Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package samba It (only) includes a fix for critical CVE-2017-7494 (rpc_server3: Refuse to open pipe names with / inside) Debdiff attached. Regards Mathieu Parent unblock samba/2:4.5.8+dfsg-2 -- System Information: Debian Release: 9.0 APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system)
diff -Nru samba-4.5.8+dfsg/debian/changelog samba-4.5.8+dfsg/debian/changelog --- samba-4.5.8+dfsg/debian/changelog 2017-04-01 20:39:17.000000000 +0200 +++ samba-4.5.8+dfsg/debian/changelog 2017-05-18 11:53:47.000000000 +0200 @@ -1,3 +1,9 @@ +samba (2:4.5.8+dfsg-2) unstable; urgency=high + + * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside + + -- Mathieu Parent <[email protected]> Thu, 18 May 2017 11:53:47 +0200 + samba (2:4.5.8+dfsg-1) unstable; urgency=high * New upstream version diff -Nru samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch --- samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch 1970-01-01 01:00:00.000000000 +0100 +++ samba-4.5.8+dfsg/debian/patches/CVE-2017-7494.patch 2017-05-18 11:53:47.000000000 +0200 @@ -0,0 +1,33 @@ +From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001 +From: Volker Lendecke <[email protected]> +Date: Mon, 8 May 2017 21:40:40 +0200 +Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with / + inside + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780 + +Signed-off-by: Volker Lendecke <[email protected]> +Reviewed-by: Jeremy Allison <[email protected]> +Reviewed-by: Stefan Metzmacher <[email protected]> +--- + source3/rpc_server/srv_pipe.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c +index 0633b5f..c3f0cd8 100644 +--- a/source3/rpc_server/srv_pipe.c ++++ b/source3/rpc_server/srv_pipe.c +@@ -475,6 +475,11 @@ bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax) + { + NTSTATUS status; + ++ if (strchr(pipename, '/')) { ++ DEBUG(1, ("Refusing open on pipe %s\n", pipename)); ++ return false; ++ } ++ + if (lp_disable_spoolss() && strequal(pipename, "spoolss")) { + DEBUG(10, ("refusing spoolss access\n")); + return false; +-- +1.9.1 diff -Nru samba-4.5.8+dfsg/debian/patches/series samba-4.5.8+dfsg/debian/patches/series --- samba-4.5.8+dfsg/debian/patches/series 2017-04-01 20:39:17.000000000 +0200 +++ samba-4.5.8+dfsg/debian/patches/series 2017-05-18 11:53:47.000000000 +0200 @@ -15,3 +15,4 @@ Add-documentation-to-systemd-Unit-files.patch fix_kill_path_in_units.patch nmbd-requires-a-working-network.patch +CVE-2017-7494.patch
