done (unblock: samba/2:4.5.8+dfsg-2)

Your message dated Wed, 24 May 2017 16:54:58 +0000
with message-id <E1dDZYo-0004cJ-Uf@respighi.debian.org>
and subject line unblock samba
has caused the Debian Bug report #863268,
regarding unblock: samba/2:4.5.8+dfsg-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
863268: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863268
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package samba

It (only) includes a fix for critical CVE-2017-7494 (rpc_server3: Refuse to
open pipe names with / inside)

Debdiff attached.

Regards

Mathieu Parent

unblock samba/2:4.5.8+dfsg-2

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru samba-4.5.8+dfsg/debian/changelog samba-4.5.8+dfsg/debian/changelog
--- samba-4.5.8+dfsg/debian/changelog	2017-04-01 20:39:17.000000000 +0200
+++ samba-4.5.8+dfsg/debian/changelog	2017-05-18 11:53:47.000000000 +0200
@@ -1,3 +1,9 @@
+samba (2:4.5.8+dfsg-2) unstable; urgency=high
+
+  * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
+
+ -- Mathieu Parent <sathieu@debian.org>  Thu, 18 May 2017 11:53:47 +0200
+
 samba (2:4.5.8+dfsg-1) unstable; urgency=high
 
   * New upstream version
diff -Nru samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch
--- samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch	1970-01-01 01:00:00.000000000 +0100
+++ samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch	2017-05-18 11:53:47.000000000 +0200
@@ -0,0 +1,33 @@
+From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Mon, 8 May 2017 21:40:40 +0200
+Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with /
+ inside
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
+
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+---
+ source3/rpc_server/srv_pipe.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
+index 0633b5f..c3f0cd8 100644
+--- a/source3/rpc_server/srv_pipe.c
++++ b/source3/rpc_server/srv_pipe.c
+@@ -475,6 +475,11 @@ bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax)
+ {
+ 	NTSTATUS status;
+ 
++	if (strchr(pipename, '/')) {
++		DEBUG(1, ("Refusing open on pipe %s\n", pipename));
++		return false;
++	}
++
+ 	if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
+ 		DEBUG(10, ("refusing spoolss access\n"));
+ 		return false;
+-- 
+1.9.1
diff -Nru samba-4.5.8+dfsg/debian/patches/series samba-4.5.8+dfsg/debian/patches/series
--- samba-4.5.8+dfsg/debian/patches/series	2017-04-01 20:39:17.000000000 +0200
+++ samba-4.5.8+dfsg/debian/patches/series	2017-05-18 11:53:47.000000000 +0200
@@ -15,3 +15,4 @@
 Add-documentation-to-systemd-Unit-files.patch
 fix_kill_path_in_units.patch
 nmbd-requires-a-working-network.patch
+CVE-2017-7494.patch

--- End Message ---
--- Begin Message --- 
Unblocked samba.

--- End Message ---
Reply to: