<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.17.3.html">samba-4.17.3</a></li>
<li><a href="samba-4.17.2.html">samba-4.17.2</a></li>
<li><a href="samba-4.17.1.html">samba-4.17.1</a></li>
<li><a href="samba-4.17.0.html">samba-4.17.0</a></li>
+ <li><a href="samba-4.16.7.html">samba-4.16.7</a></li>
<li><a href="samba-4.16.6.html">samba-4.16.6</a></li>
<li><a href="samba-4.16.5.html">samba-4.16.5</a></li>
<li><a href="samba-4.16.4.html">samba-4.16.4</a></li>
<li><a href="samba-4.16.2.html">samba-4.16.2</a></li>
<li><a href="samba-4.16.1.html">samba-4.16.1</a></li>
<li><a href="samba-4.16.0.html">samba-4.16.0</a></li>
+ <li><a href="samba-4.15.12.html">samba-4.15.12</a></li>
<li><a href="samba-4.15.11.html">samba-4.15.11</a></li>
<li><a href="samba-4.15.10.html">samba-4.15.10</a></li>
<li><a href="samba-4.15.9.html">samba-4.15.9</a></li>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.15.12 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.15.12 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.15.12.tar.gz">Samba 4.15.12 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.15.12.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.15.11-4.15.12.diffs.gz">Patch (gzipped) against Samba 4.15.11</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.15.11-4.15.12.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ===============================
+ Release Notes for Samba 4.15.12
+ November 15, 2022
+ ===============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against
+ integer overflows when parsing a PAC on a 32-bit system, which
+ allowed an attacker with a forged PAC to corrupt the heap.
+ https://www.samba.org/samba/security/CVE-2022-42898.html
+
+Changes since 4.15.11
+---------------------
+o Joseph Sutton <josephsutton@catalyst.net.nz>
+ * BUG 15203: CVE-2022-42898
+
+o Nicolas Williams <nico@twosigma.com>
+ * BUG 15203: CVE-2022-42898
+
+
+</pre>
+</p>
+</body>
+</html>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.16.7 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.16.7 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.16.7.tar.gz">Samba 4.16.7 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.16.7.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.16.6-4.16.7.diffs.gz">Patch (gzipped) against Samba 4.16.6</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.16.6-4.16.7.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.16.7
+ November 15, 2022
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against
+ integer overflows when parsing a PAC on a 32-bit system, which
+ allowed an attacker with a forged PAC to corrupt the heap.
+ https://www.samba.org/samba/security/CVE-2022-42898.html
+
+Changes since 4.16.6
+--------------------
+
+o Joseph Sutton <josephsutton@catalyst.net.nz>
+ * BUG 15203: CVE-2022-42898
+
+o Nicolas Williams <nico@twosigma.com>
+ * BUG 15203: CVE-2022-42898
+
+
+</pre>
+</p>
+</body>
+</html>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.17.3 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.17.3 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.17.3.tar.gz">Samba 4.17.3 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.17.3.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.17.2-4.17.3.diffs.gz">Patch (gzipped) against Samba 4.17.2</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.17.2-4.17.3.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.17.3
+ November 15, 2022
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+
+o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against
+ integer overflows when parsing a PAC on a 32-bit system, which
+ allowed an attacker with a forged PAC to corrupt the heap.
+ https://www.samba.org/samba/security/CVE-2022-42898.html
+
+Changes since 4.17.2
+--------------------
+o Joseph Sutton <josephsutton@catalyst.net.nz>
+ * BUG 15203: CVE-2022-42898
+
+o Nicolas Williams <nico@twosigma.com>
+ * BUG 15203: CVE-2022-42898
+
+
+</pre>
+</p>
+</body>
+</html>
<td><em>Details</em></td>
</tr>
+ <tr>
+ <td>15 November 2022</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.17.3-security-2022-11-15.patch">
+ patch for Samba 4.17.3</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.16.7-security-2022-11-15.patch">
+ patch for Samba 4.16.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.15.12-security-2022-11-15.patch">
+ patch for Samba 4.15.12</a><br />
+ </td>
+ <td>Samba's Kerberos libraries and AD DC failed to guard against integer
+ overflows when parsing a PAC on a 32-bit system, which allowed an attacker
+ with a forged PAC to corrupt the heap.
+ </td>
+ <td>All versions of Samba prior to 4.15.12, 4.16.7, 4.17.3.</td>
+ <td>
+<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898">CVE-2022-42898</a>.
+ </td>
+ <td>
+<a href="/samba/security/CVE-2022-42898.html">Announcement</a>.
+ </td>
+
+
<tr>
<td>25 October 2022</td>
<td><a href="/samba/ftp/patches/security/samba-4.17.2-security-2022-10-25.patch">
--- /dev/null
+<!-- BEGIN: posted_news/20221115-072401.4.17.3.body.html -->
+<h5><a name="4.17.3">15 November 2022</a></h5>
+<p class=headline>Samba 4.17.3, 4.16.7 and 4.15.12 Security Releases are available for Download</p>
+<p>
+These are Security Releases in order to address
+<a href="/samba/security/CVE-2022-42898.html">CVE-2022-42898</a> and
+</p>
+<p>
+<p>
+The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620).
+</p>
+
+<p>
+The 4.17.3 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.17.3.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.17.2-4.17.3.diffs.gz">patch against Samba 4.17.2</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.17.3.html">the release notes for more info</a>.
+</p>
+
+<p>
+The 4.16.7 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.16.7.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.16.6-4.16.7.diffs.gz">patch against Samba 4.16.6</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.16.7.html">the release notes for more info</a>.
+</p>
+
+<p>
+The 4.15.12 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.15.12.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.15.11-4.15.12.diffs.gz">patch against Samba 4.15.11</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.15.12.html">the release notes for more info</a>.
+</p>
+<!-- END: posted_news/20221115-072401.4.17.3.body.html -->
--- /dev/null
+<!-- BEGIN: posted_news/20221115-072401.4.17.3.headline.html -->
+<li> 15 November 2022 <a href="#4.17.3">Samba 4.17.3, 4.16.7 and 4.15.12 Security Releases are available for Download</a></li>
+<!-- END: posted_news/20221115-072401.4.17.3.headline.html -->
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2022-42898.html:</H2>
+
+<p>
+<pre>
+===========================================================
+== Subject: Samba buffer overflow vulnerabilities on 32-bit
+== systems
+==
+== CVE ID#: CVE-2022-42898
+==
+== Versions: All versions of Samba prior to 4.15.12, 4.16.7, 4.17.3
+==
+== Summary: Samba's Kerberos libraries and AD DC failed to guard
+== against integer overflows when parsing a PAC on a 32-bit
+== system, which allowed an attacker with a forged PAC to
+== corrupt the heap.
+===========================================================
+
+===========
+Description
+===========
+
+The Kerberos libraries used by Samba provide a mechanism for
+authenticating a user or service by means of tickets that can contain
+Privilege Attribute Certificates (PACs).
+
+Both the Heimdal and MIT Kerberos libraries, and so the embedded
+Heimdal shipped by Samba suffer from an integer multiplication
+overflow when calculating how many bytes to allocate for a buffer for
+the parsed PAC.
+
+On a 32-bit system an overflow allows placement of 16-byte chunks of
+entirely attacker- controlled data.
+
+(Because the user's control over this calculation is limited to an
+unsigned 32-bit value, 64-bit systems are not impacted).
+
+The server most vulnerable is the KDC, as it will parse an
+attacker-controlled PAC in the S4U2Proxy handler.
+
+The secondary risk is to Kerberos-enabled file server installations in
+a non-AD realm. A non-AD Heimdal KDC controlling such a realm may
+pass on an attacker-controlled PAC within the service ticket.
+
+==================
+Patch Availability
+==================
+
+Patches addressing these issues have been posted to:
+
+ https://www.samba.org/samba/security/
+
+Additionally, Samba 4.15.12, 4.16.7, and 4.17.3 have been issued
+as security releases to correct the defect. Samba administrators are
+advised to upgrade to these releases or apply the patch as soon
+as possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L (6.4)
+
+==========================
+Workaround and mitigations
+==========================
+
+* No workaround on 32-bit systems as an AD DC
+* file servers are only impacted if in a non-AD domain
+* 64-bit systems are not exploitable.
+
+=======
+Credits
+=======
+
+Originally reported by Greg Hudson with the aid of oss-fuzz.
+
+Patches provided by Nicolas Williams of Heimdal and Joseph Sutton of
+Catlyst and the Samba team.
+
+Advisory by Joseph Sutton and Andrew Bartlett of Catalyst and the
+Samba Team based on text and analysis by Greg Hudson.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+
+</pre>
+</body>
+</html>
git.samba.org / samba-web.git / commitdiff