- Timestamp:
- Sep 16, 2010, 10:06:10 AM (15 years ago)
- Location:
- branches/samba-3.3.x
- Files:
-
- 9 edited
-
WHATSNEW.txt (modified) (2 diffs)
-
packaging/RHEL-CTDB/samba.spec (modified) (1 diff)
-
packaging/RHEL/makerpms.sh (modified) (1 diff)
-
packaging/RHEL/samba.spec (modified) (1 diff)
-
source/VERSION (modified) (1 diff)
-
source/lib/util_sid.c (modified) (1 diff)
-
source/libads/ldap.c (modified) (1 diff)
-
source/libsmb/cliquota.c (modified) (1 diff)
-
source/smbd/nttrans.c (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.3.x/WHATSNEW.txt
r467 r491 1 1 ============================== 2 Release Notes for Samba 3.3.1 33 June 16, 20102 Release Notes for Samba 3.3.14 3 September 14, 2010 4 4 ============================== 5 5 6 6 7 This is a security release in order to address CVE-2010-2063. 8 9 10 o CVE-2010-2063: 11 In Samba 3.3.x and below, a buffer overrun is possible in chain_reply code. 12 13 14 Changes since 3.3.12 7 This is a security release in order to address CVE-2010-3069. 8 9 10 o CVE-2010-3069: 11 All current released versions of Samba are vulnerable to 12 a buffer overrun vulnerability. The sid_parse() function 13 (and related dom_sid_parse() function in the source4 code) 14 do not correctly check their input lengths when reading a 15 binary representation of a Windows SID (Security ID). This 16 allows a malicious client to send a sid that can overflow 17 the stack variable that is being used to store the SID in the 18 Samba smbd server. 19 20 21 Changes since 3.3.13 15 22 -------------------- 16 23 17 24 18 25 o Jeremy Allison <jra@samba.org> 19 * BUG 7494: Fix for CVE-2010-2063. 26 * BUG 7669: Fix for CVE-2010-3069. 27 28 29 o Andrew Bartlett <abartlet@samba.org> 30 * BUG 7669: Fix for CVE-2010-3069. 20 31 21 32 … … 42 53 Release notes for older releases follow: 43 54 ---------------------------------------- 55 56 ============================== 57 Release Notes for Samba 3.3.13 58 June 16, 2010 59 ============================== 60 61 62 This is a security release in order to address CVE-2010-2063. 63 64 65 o CVE-2010-2063: 66 In Samba 3.3.x and below, a buffer overrun is possible in chain_reply code. 67 68 69 Changes since 3.3.12 70 -------------------- 71 72 73 o Jeremy Allison <jra@samba.org> 74 * BUG 7494: Fix for CVE-2010-2063. 75 76 77 ###################################################################### 78 Reporting bugs & Development Discussion 79 ####################################### 80 81 Please discuss this release on the samba-technical mailing list or by 82 joining the #samba-technical IRC channel on irc.freenode.net. 83 84 If you do report problems then please try to send high quality 85 feedback. If you don't provide vital information to help us track down 86 the problem then you will probably be ignored. All bug reports should 87 be filed under the Samba 3.3 product in the project's Bugzilla 88 database (https://bugzilla.samba.org/). 89 90 91 ====================================================================== 92 == Our Code, Our Bugs, Our Responsibility. 93 == The Samba Team 94 ====================================================================== 95 96 97 ---------------------------------------------------------------------- 98 44 99 45 100 ============================== -
branches/samba-3.3.x/packaging/RHEL-CTDB/samba.spec
r467 r491 6 6 Packager: Samba Team <samba@samba.org> 7 7 Name: samba 8 Version: 3.3.1 38 Version: 3.3.14 9 9 Release: ctdb.1 10 10 Epoch: 0 -
branches/samba-3.3.x/packaging/RHEL/makerpms.sh
r467 r491 21 21 USERID=`id -u` 22 22 GRPID=`id -g` 23 VERSION='3.3.1 3'23 VERSION='3.3.14' 24 24 REVISION='' 25 25 SPECFILE="samba.spec" -
branches/samba-3.3.x/packaging/RHEL/samba.spec
r467 r491 6 6 Packager: Samba Team <samba@samba.org> 7 7 Name: samba 8 Version: 3.3.1 38 Version: 3.3.14 9 9 Release: 1 10 10 Epoch: 0 -
branches/samba-3.3.x/source/VERSION
r467 r491 26 26 SAMBA_VERSION_MAJOR=3 27 27 SAMBA_VERSION_MINOR=3 28 SAMBA_VERSION_RELEASE=1 328 SAMBA_VERSION_RELEASE=14 29 29 30 30 ######################################################## -
branches/samba-3.3.x/source/lib/util_sid.c
r206 r491 409 409 sid->sid_rev_num = CVAL(inbuf, 0); 410 410 sid->num_auths = CVAL(inbuf, 1); 411 if (sid->num_auths > MAXSUBAUTHS) { 412 return false; 413 } 411 414 memcpy(sid->id_auth, inbuf+2, 6); 412 415 if (len < 8 + sid->num_auths*4) -
branches/samba-3.3.x/source/libads/ldap.c
r224 r491 2140 2140 DOM_SID sid; 2141 2141 fstring tmp; 2142 sid_parse(values[i]->bv_val, values[i]->bv_len, &sid); 2142 if (!sid_parse(values[i]->bv_val, values[i]->bv_len, &sid)) { 2143 continue; 2144 } 2143 2145 printf("%s: %s\n", field, sid_to_fstring(tmp, &sid)); 2144 2146 } -
branches/samba-3.3.x/source/libsmb/cliquota.c
r206 r491 118 118 #endif /* LARGE_SMB_OFF_T */ 119 119 120 sid_parse(rdata+40,sid_len,&qt.sid); 120 if (!sid_parse(rdata+40,sid_len,&qt.sid)) { 121 return false; 122 } 121 123 122 124 qt.qtype = SMB_USER_QUOTA_TYPE; -
branches/samba-3.3.x/source/smbd/nttrans.c
r370 r491 1951 1951 /*unknown = IVAL(pdata,0);*/ 1952 1952 1953 sid_parse(pdata+4,sid_len,&sid); 1953 if (!sid_parse(pdata+4,sid_len,&sid)) { 1954 reply_nterror(req, NT_STATUS_INVALID_PARAMETER); 1955 return; 1956 } 1957 1954 1958 DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid))); 1955 1959 … … 2207 2211 } 2208 2212 2209 sid_parse(pdata+8,sid_len,&sid); 2213 if (!sid_parse(pdata+8,sid_len,&sid)) { 2214 reply_nterror(req, NT_STATUS_INVALID_PARAMETER); 2215 return; 2216 } 2210 2217 2211 2218 if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) { … … 2388 2395 #endif /* LARGE_SMB_OFF_T */ 2389 2396 2390 sid_parse(pdata+40,sid_len,&sid); 2397 if (!sid_parse(pdata+40,sid_len,&sid)) { 2398 reply_nterror(req, NT_STATUS_INVALID_PARAMETER); 2399 return; 2400 } 2401 2391 2402 DEBUGADD(8,("SID: %s\n", sid_string_dbg(&sid))); 2392 2403
Note:
See TracChangeset
for help on using the changeset viewer.
