ok sthen@ Ian McWilliam
CVE-2015-5370 (Multiple errors in DCE-RPC code)
CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
CVE-2016-2112 (LDAP client and server don't enforce integrity)
CVE-2016-2113 (Missing TLS certificate validation)
CVE-2016-2114 ("server signing = mandatory" not enforced)
CVE-2016-2115 (SMB IPC traffic is not integrity protected)
CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
See https://www.samba.org/samba/history/samba-4.3.8.html for more
information.
i386 build by danj@, ok sthen@
The changelog between 4.1.23 and 4.3.6 is too big to be described here.
The point of updating now is that 4.1.x won't receive updates for the
freshly published security advisories. samba-4.3.8 will follow.
ChangeLog and descriptions of the relevant CVE's:
https://www.samba.org/samba/history/samba-4.1.22.html
This update changed the signature of a few functions in libsamba-util,
so bump the shlib major. Also update Ian's email adress while here.
ok ajacoutot@
Upcoming commits will add additional tweaks.
Many thanks to Vadim Zhukov (who did most of the work), Ian McWilliam
(co-maintainer), Stuart Henderson who provided lots of support and
feedback, Antoine Jacoutot who patiently dealt with my broken diffs,
and more generally all the people involved. Most of the recent work was
done during p2k15 and c2k15.
o Fix possible memory leaks in the Samba master process (bug #8970).
o Fix uninitialized memory read in talloc_free().
o Fix joining of XP Pro workstations to 3.6 DCs (bug #8373).
http://www.samba.org/samba/security/CVE-2012-2111
Samba versions 3.4.x to 3.6.4 inclusive are affected by a
vulnerability that allows arbitrary users to modify privileges on a
file server.
Security checks were incorrectly applied to the Local Security
Authority (LSA) remote proceedure calls (RPC) CreateAccount,
OpenAccount, AddAccountRights and RemoveAccountRights allowing any
authenticated user to modify the privileges database.
This is a serious error, as it means that authenticated users can
connect to the LSA and grant themselves the "take ownership"
privilege. This privilege is used by the smbd file server to grant the
ability to change ownership of a file or directory which means users
could take ownership of files or directories they do not own.
Fixes:
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
From maintainer Ian McWilliam
Note that the default passdb backend has been changed to 'tdbsam'.
See /usr/local/share/doc/samba/README.OpenBSD (or files/README.OpenBSD)
for more information and instructions for people who wish to convert an
existing smbpasswd-based installation.
CVE-2008-1105.
Specifically crafted SMB responses can result in a heap overflow
in the Samba client code. Because the server process, smbd, can
itself act as a client during operations such as printer
notification and domain authentication, this issue affects both
Samba client and server installations.
Feedback from sthen@
ok mbalmer@ sthen@
This fixes the following problems:
o CVE-2007-0452 (Potential Denial of Service bug in smbd)
o CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
o CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)
