Changeset 735


Ignore:
Timestamp:
Nov 12, 2012, 5:25:07 PM (13 years ago)
Author:
Silvan Scherrer
Message:

Samba Server 3.5: update branche to 3.5.15

Location:
branches/samba-3.5.x
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • branches/samba-3.5.x/WHATSNEW.txt

    r734 r735  
    11                   ==============================
    2                    Release Notes for Samba 3.5.14
    3                            April 10, 2012
     2                   Release Notes for Samba 3.5.15
     3                           April 30, 2012
    44                   ==============================
    55
    66
    77This is a security release in order to address
    8 CVE-2012-1182 ("root" credential remote code execution).
    9 
    10 o  CVE-2012-1182:
    11    Samba 3.0.x to 3.6.3 are affected by a
    12    vulnerability that allows remote code
    13    execution as the "root" user.
    14 
    15 
    16 Changes since 3.5.13:
     8CVE-2012-2111 (Incorrect permission checks when granting/removing
     9privileges can compromise file server security).
     10
     11o  CVE-2012-2111:
     12   Samba 3.4.x to 3.6.4 are affected by a
     13   vulnerability that allows arbitrary users
     14   to modify privileges on a file server.
     15
     16
     17Changes since 3.5.14:
    1718---------------------
    1819
    1920
    20 o   Stefan Metzmacher <metze@samba.org>
    21     *BUG 8815: PIDL based autogenerated code allows overwriting beyond of
    22      allocated array (CVE-2012-1182).
     21o   Jeremy Allison <jra@samba.org>
     22    * Fix  incorrect permission checks when granting/removing
     23      privileges (CVE-2012-2111).
    2324
    2425
     
    4546Release notes for older releases follow:
    4647----------------------------------------
     48
     49                   ==============================
     50                   Release Notes for Samba 3.5.14
     51                           April 10, 2012
     52                   ==============================
     53
     54
     55This is a security release in order to address
     56CVE-2012-1182 ("root" credential remote code execution).
     57
     58o  CVE-2012-1182:
     59   Samba 3.0.x to 3.6.3 are affected by a
     60   vulnerability that allows remote code
     61   execution as the "root" user.
     62
     63
     64Changes since 3.5.13:
     65---------------------
     66
     67
     68o   Stefan Metzmacher <metze@samba.org>
     69    *BUG 8815: PIDL based autogenerated code allows overwriting beyond of
     70     allocated array (CVE-2012-1182).
     71
     72
     73######################################################################
     74Reporting bugs & Development Discussion
     75#######################################
     76
     77Please discuss this release on the samba-technical mailing list or by
     78joining the #samba-technical IRC channel on irc.freenode.net.
     79
     80If you do report problems then please try to send high quality
     81feedback. If you don't provide vital information to help us track down
     82the problem then you will probably be ignored.  All bug reports should
     83be filed under the Samba 3.5 product in the project's Bugzilla
     84database (https://bugzilla.samba.org/).
     85
     86
     87======================================================================
     88== Our Code, Our Bugs, Our Responsibility.
     89== The Samba Team
     90======================================================================
     91
     92
     93----------------------------------------------------------------------
     94
    4795
    4896                   ==============================
  • branches/samba-3.5.x/packaging/RHEL-CTDB/samba.spec

    r734 r735  
    66Packager: Samba Team <samba@samba.org>
    77Name:         samba
    8 Version:      3.5.14
     8Version:      3.5.15
    99Release:      1GITHASH
    1010Epoch:        0
  • branches/samba-3.5.x/packaging/RHEL/makerpms.sh

    r734 r735  
    2121USERID=`id -u`
    2222GRPID=`id -g`
    23 VERSION='3.5.14'
     23VERSION='3.5.15'
    2424REVISION=''
    2525SPECFILE="samba.spec"
  • branches/samba-3.5.x/packaging/RHEL/samba.spec

    r734 r735  
    1212Packager: Samba Team <samba@samba.org>
    1313Name:         samba
    14 Version:      3.5.14
     14Version:      3.5.15
    1515Release:      1
    1616Epoch:        0
  • branches/samba-3.5.x/source3/VERSION

    r734 r735  
    2626SAMBA_VERSION_MAJOR=3
    2727SAMBA_VERSION_MINOR=5
    28 SAMBA_VERSION_RELEASE=14
     28SAMBA_VERSION_RELEASE=15
    2929
    3030########################################################
  • branches/samba-3.5.x/source3/rpc_server/srv_lsa_nt.c

    r414 r735  
    16921692        struct lsa_info *info;
    16931693        uint32_t acc_granted;
     1694        uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
     1695                        ~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
     1696                        LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
     1697                        STD_RIGHT_DELETE_ACCESS));
    16941698        struct security_descriptor *psd;
    16951699        size_t sd_size;
     
    17191723        status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
    17201724                                    &lsa_account_mapping,
    1721                                     r->in.sid, LSA_POLICY_ALL_ACCESS);
     1725                                    r->in.sid, owner_access);
    17221726        if (!NT_STATUS_IS_OK(status)) {
    17231727                return status;
     
    17651769        uint32_t des_access = r->in.access_mask;
    17661770        uint32_t acc_granted;
     1771        uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
     1772                        ~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
     1773                        LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
     1774                        STD_RIGHT_DELETE_ACCESS));
    17671775        NTSTATUS status;
    17681776
     
    17891797        status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
    17901798                                &lsa_account_mapping,
    1791                                 r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
     1799                                r->in.sid, owner_access);
    17921800        if (!NT_STATUS_IS_OK(status)) {
    17931801                return status;
     
    21752183        }
    21762184
    2177         /* get the generic lsa account SD for this SID until we store it */
     2185        /* get the generic lsa account SD until we store it */
    21782186        status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
    21792187                                &lsa_account_mapping,
    2180                                 r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
     2188                                NULL, 0);
    21812189        if (!NT_STATUS_IS_OK(status)) {
    21822190                return status;
     
    22462254        }
    22472255
    2248         /* get the generic lsa account SD for this SID until we store it */
     2256        /* get the generic lsa account SD until we store it */
    22492257        status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
    22502258                                &lsa_account_mapping,
    2251                                 r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
     2259                                NULL, 0);
    22522260        if (!NT_STATUS_IS_OK(status)) {
    22532261                return status;
Note: See TracChangeset for help on using the changeset viewer.