The branch, master has been updated
via fc934b0 NEWS[4.10.5]: Samba 4.10.5 and 4.9.9 Security Releases
Available
from 2ef25dd Include link to IRC page
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fc934b084fd7e8dd9592f770163e9aec54e9c796
Author: Karolin Seeger <[email protected]>
Date: Fri Jun 14 10:36:52 2019 +0200
NEWS[4.10.5]: Samba 4.10.5 and 4.9.9 Security Releases Available
Signed-off-by: Karolin Seeger <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
history/header_history.html | 2 +
history/samba-4.10.5.html | 59 +++++++++++++++
history/samba-4.9.9.html | 52 ++++++++++++++
history/security.html | 18 +++++
posted_news/20190617-072935.4.10.5.body.html | 30 ++++++++
posted_news/20190617-072935.4.10.5.headline.html | 3 +
security/CVE-2019-12435.html | 83 +++++++++++++++++++++
security/CVE-2019-12436.html | 91 ++++++++++++++++++++++++
8 files changed, 338 insertions(+)
create mode 100644 history/samba-4.10.5.html
create mode 100644 history/samba-4.9.9.html
create mode 100644 posted_news/20190617-072935.4.10.5.body.html
create mode 100644 posted_news/20190617-072935.4.10.5.headline.html
create mode 100644 security/CVE-2019-12435.html
create mode 100644 security/CVE-2019-12436.html
Changeset truncated at 500 lines:
diff --git a/history/header_history.html b/history/header_history.html
index 15a3c50..fa2267e 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,11 +9,13 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.10.5.html">samba-4.10.5</a></li>
<li><a href="samba-4.10.4.html">samba-4.10.4</a></li>
<li><a href="samba-4.10.3.html">samba-4.10.3</a></li>
<li><a href="samba-4.10.2.html">samba-4.10.2</a></li>
<li><a href="samba-4.10.1.html">samba-4.10.1</a></li>
<li><a href="samba-4.10.0.html">samba-4.10.0</a></li>
+ <li><a href="samba-4.9.9.html">samba-4.9.9</a></li>
<li><a href="samba-4.9.8.html">samba-4.9.8</a></li>
<li><a href="samba-4.9.7.html">samba-4.9.7</a></li>
<li><a href="samba-4.9.6.html">samba-4.9.6</a></li>
diff --git a/history/samba-4.10.5.html b/history/samba-4.10.5.html
new file mode 100644
index 0000000..a32cae7
--- /dev/null
+++ b/history/samba-4.10.5.html
@@ -0,0 +1,59 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head>
+<title>Samba 4.10.5 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.10.5 Available for Download</H2>
+<p>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.10.5.tar.gz";>Samba
4.10.5 (gzipped)</a><br>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.10.5.tar.asc";>Signature</a>
+</p>
+<p>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.10.4-4.10.5.diffs.gz";>Patch
(gzipped) against Samba 4.10.4</a><br>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.10.4-4.10.5.diffs.asc";>Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.10.5
+ June 19, 2019
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server
+ (dnsserver))
+o CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches))
+
+=======
+Details
+=======
+
+o CVE-2019-12435:
+ An authenticated user can crash the Samba AD DC's RPC server process
via a
+ NULL pointer dereference.
+
+o CVE-2019-12436:
+ An user with read access to the directory can cause a NULL pointer
+ dereference using the paged search control.
+
+For more details and workarounds, please refer to the security advisories.
+
+
+Changes since 4.10.4:
+---------------------
+
+o Douglas Bagnall <[email protected]>
+ * BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
+ in DnssrvOperation2.
+ * BUG 13951: CVE-2019-12436 dsdb/paged_results: Ignore successful results
+ without messages.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.9.9.html b/history/samba-4.9.9.html
new file mode 100644
index 0000000..ffd9378
--- /dev/null
+++ b/history/samba-4.9.9.html
@@ -0,0 +1,52 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head>
+<title>Samba 4.9.9 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.9.9 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.9.9.tar.gz";>Samba
4.9.9 (gzipped)</a><br>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.9.9.tar.asc";>Signature</a>
+</p>
+<p>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.9.8-4.9.9.diffs.gz";>Patch
(gzipped) against Samba 4.9.8</a><br>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.9.8-4.9.9.diffs.asc";>Signature</a>
+</p>
+<p>
+<pre>
+ =============================
+ Release Notes for Samba 4.9.9
+ June 19, 2019
+ =============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server
+ (dnsserver))
+
+=======
+Details
+=======
+
+o CVE-2019-12435:
+ An authenticated user can crash the Samba AD DC's RPC server process
via a
+ NULL pointer dereference.
+
+For more details and workarounds, please refer to the security advisory.
+
+
+Changes since 4.9.8:
+--------------------
+
+o Douglas Bagnall <[email protected]>
+ * BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
+ in DnssrvOperation2.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index a8b216e..ad8ab8f 100755
--- a/history/security.html
+++ b/history/security.html
@@ -26,6 +26,24 @@ link to full release notes for each release.</p>
<td><em>Details</em></td>
</tr>
+ <tr>
+ <td>19 Jun 2019</td>
+ <td><a
href="/samba/ftp/patches/security/samba-4.10.4-security-2019-06-19.patch">
+ patch for Samba 4.10.4 (both CVEs)</a><br />
+ <a
href="/samba/ftp/patches/security/samba-4.9.8-security-2019-06-19.patch">
+ patch for Samba 4.9.8 (CVE-2019-12435 only)</a><br />
+ </td>
+ <td>CVE-2019-12435 and CVE-2019-12436. Please see the announcements for
details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12435";>CVE-2019-12435</a>,
+ <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12436";>CVE-2019-12436</a>
+ </td>
+ <td><a href="/samba/security/CVE-2019-12435.html">Announcement</a>,
+ <a href="/samba/security/CVE-2019-12436.html">Announcement</a>
+ </td>
+ </tr>
+
<tr>
<td>14 May 2019</td>
<td><a
href="/samba/ftp/patches/security/samba-4.10.2-security-2019-05-14.patch">
diff --git a/posted_news/20190617-072935.4.10.5.body.html
b/posted_news/20190617-072935.4.10.5.body.html
new file mode 100644
index 0000000..2d3ed9b
--- /dev/null
+++ b/posted_news/20190617-072935.4.10.5.body.html
@@ -0,0 +1,30 @@
+<!-- BEGIN: posted_news/20190617-072935.4.10.5.body.html -->
+<h5><a name="4.10.5">19 June 2019</a></h5>
+<p class=headline>Samba 4.10.5 and 4.9.9 Security Releases Available</p>
+<p>
+These are security releases in order to address <a
href="/samba/security/CVE-2019-12435.html">CVE-2019-12435</a>
+(Samba AD DC Denial of Service in DNS management server (dnsserver)) (4.9.9.
and
+4.10.5) and <a href="/samba/security/CVE-2019-12436.html">CVE-2019-12436</a>
(Samba AD DC
+LDAP server crash (paged searches) (4.10.5 only).
+</p>
+<p>
+The uncompressed tarballs have been signed using GnuPG (ID 6F33915B6568B7EA).
+<p>
+The
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.10.5.tar.gz";>4.10.5
+source code</a> can be downloaded now</a>.<br />
+A <a
href="https://download.samba.org/pub/samba/patches/samba-4.10.4-4.10.5.diffs.gz";>patch
+against Samba 4.10.4</a> is also available.<br />
+See the <a href="https://www.samba.org/samba/history/samba-4.10.5.html";>4.10.5
+release notes</a> for more info.
+</p>
+<p>
+The <a
href="https://download.samba.org/pub/samba/stable/samba-4.9.9.tar.gz";>4.9.9
+source code</a> can be downloaded now</a>.<br />
+A <a
href="https://download.samba.org/pub/samba/patches/samba-4.9.8-4.9.9.diffs.gz";>patch
+against Samba 4.9.8</a> is also available.<br />
+See the <a href="https://www.samba.org/samba/history/samba-4.9.9.html";>4.9.9
+release notes</a> for more info.
+</p>
+</p>
+<!-- END: posted_news/20190617-072935.4.10.5.body.html -->
diff --git a/posted_news/20190617-072935.4.10.5.headline.html
b/posted_news/20190617-072935.4.10.5.headline.html
new file mode 100644
index 0000000..3c50cc8
--- /dev/null
+++ b/posted_news/20190617-072935.4.10.5.headline.html
@@ -0,0 +1,3 @@
+<!-- BEGIN: posted_news/20190617-072935.4.10.5.headline.html -->
+<li> 19 June 2019 <a href="#4.10.5">Samba 4.10.5 and 4.9.9 Security Releases
Available</a></li>
+<!-- END: posted_news/20190617-072935.4.10.5.headline.html -->
diff --git a/security/CVE-2019-12435.html b/security/CVE-2019-12435.html
new file mode 100644
index 0000000..1424d84
--- /dev/null
+++ b/security/CVE-2019-12435.html
@@ -0,0 +1,83 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2019-12435.html
+
+<p>
+<pre>
+===========================================================
+== Subject: Samba AD DC Denial of Service in DNS management server
(dnsserver)
+==
+== CVE ID#: CVE-2019-12435
+==
+== Versions: Samba 4.9 and 4.10
+==
+== Summary: An authenticated user can crash the Samba AD DC's
+ RPC server process via a NULL pointer de-reference.
+
+===========================================================
+
+===========
+Description
+===========
+
+The (poorly named) dnsserver RPC pipe provides administrative
+facilities to modify DNS records and zones.
+
+An authenticated user can crash the RPC server process via a NULL
+pointer de-reference.
+
+There is no further vulnerability associated with this issue, merely a
+denial of service.
+
+==================
+Patch Availability
+==================
+
+Patches addressing both these issues have been posted to:
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 4.9.9 and 4.10.5 have been issued as security
+releases to correct the defect. Samba administrators are advised to
+upgrade to these releases or apply the patch as soon as possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5)
+
+==========
+Workaround
+==========
+
+The dnsserver task can be stopped by setting
+ 'dcerpc endpoint servers = -dnsserver'
+in the smb.conf and restarting Samba.
+
+=======
+Credits
+=======
+
+Originally reported by Coverity as CID 1418127, and triaged by Douglas
+Bagnall of Catalyst and the Samba Team.
+
+Advisory by Andrew Bartlett of Catalyst and the Samba Team.
+
+Patches provided by Douglas Bagnall of Catalyst and the Samba Team.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>
diff --git a/security/CVE-2019-12436.html b/security/CVE-2019-12436.html
new file mode 100644
index 0000000..b2210d4
--- /dev/null
+++ b/security/CVE-2019-12436.html
@@ -0,0 +1,91 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2019-12436.html
+
+<p>
+<pre>
+===========================================================
+== Subject: Samba AD DC LDAP server crash (paged searches)
+==
+== CVE ID#: CVE-2019-12436
+==
+== Versions: All versions of Samba since Samba 4.10.0
+==
+== Summary: A user with read access to the directory can
+ cause a NULL pointer dereference using the
+ paged search control.
+===========================================================
+
+===========
+Description
+===========
+
+A user with read access to the LDAP server can crash the LDAP
+server process. Depending on the Samba version and the choice
+of process model, this may crash only the user's own connection.
+
+Specifically, while in Samba 4.10 the default is for one process per
+connected client, site-specific configuration trigger can change
+this.
+
+Samba 4.10 also supports the 'prefork' process model and by
+using the -M option to 'samba' and a 'single' process model.
+Both of these share on process between multiple clients.
+
+NOTE WELL: the original report on this issue to the Samba Team
+suggested a correlation between this NULL pointer dereference with
+access to the \\DC\homes share on an AD DC, including a persistent
+service failure. The Samba Team has been unable to corroborate this
+failure mode, and has instead focused on addressing the original
+issue.
+
+==================
+Patch Availability
+==================
+
+Patches addressing both these issues have been posted to:
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 4.10.5 has been issued as a security release to
+correct the defect. Samba administrators are advised to upgrade to
+this release or apply the patch as soon as possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSS:3.0/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5)
+
+==========
+Workaround
+==========
+
+Return to the default configuration by running 'samba' with -M
+standard, however this may consume more memory and would not address
+the \\DC\homes issue.
+
+=======
+Credits
+=======
+
+Originally reported by Zombie Ryushu.
+
+Patches provided by Douglas Bagnall of Catalyst and the Samba team.
+Advisory written by Andrew Bartlett of Catalyst and the Samba team.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>
--
Samba Website Repository
