samba - Aug 2018 - [Announce] Samba 4.8.4, 4.7.9 and 4.6.16 Security Releases Available for Download

Release Announcements
---------------------

These are security releases in order to address the following defects:

o  CVE-2018-1139  (Weak authentication protocol allowed.)
o  CVE-2018-1140  (Denial of Service Attack on DNS and LDAP server.)
o  CVE-2018-10858 (Insufficient input validation on client directory
		   listing in libsmbclient.)
o  CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o  CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
		   server.)

Samba 4.8.4 addresses all CVEs listed above, Samba 4.7.9 all except CVE
2018-1140 and 4.6.16 only CVE-2018-10858 and CVE-2018-10919. Please see the
release notes for details.


======Details
======
o  CVE-2018-1139:
   Vulnerability that allows authentication via NTLMv1 even if disabled.

o  CVE-2018-1140:
   Missing null pointer checks may crash the Samba AD DC, both over
   DNS and LDAP.

o  CVE-2018-10858:
   A malicious server could return a directory entry that could corrupt
   libsmbclient memory.

o  CVE-2018-10918:
   Missing null pointer checks may crash the Samba AD DC, over the
   authenticated DRSUAPI RPC service.

o  CVE-2018-10919:
   Missing access control checks allow discovery of confidential attribute
   values via authenticated LDAP search expressions.


Changes:
--------

o  Jeremy Allison <jra at samba.org>
   * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
     returns from malicious servers.

o  Andrew Bartlett <abartlet at samba.org>
   * BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and
DNS query
     with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140
   * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
     not servicePrincipalName is set on a user.

o  Tim Beale <timbeale at catalyst.net.nz>
   * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via
     searches.

o  Günther Deschner <gd at samba.org>
   * BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
     is disabled via "ntlm auth".

o  Andrej Gessel <Andrej.Gessel at janztec.com>
   * BUG 13374: CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
     ltdb_index_dn_attr().


#######################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's
Bugzilla
database (https://bugzilla.samba.org/).


======================================================================= Our
Code, Our Bugs, Our Responsibility.
== The Samba Team
=====================================================================


===============Download Details
===============
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6F33915B6568B7EA).  The source code can be downloaded
from:

        https://download.samba.org/pub/samba/stable/

The release notes are available online at:

        https://www.samba.org/samba/history/samba-4.8.4.html
        https://www.samba.org/samba/history/samba-4.7.9.html
        https://www.samba.org/samba/history/samba-4.6.16.html

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

                        --Enjoy
                        The Samba Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL:
<http://lists.samba.org/pipermail/samba/attachments/20180814/4c3f3052/signature.sig>