[Pkg-samba-maint] [Announce] Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download

Ola Lundqvist ola at inguza.com
Thu Mar 23 11:59:39 UTC 2017 

Hi Mathieu

Thank you for this information. The LTS team will handle this. If nobody
else step up I will do it myself.

For the LTS team: I will add this to the dla-needed.txt file later today
but feel free to add that and claim yourself to this update.

Best regards

// Ola

On 23 March 2017 at 11:30, Mathieu Parent <math.parent at gmail.com> wrote:

> Hi,
>
> Today samba has released a security fix for a symlink race (leading to
> information disclosure).
>
> Salvatore will take care of the jessie upload, I have uploaded for
> sid, but we have not done anything on the wheezy side.
>
> See attached the backported patches for 3.6 (those are from the samba
> bugzilla which is still embargoed).
>
> Please take care of it.
>
> Thanks
>
> Mathieu Parent
>
>
> ---------- Forwarded message ----------
> From: Karolin Seeger via samba-announce <samba-announce at lists.samba.org>
> Date: 2017-03-23 10:11 GMT+01:00
> Subject: [Announce] Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases
> Available for Download
> To: samba-announce at lists.samba.org, samba at lists.samba.org,
> samba-technical at lists.samba.org
>
>
> Release Announcements
> ---------------------
>
> These are a security releases in order to address the following defect:
>
> o  CVE-2017-2619 (Symlink race allows access outside share definition)
>
> =======
> Details
> =======
>
> o  CVE-2017-2619:
>    All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to
>    a malicious client using a symlink race to allow access to areas of
>    the server file system not exported under the share definition.
>
>    Samba uses the realpath() system call to ensure when a client requests
>    access to a pathname that it is under the exported share path on the
>    server file system.
>
>    Clients that have write access to the exported part of the file system
>    via SMB1 unix extensions or NFS to create symlinks can race the server
>    by renaming a realpath() checked path and then creating a symlink. If
>    the client wins the race it can cause the server to access the new
>    symlink target after the exported share path check has been done. This
>    new symlink target can point to anywhere on the server file system.
>
>    This is a difficult race to win, but theoretically possible. Note that
>    the proof of concept code supplied wins the race reliably only when
>    the server is slowed down using the strace utility running on the
>    server. Exploitation of this bug has not been seen in the wild.
>
>
> Changes:
> --------
>
> o  Jeremy Allison <jra at samba.org>
>    * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside
> share
>      directory.
>
> o  Ralph Boehme <slow at samba.org>
>    * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside
> share
>      directory.
>
>
> #######################################
> Reporting bugs & Development Discussion
> #######################################
>
> Please discuss this release on the samba-technical mailing list or by
> joining the #samba-technical IRC channel on irc.freenode.net.
>
> If you do report problems then please try to send high quality
> feedback. If you don't provide vital information to help us track down
> the problem then you will probably be ignored.  All bug reports should
> be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
> database (https://bugzilla.samba.org/).
>
>
> ======================================================================
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ======================================================================
>
>
>
> ================
> Download Details
> ================
>
> The uncompressed tarballs and patch files have been signed
> using GnuPG (ID 6F33915B6568B7EA).  The source code can be downloaded
> from:
>
>         https://download.samba.org/pub/samba/stable/
>
> The release notes are available online at:
>
>         https://www.samba.org/samba/history/samba-4.6.1.html
>         https://www.samba.org/samba/history/samba-4.5.7.html
>         https://www.samba.org/samba/history/samba-4.4.12.html
>
> Our Code, Our Bugs, Our Responsibility.
> (https://bugzilla.samba.org/)
>
>                         --Enjoy
>                         The Samba Team
>
>
> --
> Mathieu
>



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola at inguza.com                    Folkebogatan 26            \
|  opal at debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20170323/6977f292/attachment-0001.html>

More information about the Pkg-samba-maint mailing list