Fine by me. I'll Look at backing porting CVE-2015-7560 to 5.8 stable.
Ian McWilliam On 9 March 2016 at 05:47, Jeremie Courreges-Anglas <[email protected]> wrote: > > Lightly tested. Note that unix extensions = yes is the default. > > ============================== > Release Notes for Samba 4.1.23 > March 8, 2015 > ============================== > > > This is a security release in order to address the following CVEs: > > o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path) > o CVE-2016-0771 (Out-of-bounds read in internal DNS server) > > ======= > Details > ======= > > o CVE-2015-7560: > All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to > a malicious client overwriting the ownership of ACLs using symlinks. > > An authenticated malicious client can use SMB1 UNIX extensions to > create a symlink to a file or directory, and then use non-UNIX SMB1 > calls to overwrite the contents of the ACL on the file or directory > linked to. > > o CVE-2016-0771: > All versions of Samba from 4.0.0 to 4.4.0rc3 inclusive, when deployed as > an AD DC and choose to run the internal DNS server, are vulnerable to an > out-of-bounds read issue during DNS TXT record handling caused by users > with permission to modify DNS records. > > A malicious client can upload a specially constructed DNS TXT record, > resulting in a remote denial-of-service attack. As long as the affected > TXT record remains undisturbed in the Samba database, a targeted DNS > query may continue to trigger this exploit. > > While unlikely, the out-of-bounds read may bypass safety checks and > allow leakage of memory from the server in the form of a DNS TXT reply. > > By default only authenticated accounts can upload DNS records, > as "allow dns updates = secure only" is the default. > Any other value would allow anonymous clients to trigger this > bug, which is a much higher risk. > > > ok? > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/net/samba/Makefile,v > retrieving revision 1.215 > diff -u -p -r1.215 Makefile > --- Makefile 18 Jan 2016 12:10:51 -0000 1.215 > +++ Makefile 8 Mar 2016 18:24:44 -0000 > @@ -1,7 +1,7 @@ > # $OpenBSD: Makefile,v 1.215 2016/01/18 12:10:51 sthen Exp $ > > SHARED_ONLY = Yes > -VERSION = 4.1.22 > +VERSION = 4.1.23 > DISTNAME = samba-${VERSION} > DOCSVERSION = v3-5-test-4c5a1b6b > DISTFILES = ${DISTNAME}${EXTRACT_SUFX} \ > @@ -19,10 +19,8 @@ PKGNAME-tevent = tevent-${TEVENT_V} > PKGNAME-util = samba-util-${VERSION} > PKGNAME-docs = samba-docs-${VERSION} > > -REVISION-main = 0 > -REVISION-ldb = 6 > -REVISION-tevent = 5 > -REVISION-util = 0 > +REVISION-ldb = 7 > +REVISION-tevent = 6 > > PKG_ARCH-docs = * > > Index: distinfo > =================================================================== > RCS file: /cvs/ports/net/samba/distinfo,v > retrieving revision 1.45 > diff -u -p -r1.45 distinfo > --- distinfo 23 Dec 2015 12:37:21 -0000 1.45 > +++ distinfo 8 Mar 2016 16:40:20 -0000 > @@ -1,4 +1,4 @@ > -SHA256 (samba-4.1.22.tar.gz) = > VWOhyUotrIN8z/0fCCG7JeCXr/qnOJ/vGG+c+zSGz+U= > +SHA256 (samba-4.1.23.tar.gz) = > LDMpG/VFS6Bei1/cLFfuAQz0TQd+V6MHrS576frCfNI= > SHA256 (samba-docs-v3-5-test-4c5a1b6b.tar.bz2) = > bsF0WP1KT1M3jMx3Z88MbsEQ1QEq9catijXpnPm7hZA= > -SIZE (samba-4.1.22.tar.gz) = 19557688 > +SIZE (samba-4.1.23.tar.gz) = 19562680 > SIZE (samba-docs-v3-5-test-4c5a1b6b.tar.bz2) = 8070761 > Index: pkg/PLIST-main > =================================================================== > RCS file: /cvs/ports/net/samba/pkg/PLIST-main,v > retrieving revision 1.30 > diff -u -p -r1.30 PLIST-main > --- pkg/PLIST-main 25 Aug 2015 15:38:16 -0000 1.30 > +++ pkg/PLIST-main 8 Mar 2016 18:21:26 -0000 > @@ -730,9 +730,9 @@ lib/python${MODPY_VERSION}/site-packages > lib/python${MODPY_VERSION}/site-packages/samba/tests/gensec.py > lib/python${MODPY_VERSION}/site-packages/samba/tests/gensec.pyc > lib/python${MODPY_VERSION}/site-packages/samba/tests/gensec.pyo > -lib/python${MODPY_VERSION}/site-packages/samba/tests/getopt.py > -lib/python${MODPY_VERSION}/site-packages/samba/tests/getopt.pyc > -lib/python${MODPY_VERSION}/site-packages/samba/tests/getopt.pyo > +lib/python${MODPY_VERSION}/site-packages/samba/tests/get_opt.py > +lib/python${MODPY_VERSION}/site-packages/samba/tests/get_opt.pyc > +lib/python${MODPY_VERSION}/site-packages/samba/tests/get_opt.pyo > lib/python${MODPY_VERSION}/site-packages/samba/tests/hostconfig.py > lib/python${MODPY_VERSION}/site-packages/samba/tests/hostconfig.pyc > lib/python${MODPY_VERSION}/site-packages/samba/tests/hostconfig.pyo > > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE > -- ----------------------------- Ian McWilliam
