Jule Anger
2022-Dec-15 16:49 UTC
[Announce] Samba 4.17.4, 4.16.8 and 4.15.13 Security Releases are available for Download
Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos ????????????????? RC4-HMAC Elevation of Privilege Vulnerability ????????????????? disclosed by Microsoft on Nov 8 2022. ????????????????? A Samba Active Directory DC will issue weak rc4-hmac ????????????????? session keys for use between modern clients and servers ????????????????? despite all modern Kerberos implementations supporting ????????????????? the aes256-cts-hmac-sha1-96 cipher. ????????????????? On Samba Active Directory DCs and members ????????????????? 'kerberos encryption types = legacy' would force ????????????????? rc4-hmac as a client even if the server supports ????????????????? aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96. https://www.samba.org/samba/security/CVE-2022-37966.html o CVE-2022-37967: This is the Samba CVE for the Windows ????????????????? Kerberos Elevation of Privilege Vulnerability ????????????????? disclosed by Microsoft on Nov 8 2022. ????????????????? A service account with the special constrained ????????????????? delegation permission could forge a more powerful ????????????????? ticket than the one it was presented with. https://www.samba.org/samba/security/CVE-2022-37967.html o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the ????????????????? same algorithms as rc4-hmac cryptography in Kerberos, ????????????????? and so must also be assumed to be weak. https://www.samba.org/samba/security/CVE-2022-38023.html o CVE-2022-45141: Since the Windows Kerberos RC4-HMAC Elevation of Privilege ????????????????? Vulnerability was disclosed by Microsoft on Nov 8 2022 ????????????????? and per RFC8429 it is assumed that rc4-hmac is weak, ????????????????? Vulnerable Samba Active Directory DCs will issue rc4-hmac ????????????????? encrypted tickets despite the target server supporting ????????????????? better encryption (eg aes256-cts-hmac-sha1-96). https://www.samba.org/samba/security/CVE-2022-45141.html Changes ------- o? Jeremy Allison <jra at samba.org> ?? * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the ???? same size. o? Andrew Bartlett <abartlet at samba.org> ?? * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of ???? user-controlled pointer in FAST. ?? * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry. ?? * BUG 15237: CVE-2022-37966. ?? * BUG 15258: filter-subunit is inefficient with large numbers of knownfails. o? Ralph Boehme <slow at samba.org> ?? * BUG 15240: CVE-2022-38023. ?? * BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories. o? Stefan Metzmacher <metze at samba.org> ?? * BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from ???? Windows. ?? * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented ???? atomically. ?? * BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing ???? vulnerability. ?? * BUG 15206: libnet: change_password() doesn't work with ???? dcerpc_samr_ChangePasswordUser4(). ?? * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry. ?? * BUG 15230: Memory leak in snprintf replacement functions. ?? * BUG 15237: CVE-2022-37966. ?? * BUG 15240: CVE-2022-38023. ?? * BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC ???? (CVE-2021-20251 regression). o? Noel Power <noel.power at suse.com> ?? * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the ???? same size. o? Anoop C S <anoopcs at samba.org> ?? * BUG 15198: Prevent EBADF errors with vfs_glusterfs. o? Andreas Schneider <asn at samba.org> ?? * BUG 15237: CVE-2022-37966. ?? * BUG 15243: %U for include directive doesn't work for share listing ???? (netshareenum). ?? * BUG 15257: Stack smashing in net offlinejoin requestodj. o? Joseph Sutton <josephsutton at catalyst.net.nz> ?? * BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue. ?? * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry. ?? * BUG 15231: CVE-2022-37967. ?? * BUG 15237: CVE-2022-37966. o? Nicolas Williams <nico at twosigma.com> ?? * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of ???? user-controlled pointer in FAST. ####################################### Reporting bugs & Development Discussion ####################################### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.libera.chat or the #samba-technical:matrix.org matrix channel. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored.? All bug reports should be filed under the Samba 4.1 and newer product in the project's Bugzilla database (https://bugzilla.samba.org/). ======================================================================= Our Code, Our Bugs, Our Responsibility. == The Samba Team ===================================================================== ===============Download Details =============== The uncompressed tarballs and patch files have been signed using GnuPG (ID AA99442FB680B620).? The source code can be downloaded from: https://download.samba.org/pub/samba/stable/ The release notes are available online at: https://www.samba.org/samba/history/samba-4.17.4.html https://www.samba.org/samba/history/samba-4.16.8.html https://www.samba.org/samba/history/samba-4.15.13.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) ??????????????????????? --Enjoy ??????????????????????? The Samba Team
Ralph Boehme
2022-Dec-15 17:31 UTC
[Samba] [Announce] Samba 4.17.4, 4.16.8 and 4.15.13 Security Releases are available for Download
Woohoo, finally! :) Thanks everyone who has been involved in this security release, either in research, coding, testing, documentation or getting it out the door! Especially Andrew, Joseph and metze! Thanks!! -slow -- Ralph Boehme, Samba Team https://samba.org/ SerNet Samba Team Lead https://sernet.de/en/team-samba On 12/15/22 17:49, Jule Anger via samba wrote:> Release Announcements > --------------------- > > This are security releases in order to address the following defects: > > > o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos > ????????????????? RC4-HMAC Elevation of Privilege Vulnerability > ????????????????? disclosed by Microsoft on Nov 8 2022. > > ????????????????? A Samba Active Directory DC will issue weak rc4-hmac > ????????????????? session keys for use between modern clients and servers > ????????????????? despite all modern Kerberos implementations supporting > ????????????????? the aes256-cts-hmac-sha1-96 cipher. > > ????????????????? On Samba Active Directory DCs and members > ????????????????? 'kerberos encryption types = legacy' would force > ????????????????? rc4-hmac as a client even if the server supports > ????????????????? aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96. > > https://www.samba.org/samba/security/CVE-2022-37966.html > > o CVE-2022-37967: This is the Samba CVE for the Windows > ????????????????? Kerberos Elevation of Privilege Vulnerability > ????????????????? disclosed by Microsoft on Nov 8 2022. > > ????????????????? A service account with the special constrained > ????????????????? delegation permission could forge a more powerful > ????????????????? ticket than the one it was presented with. > > https://www.samba.org/samba/security/CVE-2022-37967.html > > o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel > uses the > ????????????????? same algorithms as rc4-hmac cryptography in Kerberos, > ????????????????? and so must also be assumed to be weak. > > https://www.samba.org/samba/security/CVE-2022-38023.html > > o CVE-2022-45141: Since the Windows Kerberos RC4-HMAC Elevation of > Privilege > ????????????????? Vulnerability was disclosed by Microsoft on Nov 8 2022 > ????????????????? and per RFC8429 it is assumed that rc4-hmac is weak, > > ????????????????? Vulnerable Samba Active Directory DCs will issue > rc4-hmac > ????????????????? encrypted tickets despite the target server supporting > ????????????????? better encryption (eg aes256-cts-hmac-sha1-96). > > https://www.samba.org/samba/security/CVE-2022-45141.html > > Changes > ------- > > o? Jeremy Allison <jra at samba.org> > ?? * BUG 15224: pam_winbind uses time_t and pointers assuming they are > of the > ???? same size. > > o? Andrew Bartlett <abartlet at samba.org> > ?? * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of > ???? user-controlled pointer in FAST. > ?? * BUG 15219: Heimdal session key selection in AS-REQ examines wrong > entry. > ?? * BUG 15237: CVE-2022-37966. > ?? * BUG 15258: filter-subunit is inefficient with large numbers of > knownfails. > > o? Ralph Boehme <slow at samba.org> > ?? * BUG 15240: CVE-2022-38023. > ?? * BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on > directories. > > o? Stefan Metzmacher <metze at samba.org> > ?? * BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes > differs from > ???? Windows. > ?? * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not > incremented > ???? atomically. > ?? * BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing > ???? vulnerability. > ?? * BUG 15206: libnet: change_password() doesn't work with > ???? dcerpc_samr_ChangePasswordUser4(). > ?? * BUG 15219: Heimdal session key selection in AS-REQ examines wrong > entry. > ?? * BUG 15230: Memory leak in snprintf replacement functions. > ?? * BUG 15237: CVE-2022-37966. > ?? * BUG 15240: CVE-2022-38023. > ?? * BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC > ???? (CVE-2021-20251 regression). > > o? Noel Power <noel.power at suse.com> > ?? * BUG 15224: pam_winbind uses time_t and pointers assuming they are > of the > ???? same size. > > o? Anoop C S <anoopcs at samba.org> > ?? * BUG 15198: Prevent EBADF errors with vfs_glusterfs. > > o? Andreas Schneider <asn at samba.org> > ?? * BUG 15237: CVE-2022-37966. > ?? * BUG 15243: %U for include directive doesn't work for share listing > ???? (netshareenum). > ?? * BUG 15257: Stack smashing in net offlinejoin requestodj. > > o? Joseph Sutton <josephsutton at catalyst.net.nz> > ?? * BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue. > ?? * BUG 15219: Heimdal session key selection in AS-REQ examines wrong > entry. > ?? * BUG 15231: CVE-2022-37967. > ?? * BUG 15237: CVE-2022-37966. > > o? Nicolas Williams <nico at twosigma.com> > ?? * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of > ???? user-controlled pointer in FAST. > > > ####################################### > Reporting bugs & Development Discussion > ####################################### > > Please discuss this release on the samba-technical mailing list or by > joining the #samba-technical IRC channel on irc.libera.chat or the > #samba-technical:matrix.org matrix channel. > > If you do report problems then please try to send high quality > feedback. If you don't provide vital information to help us track down > the problem then you will probably be ignored.? All bug reports should > be filed under the Samba 4.1 and newer product in the project's Bugzilla > database (https://bugzilla.samba.org/). > > > =====================================================================> == Our Code, Our Bugs, Our Responsibility. > == The Samba Team > =====================================================================> > > > ===============> Download Details > ===============> > The uncompressed tarballs and patch files have been signed > using GnuPG (ID AA99442FB680B620).? The source code can be downloaded > from: > > https://download.samba.org/pub/samba/stable/ > > The release notes are available online at: > > https://www.samba.org/samba/history/samba-4.17.4.html > https://www.samba.org/samba/history/samba-4.16.8.html > https://www.samba.org/samba/history/samba-4.15.13.html > > Our Code, Our Bugs, Our Responsibility. > (https://bugzilla.samba.org/) > > ??????????????????????? --Enjoy > ??????????????????????? The Samba Team >-------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20221215/f39aff66/OpenPGP_signature.sig>