Package: release.debian.org Severity: normal Tags: squeeze User: [email protected] Usertags: pu
Dear release team, The Samba Team released a security update with a fix for CVE-2013-4124. Please accept the attached patch for squeeze. Thanks in advance. Cheers, Ivo
diff -Nru samba-3.5.6~dfsg/debian/changelog samba-3.5.6~dfsg/debian/changelog --- samba-3.5.6~dfsg/debian/changelog 2013-01-31 10:11:53.000000000 +0100 +++ samba-3.5.6~dfsg/debian/changelog 2013-08-13 22:57:15.000000000 +0200 @@ -1,3 +1,15 @@ +samba (2:3.5.6~dfsg-3squeeze10) squeeze; urgency=low + + [ Ivo De Decker ] + * Security update + * CVE-2013-4124: Denial of service - CPU loop and memory allocation + Closes: #718781 + + [ Jeroen Dekkers ] + * Fix rules files to stop parallel build from failing. + + -- Ivo De Decker <[email protected]> Tue, 13 Aug 2013 22:57:15 +0200 + samba (2:3.5.6~dfsg-3squeeze9) stable-security; urgency=high * Security update diff -Nru samba-3.5.6~dfsg/debian/patches/security-CVE-2013-4124.patch samba-3.5.6~dfsg/debian/patches/security-CVE-2013-4124.patch --- samba-3.5.6~dfsg/debian/patches/security-CVE-2013-4124.patch 1970-01-01 01:00:00.000000000 +0100 +++ samba-3.5.6~dfsg/debian/patches/security-CVE-2013-4124.patch 2013-08-13 22:56:31.000000000 +0200 @@ -0,0 +1,39 @@ +CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause +server to loop with DOS). + + All current released versions of Samba are vulnerable to a denial of + service on an authenticated or guest connection. A malformed packet + can cause the smbd server to loop the CPU performing memory + allocations and preventing any further service. + + A connection to a file share, or a local account is needed to exploit + this problem, either authenticated or unauthenticated if guest + connections are allowed. + + This flaw is not exploitable beyond causing the code to loop + allocating memory, which may cause the machine to exceed memory + limits. + +diff -u -r --new-file --exclude .svn --exclude CVS samba-3.6.16/source3/smbd/nttrans.c samba-3.6.17/source3/smbd/nttrans.c +--- samba-3.6.16/source3/smbd/nttrans.c 2013-06-19 09:35:24.000000000 +0200 ++++ samba-3.6.17/source3/smbd/nttrans.c 2013-07-29 20:55:18.000000000 +0200 +@@ -989,7 +989,19 @@ + if (next_offset == 0) { + break; + } ++ ++ /* Integer wrap protection for the increment. */ ++ if (offset + next_offset < offset) { ++ break; ++ } ++ + offset += next_offset; ++ ++ /* Integer wrap protection for while loop. */ ++ if (offset + 4 < offset) { ++ break; ++ } ++ + } + + return ea_list_head; diff -Nru samba-3.5.6~dfsg/debian/patches/series samba-3.5.6~dfsg/debian/patches/series --- samba-3.5.6~dfsg/debian/patches/series 2013-01-31 10:17:33.000000000 +0100 +++ samba-3.5.6~dfsg/debian/patches/series 2013-08-13 22:56:31.000000000 +0200 @@ -35,3 +35,4 @@ debian-changes-2:3.5.6~dfsg-3squeeze8 security-CVE-2013-0213.patch security-CVE-2013-0214.patch +security-CVE-2013-4124.patch diff -Nru samba-3.5.6~dfsg/debian/rules samba-3.5.6~dfsg/debian/rules --- samba-3.5.6~dfsg/debian/rules 2013-01-31 10:07:07.000000000 +0100 +++ samba-3.5.6~dfsg/debian/rules 2013-08-13 22:56:31.000000000 +0200 @@ -91,7 +91,7 @@ touch configure-stamp build: configure build-stamp -build-stamp: +build-stamp: configure dh_testdir $(MAKE) -C source3 samba3-idl
