Karolin Seeger
2011-Feb-28 13:35 UTC
[Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
Release Announcements ==================== Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719. o CVE-2011-0719: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date. Changes ------- o Jeremy Allison <jra at samba.org> * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open. ###################################################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don''t provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba corresponding product in the project''s Bugzilla database (https://bugzilla.samba.org/). ======================================================================= Our Code, Our Bugs, Our Responsibility. == The Samba Team ===================================================================== ===============Download Details =============== The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.5.7.html http://www.samba.org/samba/ftp/history/samba-3.4.12.html http://www.samba.org/samba/ftp/history/samba-3.3.15.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
Karolin Seeger
2011-Feb-28 13:35 UTC
[Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
Release Announcements ==================== Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to address CVE-2011-0719. o CVE-2011-0719: All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date. Changes ------- o Jeremy Allison <jra at samba.org> * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open. ###################################################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba corresponding product in the project's Bugzilla database (https://bugzilla.samba.org/). ======================================================================= Our Code, Our Bugs, Our Responsibility. == The Samba Team ===================================================================== ===============Download Details =============== The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/ftp/history/samba-3.5.7.html http://www.samba.org/samba/ftp/history/samba-3.4.12.html http://www.samba.org/samba/ftp/history/samba-3.3.15.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team
Chris Smith
2011-Feb-28 15:15 UTC
[Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
On Mon, Feb 28, 2011 at 8:35 AM, Karolin Seeger <kseeger at samba.org> wrote:> Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to > address CVE-2011-0719.Will there be a new 3.5.7 Jumbo Patch available for those using it with 3.5.6 and strict allocate? Or does the current 3.5.6 Jumbo Patch work fine with 3.5.7 (I'm assuming it's not included as there was no mention of any other fixes in the release notes)? Thank you, Chris
Christian PERRIER
2011-Mar-01 06:12 UTC
[Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
Quoting Karolin Seeger (kseeger at samba.org):> Release Announcements > ====================> > Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to > address CVE-2011-0719.Debian addressed these in security updates: - 2:3.2.5-4lenny14 for Debian "lenny" - 2:3.5.6~dfsg-3squeeze1 for Debian "squeeze" Please note that the latter is indeed samba 3.5.7 as the difference between 3.5.6 and 3.5.7 is only the security fix. I opened the discussion with the Debian security team to decide whether, in the future, we could be allowed to use the official upstream version number (to avoid misunderstandings, from our users, about the "vulnerability" of our packages. I use this opportunity to thank the Samba Team for their quick and efficient communication with 'vendors' about this issue, that allowed us to publish these security updates the very same day the issue was officially unveiled. Specifically, even though the 3.2 branch isn't officially supported security-wise by the Samba Team, we got ready-to-apply patches for 3.2 and these were a great help.
Alexander
2011-Mar-04 07:26 UTC
[Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
On Mon, Feb 28, 2011 at 4:35 PM, Karolin Seeger <kseeger at samba.org> wrote:> Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to > address CVE-2011-0719. > > o ?CVE-2011-0719: > ? All current released versions of Samba are vulnerable to > ? a denial of service caused by memory corruption. Range > ? checks on file descriptors being used in the FD_SET macro > ? were not present allowing stack corruption. This can cause > ? the Samba code to crash or to loop attempting to select > ? on a bad file descriptor set.Hello dear Samba team, Could you please clarify one thing here - does that DoS/loop happen with _only_ smbd serving that malicious client, or that would crash the whole Samba service? thanks, Alexander
Volker Lendecke
2011-Mar-04 08:29 UTC
[Samba] [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
On Fri, Mar 04, 2011 at 10:26:50AM +0300, Alexander wrote:> > Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to > > address CVE-2011-0719. > > > > o ?CVE-2011-0719: > > ? All current released versions of Samba are vulnerable to > > ? a denial of service caused by memory corruption. Range > > ? checks on file descriptors being used in the FD_SET macro > > ? were not present allowing stack corruption. This can cause > > ? the Samba code to crash or to loop attempting to select > > ? on a bad file descriptor set. > > Hello dear Samba team, > > Could you please clarify one thing here - does that DoS/loop happen > with _only_ smbd serving that malicious client, or that would crash > the whole Samba service?It will affect the smbd doing the service only. But under heavy load it can also affect winbind. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen
Possibly Parallel Threads
- [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available
- [Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Re leases Available
- [Announce] Samba 4.7.6, 4.6.14 and 4.5.16 Security Releases Available for Download
- [Announce] Samba 4.7.6, 4.6.14 and 4.5.16 Security Releases Available for Download
- [Announce] Samba 4.1.11 and 4.0.21 Security Releases Available