aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrancesco Colista <fcolista@alpinelinux.org>2017-08-09 12:54:42 +0000
committerFrancesco Colista <fcolista@alpinelinux.org>2017-08-09 12:54:42 +0000
commita179712065a4e2c4d237af7d0dc9b3862c73adaa (patch)
tree331d796e4af54de151687034a15f26d587a24ea5
parent925330ee890cc038d238a8eb8b6220e83b9858e4 (diff)
main/samba: fix for CVE-2017-11103. Fixes #7536
-rw-r--r--main/samba/APKBUILD14
-rw-r--r--main/samba/CVE-2017-11103.patch42
2 files changed, 52 insertions, 4 deletions
diff --git a/main/samba/APKBUILD b/main/samba/APKBUILD
index 8647c35d676..32c6be13ee7 100644
--- a/main/samba/APKBUILD
+++ b/main/samba/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=samba
pkgver=4.2.14
-pkgrel=3
+pkgrel=4
pkgdesc="Tools to access a server's filespace and printers via SMB"
url="http://www.samba.org"
arch="all"
@@ -56,10 +56,13 @@ source="http://us1.samba.org/samba/ftp/stable/samba-$pkgver.tar.gz
samba-4.3.12-security-20016-12-19-CVE-2016-2123,CVE-2016-2125,CVE-2016-2126.patch
CVE-2017-2619.patch
CVE-2017-7494.patch
+ CVE-2017-11103.patch
"
pkggroups="winbind"
# secfixes:
+# 4.2.14-r4:
+# - CVE-2017-11103
# 4.2.14-r3:
# - CVE-2017-7494
# 4.2.14-r2:
@@ -512,7 +515,8 @@ c150433426e18261e6e3eed3930e1a76 samba.confd
b7cafabfb4fa5b3ab5f2e857d8d1c733 samba.logrotate
c69c608d09081dc3dd783459ba0726f9 samba-4.3.12-security-20016-12-19-CVE-2016-2123,CVE-2016-2125,CVE-2016-2126.patch
df7d399a07f2f49734a4523d6a8f2c76 CVE-2017-2619.patch
-29789dcabb0524c9d6dd82e64e5edb2f CVE-2017-7494.patch"
+29789dcabb0524c9d6dd82e64e5edb2f CVE-2017-7494.patch
+c41504698740e206d879e8c698a5db19 CVE-2017-11103.patch"
sha256sums="db820a9947e44f04b0eb25e4aa0c3db32c4042fca541775ee8e2905093e888e6 samba-4.2.14.tar.gz
13617f691c648b44867c1a76d8be7c185021e8a8f3b695f8689a9f6244e65827 fix-libreplace.patch
0cf7e4eadf442422434d2b0fb43193f3a79f2887e32432f12cb6aed1941e807a musl-fix-headers.patch
@@ -525,7 +529,8 @@ d4880c4ccceba5017d64cead644f8f363f22d6e91f2c2e1687dd7b45e6ca27e0 heimdal-1.5-ap
4c2b7d529126b2fc4f62fb09d99e49a87632d723a2d9d289a61e37dd84145be1 samba.logrotate
3f4b931add7ca2ad333c80a047a3bd67ebcb24b1e52d1abf1b9deef06e473431 samba-4.3.12-security-20016-12-19-CVE-2016-2123,CVE-2016-2125,CVE-2016-2126.patch
71f96476d80ae0a3716830828b53cec11c5725b3114e5ca931ae165b3bc86a8a CVE-2017-2619.patch
-f99df33f04bf4e6c537fb3a10a315a4ad434ba31296287dde1e73ee43d3e5423 CVE-2017-7494.patch"
+f99df33f04bf4e6c537fb3a10a315a4ad434ba31296287dde1e73ee43d3e5423 CVE-2017-7494.patch
+7303ce056329860a10b5b1f3bb5f79a1f2c57e30ae895d8524c76c38ca56c542 CVE-2017-11103.patch"
sha512sums="269dd74ba788657434f51ac70953a293c94bcf98280eaa6f44634c5da54169a5ea7865d543a7c23860c4750a40cdee7caeaf5c7fc3dbc137f444e90f31a09890 samba-4.2.14.tar.gz
4adbbeb75de6c55199e10f284e741ee252f403b7809251caf4baf378669770be01d469b23e12f8119ed5dca5080dd45bda1b5b78cc7a791be44c1eb6fb8c0fa2 fix-libreplace.patch
8d2e1be5f020d0558917f328770b289d0a41836616952d0d3208cecd457df3649f1357a2d35dc54123559ab6a1b720f3189286c65cee90b02ccbae7d676ae383 musl-fix-headers.patch
@@ -538,4 +543,5 @@ b43809d7ecbf3968f5154c2ded6ed47dae36921f1895ea98bcce50557eb2ad39b736345ffb421465
f88ebe59ca3a9e9b77dd5993c13ef3e73a838efb8ed858088b464a330132d662f33e25c27819e38835389dee23057a3951de11bae1eef55db8ff5e1ec6760053 samba.logrotate
28150f51bcb558715a8613426d607ae07b2ab08ce58baef23339b1ded76d20191529395529546d2f1923ece2a52e4c1cc12a45e41579360ad9b04d0cacae8e0a samba-4.3.12-security-20016-12-19-CVE-2016-2123,CVE-2016-2125,CVE-2016-2126.patch
8c61126df95ba13bad29a040c8e6ac2d31d91e77b6883b968ef0ab5fa26a9ba8f54c4a83f4878d8aff9e6cb3c4d02a827be07c4736ae1c7cb5ea9cb797bfe360 CVE-2017-2619.patch
-d65ba69f87a2890fa514bf7d5bb8fcbdbb38dc9606a06763c349c874cc57e0ff741712a2afe58cad8ea612f405fd42876a16a779ee0f455cb840457ef738c1b5 CVE-2017-7494.patch"
+d65ba69f87a2890fa514bf7d5bb8fcbdbb38dc9606a06763c349c874cc57e0ff741712a2afe58cad8ea612f405fd42876a16a779ee0f455cb840457ef738c1b5 CVE-2017-7494.patch
+a923225f8d71f5af06deba6408da11ac7b631a30344cec63b3a9704738e180735bf998643c2b61ea78697b4bd32ed546a8ae451a1ac6dd26714f00c07616086c CVE-2017-11103.patch"
diff --git a/main/samba/CVE-2017-11103.patch b/main/samba/CVE-2017-11103.patch
new file mode 100644
index 00000000000..a0ae1414e5e
--- /dev/null
+++ b/main/samba/CVE-2017-11103.patch
@@ -0,0 +1,42 @@
+From 9b0972c8e429fee8e15f23ab508a9f0729a4e0b6 Mon Sep 17 00:00:00 2001
+From: Jeffrey Altman <jaltman@secure-endpoints.com>
+Date: Wed, 12 Apr 2017 15:40:42 -0400
+Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
+
+In _krb5_extract_ticket() the KDC-REP service name must be obtained from
+encrypted version stored in 'enc_part' instead of the unencrypted version
+stored in 'ticket'. Use of the unecrypted version provides an
+opportunity for successful server impersonation and other attacks.
+
+Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
+
+Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
+(based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea)
+
+Signed-off-by: Andrew Bartlett <abartlet@samba.org>
+Reviewed-by: Garming Sam <garming@catalyst.net.nz>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+---
+ source4/heimdal/lib/krb5/ticket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c
+index 064bbfb..5a317c7 100644
+--- a/source4/heimdal/lib/krb5/ticket.c
++++ b/source4/heimdal/lib/krb5/ticket.c
+@@ -641,8 +641,8 @@ _krb5_extract_ticket(krb5_context context,
+ /* check server referral and save principal */
+ ret = _krb5_principalname2krb5_principal (context,
+ &tmp_principal,
+- rep->kdc_rep.ticket.sname,
+- rep->kdc_rep.ticket.realm);
++ rep->enc_part.sname,
++ rep->enc_part.srealm);
+ if (ret)
+ goto out;
+ if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){
+--
+1.9.1
+