Opened 15 months ago

Closed 15 months ago

Last modified 15 months ago

#13751 closed enhancement (fixed)

Samba-4.12.5

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 10.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New security release (plus a point release attached at the end, came out 30 minutes ago)

Change History (6)

comment:1 by Douglas R. Reno, 15 months ago

Priority: normalhigh

Vulnerability Details

Release Announcements
---------------------

These are security release in order to address the following defects:

o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC
		  LDAP Server with ASQ, VLV and paged_results.
o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
		  excessive CPU
o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
		  paged_results and VLV.
o CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.


=======
Details
=======

o  CVE-2020-10730:
   A client combining the 'ASQ' and 'VLV' LDAP controls can cause a NULL pointer
   de-reference and further combinations with the LDAP paged_results feature can
   give a use-after-free in Samba's AD DC LDAP server.

o  CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
   excessive CPU.

o  CVE-2020-10760:
   The use of the paged_results or VLV controls against the Global Catalog LDAP
   server on the AD DC will cause a use-after-free.

o  CVE-2020-14303:
   The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process
   further requests once it receives an empty (zero-length) UDP packet to
   port 137.

For more details, please refer to the security advisories.


Changes since 4.12.3
--------------------

o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
   * BUG 14378: CVE-2020-10745: Invalid DNS or NBT queries containing dots use
     several seconds of CPU each.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
     and VLV combined.
   * BUG 14402: CVE-2020-10760: Fix use-after-free in AD DC Global Catalog LDAP
     server with paged_result or VLV.
   * BUG 14417: CVE-2020-14303: Fix endless loop from empty UDP packet sent to
     AD DC nbt_server.

o  Gary Lockyer <gary@catalyst.net.nz>
   * BUG 14364: CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
     and VLV combined, ldb: Bump version to 2.1.4.  

comment:2 by Douglas R. Reno, 15 months ago

And now the changelog:

Changes since 4.12.4
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 14301: Fix smbd panic on force-close share during async io.
   * BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share
     folder that contains incorrect symbols in any file name.
   * BUG 14391: Fix DFS links.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14310: Can't use DNS functionality after a Windows DC has been in
     domain.

o  Alexander Bokovoy <ab@samba.org>
   * BUG 14413: ldapi search to FreeIPA crashes.

o  Isaac Boukris <iboukris@gmail.com>
   * BUG 14396: Add net-ads-join dnshostname=fqdn option.
   * BUG 14406: Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC.

o  Björn Jacke <bj@sernet.de>
   * BUG 14386: docs-xml: Update list of posible VFS operations for
     vfs_full_audit.

o  Volker Lendecke <vl@samba.org>
   * BUG 14382: winbindd: Fix a use-after-free when winbind clients exit.

o  Andreas Schneider <asn@samba.org>
   * BUG 14370: Client tools are not able to read gencache anymore.

comment:3 by Douglas R. Reno, 15 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:4 by Douglas R. Reno, 15 months ago

Resolution: fixed
Status: assignedclosed

Fixed at r23355

comment:5 by Bruce Dubbs, 15 months ago

Milestone: 9.210,0

Milestone renamed

comment:6 by Bruce Dubbs, 15 months ago

Milestone: 10,010.0

Milestone renamed

Note: See TracTickets for help on using tickets.