Opened 2 years ago

Closed 2 years ago

#15705 closed enhancement (fixed)

samba-4.15.1

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: elevated Milestone: 11.1
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New security release (Microsoft CVE-2020-17049)

Change History (3)

comment:1 by Douglas R. Reno, 2 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 2 years ago 

Release Announcements
---------------------

This is the latest stable release of the Samba 4.15 release series.


Changes since 4.15.0
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 14682: vfs_shadow_copy2: core dump in make_relative_path.
   * BUG 14685: Log clutter from filename_convert_internal.
   * BUG 14862: MacOSX compilation fixes.

o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
   * BUG 14868: rodc_rwdc test flaps.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
     bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
     Heimdal.
   * BUG 14836: Python ldb.msg_diff() memory handling failure.
   * BUG 14845: "in" operator on ldb.Message is case sensitive.
   * BUG 14848: Release LDB 2.4.1 for Samba 4.15.1.
   * BUG 14854: samldb_krbtgtnumber_available() looks for incorrect string.
   * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED.
   * BUG 14874: Allow special chars like "@" in samAccountName when generating
     the salt.

o  Ralph Boehme <slow@samba.org>
   * BUG 14826: Correctly ignore comments in CTDB public addresses file.

o  Isaac Boukris <iboukris@gmail.com>
   * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
     bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
     Heimdal.

o  Viktor Dukhovni <viktor@twosigma.com>
   * BUG 12998: Fix transit path validation.

o  Pavel Filipenský <pfilipen@redhat.com>
   * BUG 14852: Fix that child winbindd logs to log.winbindd instead of
     log.wb-<DOMAIN>.

o  Luke Howard <lukeh@padl.com>
   * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
     bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
     Heimdal.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14855: SMB3 cancel requests should only include the MID together with
     AsyncID when AES-128-GMAC is used.

o  Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
   * BUG 14862: MacOSX compilation fixes.

o  Andreas Schneider <asn@samba.org>
   * BUG 14870: Prepare to operate with MIT krb5 >= 1.20.

o  Martin Schwenke <martin@meltin.net>
   * BUG 14826: Correctly ignore comments in CTDB public addresses file.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
     bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
     Heimdal.
   * BUG 14836: Python ldb.msg_diff() memory handling failure.
   * BUG 14845: "in" operator on ldb.Message is case sensitive.
   * BUG 14864: Heimdal prefers RC4 over AES for machine accounts.
   * BUG 14868: rodc_rwdc test flaps.
   * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED.
   * BUG 14874: Allow special chars like "@" in samAccountName when generating
     the salt.

o  Nicolas Williams <nico@twosigma.com>
   * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
     bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
     Heimdal.

CVE-2020-17049 is rated at 7.2 HIGH, and is an authentication bypass via the internal Kerberos implementation in Samba.

comment:3 by Douglas R. Reno, 2 years ago

Resolution: fixed
Status: assignedclosed

Fixed at 71d2d759c3e2976d3442f86a31d7ae3b6713e726

Note: See TracTickets for help on using tickets.