The branch, master has been updated
via 5fdfb8b NEWS[4.12.4]: Samba 4.12.4, 4.11.11 and 4.10.17 Security
Releases Available
from d6babc0 Add Samba 4.11.10.
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5fdfb8bc3a83c803d01187e4f8414a286d6a70fc
Author: Karolin Seeger <ksee...@samba.org>
Date: Thu Jun 25 12:59:55 2020 +0200
NEWS[4.12.4]: Samba 4.12.4, 4.11.11 and 4.10.17 Security Releases Available
Signed-off-by: Karolin Seeger <ksee...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/header_history.html | 3 +
history/samba-4.10.17.html | 83 ++++++++++++++++++
history/samba-4.11.11.html | 83 ++++++++++++++++++
history/samba-4.12.4.html | 83 ++++++++++++++++++
history/security.html | 25 ++++++
posted_news/20200702-080358.4.12.4.body.html | 42 +++++++++
posted_news/20200702-080358.4.12.4.headline.html | 4 +
security/CVE-2020-10730.html | 86 +++++++++++++++++++
security/CVE-2020-10745.html | 103 +++++++++++++++++++++++
security/CVE-2020-10760.html | 101 ++++++++++++++++++++++
security/CVE-2020-14303.html | 87 +++++++++++++++++++
11 files changed, 700 insertions(+)
create mode 100644 history/samba-4.10.17.html
create mode 100644 history/samba-4.11.11.html
create mode 100644 history/samba-4.12.4.html
create mode 100644 posted_news/20200702-080358.4.12.4.body.html
create mode 100644 posted_news/20200702-080358.4.12.4.headline.html
create mode 100644 security/CVE-2020-10730.html
create mode 100644 security/CVE-2020-10745.html
create mode 100644 security/CVE-2020-10760.html
create mode 100644 security/CVE-2020-14303.html
Changeset truncated at 500 lines:
diff --git a/history/header_history.html b/history/header_history.html
index b0fbbab..f9836a4 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,10 +9,12 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.12.4.html">samba-4.12.4</a></li>
<li><a href="samba-4.12.3.html">samba-4.12.3</a></li>
<li><a href="samba-4.12.2.html">samba-4.12.2</a></li>
<li><a href="samba-4.12.1.html">samba-4.12.1</a></li>
<li><a href="samba-4.12.0.html">samba-4.12.0</a></li>
+ <li><a href="samba-4.11.11.html">samba-4.11.11</a></li>
<li><a href="samba-4.11.10.html">samba-4.11.10</a></li>
<li><a href="samba-4.11.9.html">samba-4.11.9</a></li>
<li><a href="samba-4.11.8.html">samba-4.11.8</a></li>
@@ -24,6 +26,7 @@
<li><a href="samba-4.11.2.html">samba-4.11.2</a></li>
<li><a href="samba-4.11.1.html">samba-4.11.1</a></li>
<li><a href="samba-4.11.0.html">samba-4.11.0</a></li>
+ <li><a href="samba-4.10.17.html">samba-4.10.17</a></li>
<li><a href="samba-4.10.16.html">samba-4.10.16</a></li>
<li><a href="samba-4.10.15.html">samba-4.10.15</a></li>
<li><a href="samba-4.10.14.html">samba-4.10.14</a></li>
diff --git a/history/samba-4.10.17.html b/history/samba-4.10.17.html
new file mode 100644
index 0000000..6e08059
--- /dev/null
+++ b/history/samba-4.10.17.html
@@ -0,0 +1,83 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head>
+<title>Samba 4.10.17 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.10.17 Available for Download</H2>
+<p>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.10.17.tar.gz";>Samba
4.10.17 (gzipped)</a><br>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.10.17.tar.asc";>Signature</a>
+</p>
+<p>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.10.16-4.10.17.diffs.gz";>Patch
(gzipped) against Samba 4.10.16</a><br>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.10.16-4.10.17.diffs.asc";>Signature</a>
+</p>
+<p>
+<pre>
+ ===============================
+ Release Notes for Samba 4.10.17
+ July 02, 2020
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC
+ LDAP Server with ASQ, VLV and paged_results.
+o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
+ excessive CPU
+o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
+ paged_results and VLV.
+o CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
+
+
+=======
+Details
+=======
+
+o CVE-2020-10730:
+ A client combining the 'ASQ' and 'VLV' LDAP controls
can cause a NULL pointer
+ de-reference and further combinations with the LDAP paged_results feature
can
+ give a use-after-free in Samba's AD DC LDAP server.
+
+o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
+ excessive CPU.
+
+o CVE-2020-10760:
+ The use of the paged_results or VLV controls against the Global Catalog LDAP
+ server on the AD DC will cause a use-after-free.
+
+o CVE-2020-14303:
+ The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
+ further requests once it receives an empty (zero-length) UDP packet to
+ port 137.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.10.16
+---------------------
+
+o Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
+ * BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
+ several seconds of CPU each.
+
+o Andrew Bartlett <abart...@samba.org>
+ * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
+ and VLV combined.
+ * BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
+ server with paged_result or VLV.
+ * BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
+ AD DC nbt_server.
+
+o Gary Lockyer <g...@catalyst.net.nz>
+ * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
+ and VLV combined, ldb: Bump version to 1.5.8.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.11.11.html b/history/samba-4.11.11.html
new file mode 100644
index 0000000..323e0d3
--- /dev/null
+++ b/history/samba-4.11.11.html
@@ -0,0 +1,83 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head>
+<title>Samba 4.11.11 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.11.11 Available for Download</H2>
+<p>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.11.11.tar.gz";>Samba
4.11.11 (gzipped)</a><br>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.11.11.tar.asc";>Signature</a>
+</p>
+<p>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.11.10-4.11.11.diffs.gz";>Patch
(gzipped) against Samba 4.11.10</a><br>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.11.10-4.11.11.diffs.asc";>Signature</a>
+</p>
+<p>
+<pre>
+ ===============================
+ Release Notes for Samba 4.11.11
+ July 02, 2020
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC
+ LDAP Server with ASQ, VLV and paged_results.
+o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
+ excessive CPU
+o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
+ paged_results and VLV.
+o CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
+
+
+=======
+Details
+=======
+
+o CVE-2020-10730:
+ A client combining the 'ASQ' and 'VLV' LDAP controls
can cause a NULL pointer
+ de-reference and further combinations with the LDAP paged_results feature
can
+ give a use-after-free in Samba's AD DC LDAP server.
+
+o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
+ excessive CPU.
+
+o CVE-2020-10760:
+ The use of the paged_results or VLV controls against the Global Catalog LDAP
+ server on the AD DC will cause a use-after-free.
+
+o CVE-2020-14303:
+ The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
+ further requests once it receives an empty (zero-length) UDP packet to
+ port 137.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.11.10
+---------------------
+
+o Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
+ * BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
+ several seconds of CPU each.
+
+o Andrew Bartlett <abart...@samba.org>
+ * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
+ and VLV combined.
+ * BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
+ server with paged_result or VLV.
+ * BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
+ AD DC nbt_server.
+
+o Gary Lockyer <g...@catalyst.net.nz>
+ * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
+ and VLV combined, ldb: Bump version to 2.1.4.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.12.4.html b/history/samba-4.12.4.html
new file mode 100644
index 0000000..df0207f
--- /dev/null
+++ b/history/samba-4.12.4.html
@@ -0,0 +1,83 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head>
+<title>Samba 4.12.4 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.12.4 Available for Download</H2>
+<p>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.12.4.tar.gz";>Samba
4.12.4 (gzipped)</a><br>
+<a
href="https://download.samba.org/pub/samba/stable/samba-4.12.4.tar.asc";>Signature</a>
+</p>
+<p>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.12.3-4.12.4.diffs.gz";>Patch
(gzipped) against Samba 4.12.3</a><br>
+<a
href="https://download.samba.org/pub/samba/patches/samba-4.12.3-4.12.4.diffs.asc";>Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.12.4
+ July 02, 2020
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC
+ LDAP Server with ASQ, VLV and paged_results.
+o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
+ excessive CPU
+o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
+ paged_results and VLV.
+o CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
+
+
+=======
+Details
+=======
+
+o CVE-2020-10730:
+ A client combining the 'ASQ' and 'VLV' LDAP controls
can cause a NULL pointer
+ de-reference and further combinations with the LDAP paged_results feature
can
+ give a use-after-free in Samba's AD DC LDAP server.
+
+o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
+ excessive CPU.
+
+o CVE-2020-10760:
+ The use of the paged_results or VLV controls against the Global Catalog LDAP
+ server on the AD DC will cause a use-after-free.
+
+o CVE-2020-14303:
+ The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
+ further requests once it receives an empty (zero-length) UDP packet to
+ port 137.
+
+For more details, please refer to the security advisories.
+
+
+Changes since 4.12.3
+--------------------
+
+o Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
+ * BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
+ several seconds of CPU each.
+
+o Andrew Bartlett <abart...@samba.org>
+ * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
+ and VLV combined.
+ * BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
+ server with paged_result or VLV.
+ * BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
+ AD DC nbt_server.
+
+o Gary Lockyer <g...@catalyst.net.nz>
+ * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
+ and VLV combined, ldb: Bump version to 2.1.4.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index c4be490..3a1e672 100755
--- a/history/security.html
+++ b/history/security.html
@@ -26,6 +26,31 @@ link to full release notes for each release.</p>
<td><em>Details</em></td>
</tr>
+ <tr>
+ <td>02 Jul 2020</td>
+ <td><a
href="/samba/ftp/patches/security/samba-4.12.3-security-2020-07-02.patch">
+ patch for Samba 4.12.3</a><br />
+ <a
href="/samba/ftp/patches/security/samba-4.11.10-security-2020-07-02.patch">
+ patch for Samba 4.11.10</a><br />
+ <a
href="/samba/ftp/patches/security/samba-4.10.16-security-2020-07-02.patch">
+ patch for Samba 4.10.16</a><br />
+ </td>
+ <td>CVE-2020-10730, CVE-2020-10745, CVE-2020-10760 and CVE-2020-14303.
+ Please see announcements for details.
+ </td>
+ <td>Please refer to the advisories.</td>
+ <td><a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10730";>CVE-2020-10730</a>,
+ <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10745";>CVE-2020-10745</a>,
+ <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10760";>CVE-2020-10760</a>,
+ <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14303";>CVE-2020-14303</a>.
+ </td>
+ <td><a href="/samba/security/CVE-2020-10730.html">Announcement</a>,
+ <a href="/samba/security/CVE-2020-10745.html">Announcement</a>,
+ <a href="/samba/security/CVE-2020-10760.html">Announcement</a>,
+ <a href="/samba/security/CVE-2020-14303.html">Announcement</a>
+ </td>
+ </tr>
+
<tr>
<td>28 Apr 2020</td>
<td><a
href="/samba/ftp/patches/security/samba-4.12.1-security-2020-04-28.patch">
diff --git a/posted_news/20200702-080358.4.12.4.body.html
b/posted_news/20200702-080358.4.12.4.body.html
new file mode 100644
index 0000000..0c0aba8
--- /dev/null
+++ b/posted_news/20200702-080358.4.12.4.body.html
@@ -0,0 +1,42 @@
+<!-- BEGIN: posted_news/20200702-080358.4.12.4.body.html -->
+<h5><a name="4.12.4">02 July 2020</a></h5>
+<p class=headline>Samba 4.12.4, 4.11.11 and 4.10.17 Security Releases
Available</p>
+<p>
+These are security releases in order to address
+<a href="/samba/security/CVE-2020-10730.html">CVE-2020-10730</a>
+(NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with
+ASQ, VLV and paged_results).
+<a href="/samba/security/CVE-2020-10745.html">CVE-2020-10745</a>
+(Parsing and packing of NBT and DNS packets can consume excessive CPU).
+<a href="/samba/security/CVE-2020-10760.html">CVE-2020-10760</a>
+(LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV).
+<a href="/samba/security/CVE-2020-14303.html">CVE-2020-14303</a>
+(Empty UDP packet DoS in Samba AD DC nbtd).
+</p>
+<p>
+The uncompressed tarballs have been signed using GnuPG (ID
+6F33915B6568B7EA).</br>
+The 4.12.4 source code can be <a
+href="https://download.samba.org/pub/samba/stable/samba-4.12.4.tar.gz";>downloaded
+now</a>.</br>
+A <a
+href="https://download.samba.org/pub/samba/patches/samba-4.12.3-4.12.4.diffs.gz";>patch
+against Samba 4.12.3</a> is also available.</br>
+See <a href="https://www.samba.org/samba/history/samba-4.12.4.html";>the 4.12.4
+release notes</a> for more info.</br>
+The 4.11.11 source code can be <a
+href="https://download.samba.org/pub/samba/stable/samba-4.11.11.tar.gz";>downloaded
+now</a>.</br>
+A <a
href="https://download.samba.org/pub/samba/patches/samba-4.11.10-4.11.11.diffs.gz";>patch
+against Samba 4.11.10</a> is also available.</br>
+See <a href="https://www.samba.org/samba/history/samba-4.11.11.html";>the
4.11.11
+release notes</a> for more info.</br>
+The 4.10.17 source code can be <a
+href="https://download.samba.org/pub/samba/stable/samba-4.10.17.tar.gz";>downloaded
+now</a>.</br>
+A <a
href="https://download.samba.org/pub/samba/patches/samba-4.10.16-4.10.17.diffs.gz";>patch
+against Samba 4.10.16</a> is also available.<br>
+See <a href="https://www.samba.org/samba/history/samba-4.10.17.html";>the
4.10.17
+release notes</a> for more info.</br>
+</p>
+<!-- END: posted_news/20200702-080358.4.12.4.body.html -->
diff --git a/posted_news/20200702-080358.4.12.4.headline.html
b/posted_news/20200702-080358.4.12.4.headline.html
new file mode 100644
index 0000000..36fadfd
--- /dev/null
+++ b/posted_news/20200702-080358.4.12.4.headline.html
@@ -0,0 +1,4 @@
+<!-- BEGIN: posted_news/20200702-080358.4.12.4.headline.html -->
+<li> 02 July 2020 <a href="#4.12.4">Samba 4.12.4, 4.11.11 and 4.10.17 Security
+Releases Available</a></li>
+<!-- END: posted_news/20200702-080358.4.12.4.headline.html -->
diff --git a/security/CVE-2020-10730.html b/security/CVE-2020-10730.html
new file mode 100644
index 0000000..e79e5e7
--- /dev/null
+++ b/security/CVE-2020-10730.html
@@ -0,0 +1,86 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2020-10730.html
+
+<p>
+<pre>
+===========================================================
+== Subject: NULL pointer de-reference and use-after-free
+== in Samba AD DC LDAP Server with ASQ, VLV and
+== paged_results
+==
+== CVE ID#: CVE-2020-10730
+==
+== Versions: Samba 4.5.0 and later
+==
+== Summary: A client combining the 'ASQ' and 'VLV' LDAP
+== controls can cause a NULL pointer de-reference and
+== further combinations with the LDAP paged_results
+== feature can give a use-after-free in Samba's AD DC
+== LDAP server.
+===========================================================
+
+===========
+Description
+===========
+
+Samba has, since Samba 4.5, supported the VLV Active Directory LDAP
+feature, to allow clients to obtain 'virtual list views' of search
+results against a Samba AD DC using an LDAP control.
+
+The combination of this control, and the ASQ control combines to allow
+an authenticated user to trigger a NULL-pointer de-reference. It is
+also possible to trigger a use-after-free, both as the code is very
+similar to that addressed by CVE-2020-10700 and due to the way
+errors are handled in the dsdb_paged_results module since Samba 4.10.
+
+
+==================
+Patch Availability
+==================
+
+Patches addressing both of these issues have been posted to:
+
+ https://www.samba.org/samba/security/
+
+Additionally, Samba 4.10.17, 4.11.11 and 4.12.4 have been issued
+as security releases to correct the defect. Samba administrators are
+advised to upgrade to these releases or apply the patch as soon
+as possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSS:v3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5)
+
+=========================
+Workaround and mitigation
+=========================
+
+None.
+
+=======
+Credits
+=======
+
+Originally reported by Andrew Bartlett of Catalyst and the Samba Team.
+
+Patches provided by Andrew Bartlett and Gary Lockyer of Catalyst and
+the Samba Team.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>
diff --git a/security/CVE-2020-10745.html b/security/CVE-2020-10745.html
new file mode 100644
index 0000000..ed170a7
--- /dev/null
+++ b/security/CVE-2020-10745.html
@@ -0,0 +1,103 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2020-10745.html
+
+<p>
+<pre>
+===========================================================
+== Subject: Parsing and packing of NBT and DNS packets
--
Samba Website Repository
