[Pkg-samba-maint] [samba] 01/04: Imported Upstream version 3.6.17
Ivo De Decker
idd-guest at alioth.debian.org
Mon Aug 5 13:21:03 UTC 2013
This is an automated email from the git hooks/post-receive script.
idd-guest pushed a commit to branch master
in repository samba.
commit 89a44be530118e4d3b55148bf150168fa9ce0e29
Author: Ivo De Decker <ivo.dedecker at ugent.be>
Date: Mon Aug 5 13:29:48 2013 +0200
Imported Upstream version 3.6.17
---
WHATSNEW.txt | 62 ++++++++++++++++++++++++++++++++++++----
packaging/RHEL-CTDB/samba.spec | 2 +-
packaging/RHEL/makerpms.sh | 2 +-
packaging/RHEL/samba.spec | 2 +-
source3/VERSION | 2 +-
source3/include/version.h | 4 +--
source3/smbd/nttrans.c | 12 ++++++++
7 files changed, 74 insertions(+), 12 deletions(-)
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 0e6f7ce..4291736 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,59 @@
==============================
+ Release Notes for Samba 3.6.17
+ August 05, 2013
+ ==============================
+
+
+This is a security release in order to address
+CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
+server to loop with DOS).
+
+o CVE-2013-4124:
+ All current released versions of Samba are vulnerable to a denial of
+ service on an authenticated or guest connection. A malformed packet
+ can cause the smbd server to loop the CPU performing memory
+ allocations and preventing any further service.
+
+ A connection to a file share, or a local account is needed to exploit
+ this problem, either authenticated or unauthenticated if guest
+ connections are allowed.
+
+ This flaw is not exploitable beyond causing the code to loop
+ allocating memory, which may cause the machine to exceed memory
+ limits.
+
+
+Changes since 3.6.16:
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list
+ reading can cause server to loop with DOS.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.6 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
Release Notes for Samba 3.6.16
June 19, 2013
==============================
@@ -63,13 +118,8 @@ be filed under the Samba 3.6 product in the project's Bugzilla
database (https://bugzilla.samba.org/).
-======================================================================
-== Our Code, Our Bugs, Our Responsibility.
-== The Samba Team
-======================================================================
+----------------------------------------------------------------------
-Release notes for older releases follow:
-----------------------------------------
==============================
Release Notes for Samba 3.6.15
diff --git a/packaging/RHEL-CTDB/samba.spec b/packaging/RHEL-CTDB/samba.spec
index 90455d8..96a15c4 100644
--- a/packaging/RHEL-CTDB/samba.spec
+++ b/packaging/RHEL-CTDB/samba.spec
@@ -5,7 +5,7 @@ Summary: Samba SMB client and server
Vendor: Samba Team
Packager: Samba Team <samba at samba.org>
Name: samba
-Version: 3.6.16
+Version: 3.6.17
Release: 1GITHASH
Epoch: 0
License: GNU GPL version 3
diff --git a/packaging/RHEL/makerpms.sh b/packaging/RHEL/makerpms.sh
index d1337f1..2c46642 100644
--- a/packaging/RHEL/makerpms.sh
+++ b/packaging/RHEL/makerpms.sh
@@ -20,7 +20,7 @@ SRCDIR=`rpm --eval %_sourcedir`
USERID=`id -u`
GRPID=`id -g`
-VERSION='3.6.16'
+VERSION='3.6.17'
REVISION=''
SPECFILE="samba.spec"
RPMVER=`rpm --version | awk '{print $3}'`
diff --git a/packaging/RHEL/samba.spec b/packaging/RHEL/samba.spec
index 2fbb27d..e1d78e4 100644
--- a/packaging/RHEL/samba.spec
+++ b/packaging/RHEL/samba.spec
@@ -11,7 +11,7 @@ Summary: Samba SMB client and server
Vendor: Samba Team
Packager: Samba Team <samba at samba.org>
Name: samba
-Version: 3.6.16
+Version: 3.6.17
Release: 1
Epoch: 0
License: GNU GPL version 3
diff --git a/source3/VERSION b/source3/VERSION
index 85b7e7e..2410272 100644
--- a/source3/VERSION
+++ b/source3/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=3
SAMBA_VERSION_MINOR=6
-SAMBA_VERSION_RELEASE=16
+SAMBA_VERSION_RELEASE=17
########################################################
# Bug fix releases use a letter for the patch revision #
diff --git a/source3/include/version.h b/source3/include/version.h
index 3f7a93d..619551f 100644
--- a/source3/include/version.h
+++ b/source3/include/version.h
@@ -1,8 +1,8 @@
/* Autogenerated by script/mkversion.sh */
#define SAMBA_VERSION_MAJOR 3
#define SAMBA_VERSION_MINOR 6
-#define SAMBA_VERSION_RELEASE 16
-#define SAMBA_VERSION_OFFICIAL_STRING "3.6.16"
+#define SAMBA_VERSION_RELEASE 17
+#define SAMBA_VERSION_OFFICIAL_STRING "3.6.17"
#ifdef SAMBA_VERSION_VENDOR_FUNCTION
# define SAMBA_VERSION_STRING SAMBA_VERSION_VENDOR_FUNCTION
#else /* SAMBA_VERSION_VENDOR_FUNCTION */
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index ea9d417..5fc3a09 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -989,7 +989,19 @@ struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t
if (next_offset == 0) {
break;
}
+
+ /* Integer wrap protection for the increment. */
+ if (offset + next_offset < offset) {
+ break;
+ }
+
offset += next_offset;
+
+ /* Integer wrap protection for while loop. */
+ if (offset + 4 < offset) {
+ break;
+ }
+
}
return ea_list_head;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git
More information about the Pkg-samba-maint
mailing list