diff options
| author | taca <taca@pkgsrc.org> | 2018-11-29 14:46:46 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2018-11-29 14:46:46 +0000 |
| commit | 9340a5773b81b7665bb3b5bf863f56f53256715d (patch) | |
| tree | 5efb27c7a23b3695ba3c1a5afb176d328ff65b6f /net | |
| parent | 56e2094aeddadec40e7ae7954c15563cb23b8da1 (diff) | |
| download | pkgsrc-9340a5773b81b7665bb3b5bf863f56f53256715d.tar.gz | |
net/samba4: update to 4.9.3
=============================
Release Notes for Samba 4.9.3
November 27, 2018
=============================
This is a security release in order to address the following defects:
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
o CVE-2018-16857 (Bad password count in AD DC not always effective)
=======
Details
=======
o CVE-2018-14629:
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
o CVE-2018-16841:
When configured to accept smart-card authentication, Samba's KDC will call
talloc_free() twice on the same memory if the principal in a validly signed
certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate.
talloc is robust against further corruption from a double-free with
talloc_free() and directly calls abort(), terminating the KDC process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16851:
During the processing of an LDAP search before Samba's AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16852:
During the processing of an DNS zone in the DNS management DCE/RPC server,
the internal DNS server or the Samba DLZ plugin for BIND9, if the
DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
property is set, the server will follow a NULL pointer and terminate.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16853:
A user in a Samba AD domain can crash the KDC when Samba is built in the
non-default MIT Kerberos configuration.
With this advisory we clarify that the MIT Kerberos build of the Samba
AD DC is considered experimental. Therefore the Samba Team will not
issue security patches for this configuration.
o CVE-2018-16857:
AD DC Configurations watching for bad passwords (to restrict brute forcing
of passwords) in a window of more than 3 minutes may not watch for bad
passwords at all.
For more details and workarounds, please refer to the security advisories.
Diffstat (limited to 'net')
| -rw-r--r-- | net/samba4/Makefile | 4 | ||||
| -rw-r--r-- | net/samba4/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/net/samba4/Makefile b/net/samba4/Makefile index 29b5fa529c6..e31118cca65 100644 --- a/net/samba4/Makefile +++ b/net/samba4/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.51 2018/11/23 07:30:02 ryoon Exp $ +# $NetBSD: Makefile,v 1.52 2018/11/29 14:46:46 taca Exp $ DISTNAME= samba-${VERSION} CATEGORIES= net @@ -11,7 +11,7 @@ LICENSE= gnu-gpl-v3 DEPENDS+= ${PYPKGPREFIX}-expat-[0-9]*:../../textproc/py-expat -VERSION= 4.9.2 +VERSION= 4.9.3 CONFLICTS+= ja-samba-[0-9]* tdb-[0-9]* winbind-[0-9]* GCC_REQD+= 4.4 diff --git a/net/samba4/distinfo b/net/samba4/distinfo index 73e81ac16ad..bbc9a154675 100644 --- a/net/samba4/distinfo +++ b/net/samba4/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.19 2018/11/23 07:30:02 ryoon Exp $ +$NetBSD: distinfo,v 1.20 2018/11/29 14:46:46 taca Exp $ -SHA1 (samba-4.9.2.tar.gz) = 3b777a95aed4946717094bbe830279ba5ee2370f -RMD160 (samba-4.9.2.tar.gz) = 4db2cf6684e724514f3ea1eaa7ed93c756f72f28 -SHA512 (samba-4.9.2.tar.gz) = 67de5faeda45e5c245bf02cc195cdf9ca4b63f17625837badf7c50d97250e94de5309c9ef824bd7890bc771b1dc0a3bfbafea09880850b5167f0bf8a8ef488ed -Size (samba-4.9.2.tar.gz) = 18042752 bytes +SHA1 (samba-4.9.3.tar.gz) = 99d9006495aa5d0c4b904ff8ab0b8daf0e694183 +RMD160 (samba-4.9.3.tar.gz) = 830c0052e6704f97e1d3c6d07564e9cb0fc4d928 +SHA512 (samba-4.9.3.tar.gz) = bdcba835857f1f41d47932e5c06cff446301c916b78195124814eac89dfce93f12e6e7aa1b53cfff30fdd12d8ce6409dda4e454d8f26fb7ea8e0a97996f93783 +Size (samba-4.9.3.tar.gz) = 18043670 bytes SHA1 (patch-buildtools_wafsamba_wscript) = 5604936a825675647157331df2333f4237c611f5 SHA1 (patch-dynconfig_wscript) = 4d769a4d07487b5f62c112d3b0095196bb058117 SHA1 (patch-lib_ldb_ldb__mdb_ldb__mdb.c) = 3dcee7618a15058351d488ad003929effa100e41 |