diff options
author | Karolin Seeger <kseeger@samba.org> | 2016-12-09 10:35:04 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2016-12-09 10:35:04 +0100 |
commit | b036f719e883e3d1daf52038ba816412083baa3d (patch) | |
tree | 0a8181fc11e2b7406888b055f517e5a85150291e /WHATSNEW.txt | |
parent | 913b5553bed688e9ae471de8b7d895c17f3ac6ab (diff) | |
download | samba-b036f719e883e3d1daf52038ba816412083baa3d.tar.gz |
WHATSNEW: Add release notes for Samba 4.5.3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Diffstat (limited to 'WHATSNEW.txt')
-rw-r--r-- | WHATSNEW.txt | 86 |
1 files changed, 84 insertions, 2 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6d7d5d93c71..63a0e9e91c6 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,86 @@ ============================= + Release Notes for Samba 4.5.3 + December 19, 2016 + ============================= + + +This is a security release in order to address the following defects: + +o CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer + Overflow Remote Code Execution Vulnerability). +o CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in + trusted realms). +o CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege + elevation). + +======= +Details +======= + +o CVE-2016-2123: + The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, + leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name + parses data from the Samba Active Directory ldb database. Any user + who can write to the dnsRecord attribute over LDAP can trigger this + memory corruption. + + By default, all authenticated LDAP users can write to the dnsRecord + attribute on new DNS objects. This makes the defect a remote privilege + escalation. + +o CVE-2016-2125 + Samba client code always requests a forwardable ticket + when using Kerberos authentication. This means the + target server, which must be in the current or trusted + domain/realm, is given a valid general purpose Kerberos + "Ticket Granting Ticket" (TGT), which can be used to + fully impersonate the authenticated user or service. + +o CVE-2016-2126 + A remote, authenticated, attacker can cause the winbindd process + to crash using a legitimate Kerberos ticket due to incorrect + handling of the arcfour-hmac-md5 PAC checksum. + + A local service with access to the winbindd privileged pipe can + cause winbindd to cache elevated access permissions. + + +Changes since 4.5.2: +-------------------- + +o Volker Lendecke <vl@samba.org> + * BUG 12409: CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995. + +o Stefan Metzmacher <metze@samba.org> + * BUG 12445: CVE-2016-2125: Don't send delegated credentials to all servers. + * BUG 12446: CVE-2016-2126: auth/kerberos: Only allow known checksum types in + check_pac_checksum(). + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + ============================= Release Notes for Samba 4.5.2 December 07, 2016 ============================= @@ -93,8 +175,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================= Release Notes for Samba 4.5.1 |