![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / net / samba4
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: pkgsrc-2020Q3
Revision 1.109.2.1 / (download) - annotate - [select for diffs], Sun Nov 1 10:50:52 2020 UTC (3 years, 5 months ago) by bsiegert
Branch: pkgsrc-2020Q3
Changes since 1.109: +2 -2
lines
Diff to previous 1.109 (colored) next main 1.110 (colored)
Pullup ticket #6361 - requested by taca
net/samba4: security fix
Revisions pulled up:
- net/samba4/Makefile 1.110
- net/samba4/distinfo 1.53
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Oct 30 07:17:16 UTC 2020
Modified Files:
pkgsrc/net/samba4: Makefile distinfo
Log Message:
net/samba4: update to 4.12.9
Summary from NEWS files:
Samba 4.12.9 (2020-10-29)
o CVE-2020-14318:
The SMB1/2/3 protocols have a concept of "ChangeNotify", where a client can
request file name notification on a directory handle when a condition such as
"new file creation" or "file size change" or "file timestamp update" occurs.
A missing permissions check on a directory handle requesting ChangeNotify
meant that a client with a directory handle open only for
FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change
notify replies from the server. These replies contain information that should
not be available to directory handles open for FILE_READ_ATTRIBUTE only.
o CVE-2020-14323:
winbind in version 3.6 and later implements a request to translate multiple
Windows SIDs into names in one request. This was done for performance
reasons: Active Directory domain controllers can do multiple SID to name
translations in one RPC call. It was an obvious extension to also offer this
batch operation on the winbind unix domain stream socket that is available to
local processes on the Samba server to reduce network round-trips to the
domain controller.
Due to improper input validation a hand-crafted packet can make winbind
perform a NULL pointer dereference and thus crash.
o CVE-2020-14383:
Some DNS records (such as MX and NS records) usually contain data in the
additional section. Samba's dnsserver RPC pipe (which is an administrative
interface not used in the DNS server itself) made an error in handling the
case where there are no records present: instead of noticing the lack of
records, it dereferenced uninitialised memory, causing the RPC server to
crash. This RPC server, which also serves protocols other than dnsserver,
will be restarted after a short delay, but it is easy for an authenticated
non-admin attacker to crash it again as soon as it returns. The Samba DNS
server itself will continue to operate, but many RPC services will not.
Samba 4.12.8 (2020-10-07)
Changes since 4.12.7
--------------------
o Guenther Deschner <gd@samba.org>
* BUG 14318: docs: Add missing winexe manpage.
o Volker Lendecke <vl@samba.org>
* BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
response.
o Laurent Menase <laurent.menase@hpe.com>
* BUG 14388: winbind: Fix a memleak.
o Stefan Metzmacher <metze@samba.org>
* BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
response.
* BUG 14482: Compilation of heimdal tree fails if libbsd is not installed.
o Christof Schmitt <cs@samba.org>
* BUG 14166: util: Allow symlinks in directory_create_or_exist.
o Andreas Schneider <asn@samba.org>
* BUG 14399: waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS >
3.6.14.
* BUG 14467: s3:smbd: Fix %U substitutions if it contains a domain name.
o Martin Schwenke <martin@meltin.net>
* BUG 14466: ctdb disable/enable can fail due to race condition.
Revision 1.109 / (download) - annotate - [select for diffs], Sat Sep 19 14:00:54 2020 UTC (3 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base
Branch point for: pkgsrc-2020Q3
Changes since 1.108: +2 -3
lines
Diff to previous 1.108 (colored)
net/samba4: update to 4.12.7
Update samba4 package to 4.12.7.
==============================
Release Notes for Samba 4.12.7
September 18, 2020
==============================
This is a security release in order to address the following defect:
o CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon").
The following applies to Samba used as domain controller only (most
seriously the Active Directory DC, but also the classic/NT4-style DC).
Installations running Samba as a file server only are not directly
affected by this flaw, though they may need configuration changes to
continue to talk to domain controllers (see "file servers and domain
members" below).
The netlogon protocol contains a flaw that allows an authentication
bypass. This was reported and patched by Microsoft as CVE-2020-1472.
Since the bug is a protocol level flaw, and Samba implements the
protocol, Samba is also vulnerable.
However, since version 4.8 (released in March 2018), the default
behaviour of Samba has been to insist on a secure netlogon channel,
which is a sufficient fix against the known exploits. This default is
equivalent to having 'server schannel = yes' in the smb.conf.
Therefore versions 4.8 and above are not vulnerable unless they have
the smb.conf lines 'server schannel = no' or 'server schannel = auto'.
Samba versions 4.7 and below are vulnerable unless they have 'server
schannel = yes' in the smb.conf.
Note each domain controller needs the correct settings in its smb.conf.
Vendors supporting Samba 4.7 and below are advised to patch their
installations and packages to add this line to the [global] section if
their smb.conf file.
The 'server schannel = yes' smb.conf line is equivalent to Microsoft's
'FullSecureChannelProtection=1' registry key, the introduction of
which we understand forms the core of Microsoft's fix.
Some domains employ third-party software that will not work with a
'server schannel = yes'. For these cases patches are available that
allow specific machines to use insecure netlogon. For example, the
following smb.conf:
server schannel = yes
server require schannel:triceratops$ = no
server require schannel:greywacke$ = no
will allow only "triceratops$" and "greywacke$" to avoid schannel.
More details can be found here:
https://www.samba.org/samba/security/CVE-2020-1472.html