[Buildroot] [PATCH] samba4: security bump to version 4.9.3
Peter Korsgaard
peter at korsgaard.com
Thu Nov 29 14:48:48 UTC 2018
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security vulnerabilities:
> - CVE-2018-14629:
> All versions of Samba from 4.0.0 onwards are vulnerable to infinite
> query recursion caused by CNAME loops. Any dns record can be added via
> ldap by an unprivileged user using the ldbadd tool, so this is a
> security issue.
> - CVE-2018-16841:
> When configured to accept smart-card authentication, Samba's KDC will call
> talloc_free() twice on the same memory if the principal in a validly signed
> certificate does not match the principal in the AS-REQ.
> This is only possible after authentication with a trusted certificate.
> talloc is robust against further corruption from a double-free with
> talloc_free() and directly calls abort(), terminating the KDC process.
> There is no further vulnerability associated with this issue, merely a
> denial of service.
> - CVE-2018-16851:
> During the processing of an LDAP search before Samba's AD DC returns
> the LDAP entries to the client, the entries are cached in a single
> memory object with a maximum size of 256MB. When this size is
> reached, the Samba process providing the LDAP service will follow the
> NULL pointer, terminating the process.
> There is no further vulnerability associated with this issue, merely a
> denial of service.
> - CVE-2018-16852:
> During the processing of an DNS zone in the DNS management DCE/RPC server,
> the internal DNS server or the Samba DLZ plugin for BIND9, if the
> DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
> property is set, the server will follow a NULL pointer and terminate.
> There is no further vulnerability associated with this issue, merely a
> denial of service.
> - CVE-2018-16853:
> A user in a Samba AD domain can crash the KDC when Samba is built in the
> non-default MIT Kerberos configuration.
> With this advisory we clarify that the MIT Kerberos build of the Samba
> AD DC is considered experimental. Therefore the Samba Team will not
> issue security patches for this configuration.
> - CVE-2018-16857:
> AD DC Configurations watching for bad passwords (to restrict brute forcing
> of passwords) in a window of more than 3 minutes may not watch for bad
> passwords at all.
> For more details, see the release notes:
> https://www.samba.org/samba/history/samba-4.9.3.html
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list