[Eisfair_dev] Samba security release 2.26.2 (Status 'stable')

Thomas Bork tom at eisfair.org
Mi Mär 9 21:41:10 CET 2016


Hi @all,

es steht das Samba-Security-release 2.26.2 mit dem Status 'stable' zur 
Installation bereit.

Dieses Release fixt sicherheitsrelevante Fehler in Samba. Zu den 
Sicherheits-Problemen und den betroffenen Samba-Versionen:

#######################################################################
Release Announcements
---------------------

This is a security release in order to address the following CVEs:

o  CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
o  CVE-2016-0771 (Out-of-bounds read in internal DNS server)

=======
Details
=======

o  CVE-2015-7560:
    All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are
    vulnerable to a malicious client overwriting the ownership of ACLs
    using symlinks.

    An authenticated malicious client can use SMB1 UNIX extensions to
    create a symlink to a file or directory, and then use non-UNIX SMB1
    calls to overwrite the contents of the ACL on the file or directory
    linked to.

o  CVE-2016-0771:
    All versions of Samba from 4.0.0 to 4.4.0rc3 inclusive, when
    deployed as an AD DC and choose to run the internal DNS server, are
    vulnerable to an out-of-bounds read issue during DNS TXT record
    handling caused by users with permission to modify DNS records.

    A malicious client can upload a specially constructed DNS TXT record,
    resulting in a remote denial-of-service attack. As long as the
    affected TXT record remains undisturbed in the Samba database, a
    targeted DNS query may continue to trigger this exploit.

    While unlikely, the out-of-bounds read may bypass safety checks and
    allow leakage of memory from the server in the form of a DNS TXT
    reply.

    By default only authenticated accounts can upload DNS records,
    as "allow dns updates = secure only" is the default.
    Any other value would allow anonymous clients to trigger this
    bug, which is a much higher risk.
#######################################################################


Bei eisfair sind alle halbwegs aktuellen Samba-Versionen von 
CVE-2015-7560 betroffen - ein Update ist deshalb dringend angeraten.


Changelog zur bisherigen stabilen eisfair-Samba-Version 2.26.1:
===============================================================
2.26.1 --> 2.26.2
-----------------
- 4.3.6 (4.3.6-for-eisfair-1-patch-1, status stable)
- /tmp/preinstall.sh:
   - if /run/lock/samba dont exist and /var/lib/samba
     exist, move /var/lib/samba to /run/lock.
     This is for users, which are want to switch back
     from samba 2.27.0 with /var/lib/samba to 2.26.x
     with /run/lock/samba.


Hierzu ist anzumerken, dass die Änderung in preinstall.sh lediglich zur 
Vorbereitung auf die Version 2.27.0 bzw. auf eine Rückkehr von 2.27.0 
auf 2.26.2 dient.


Release-Notes der internen Samba-Versionen 4.3.6:
=================================================
https://www.samba.org/samba/history/samba-4.3.6.html

Dieses Paket bei http://pack-eis.de:
====================================
http://www.pack-eis.de/index.php?p=17909

Changelog:
==========
http://www.pack-eis.de/?action=showfile&pid=17909&filename=usr/share/doc/samba/changes.txt


Ich wünsche Euch auch weiterhin viel Spass mit eisfair!


Das Posting geht parallel an spline.eisfair und spline.eisfair.dev.
Produktive Rückmeldungen bitte an spline.eisfair.

-- 
der tom
[eisfair-team]


Mehr Informationen über die Mailingliste Eisfair_dev