diff options
author | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-09 12:54:42 +0000 |
---|---|---|
committer | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-09 12:54:42 +0000 |
commit | a179712065a4e2c4d237af7d0dc9b3862c73adaa (patch) | |
tree | 331d796e4af54de151687034a15f26d587a24ea5 | |
parent | 925330ee890cc038d238a8eb8b6220e83b9858e4 (diff) |
main/samba: fix for CVE-2017-11103. Fixes #7536
-rw-r--r-- | main/samba/APKBUILD | 14 | ||||
-rw-r--r-- | main/samba/CVE-2017-11103.patch | 42 |
2 files changed, 52 insertions, 4 deletions
diff --git a/main/samba/APKBUILD b/main/samba/APKBUILD index 8647c35d676..32c6be13ee7 100644 --- a/main/samba/APKBUILD +++ b/main/samba/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=samba pkgver=4.2.14 -pkgrel=3 +pkgrel=4 pkgdesc="Tools to access a server's filespace and printers via SMB" url="http://www.samba.org" arch="all" @@ -56,10 +56,13 @@ source="http://us1.samba.org/samba/ftp/stable/samba-$pkgver.tar.gz samba-4.3.12-security-20016-12-19-CVE-2016-2123,CVE-2016-2125,CVE-2016-2126.patch CVE-2017-2619.patch CVE-2017-7494.patch + CVE-2017-11103.patch " pkggroups="winbind" # secfixes: +# 4.2.14-r4: +# - CVE-2017-11103 # 4.2.14-r3: # - CVE-2017-7494 # 4.2.14-r2: @@ -512,7 +515,8 @@ c150433426e18261e6e3eed3930e1a76 samba.confd b7cafabfb4fa5b3ab5f2e857d8d1c733 samba.logrotate c69c608d09081dc3dd783459ba0726f9 samba-4.3.12-security-20016-12-19-CVE-2016-2123,CVE-2016-2125,CVE-2016-2126.patch df7d399a07f2f49734a4523d6a8f2c76 CVE-2017-2619.patch -29789dcabb0524c9d6dd82e64e5edb2f CVE-2017-7494.patch" +29789dcabb0524c9d6dd82e64e5edb2f CVE-2017-7494.patch +c41504698740e206d879e8c698a5db19 CVE-2017-11103.patch" sha256sums="db820a9947e44f04b0eb25e4aa0c3db32c4042fca541775ee8e2905093e888e6 samba-4.2.14.tar.gz 13617f691c648b44867c1a76d8be7c185021e8a8f3b695f8689a9f6244e65827 fix-libreplace.patch 0cf7e4eadf442422434d2b0fb43193f3a79f2887e32432f12cb6aed1941e807a musl-fix-headers.patch @@ -525,7 +529,8 @@ d4880c4ccceba5017d64cead644f8f363f22d6e91f2c2e1687dd7b45e6ca27e0 heimdal-1.5-ap 4c2b7d529126b2fc4f62fb09d99e49a87632d723a2d9d289a61e37dd84145be1 samba.logrotate 3f4b931add7ca2ad333c80a047a3bd67ebcb24b1e52d1abf1b9deef06e473431 samba-4.3.12-security-20016-12-19-CVE-2016-2123,CVE-2016-2125,CVE-2016-2126.patch 71f96476d80ae0a3716830828b53cec11c5725b3114e5ca931ae165b3bc86a8a CVE-2017-2619.patch -f99df33f04bf4e6c537fb3a10a315a4ad434ba31296287dde1e73ee43d3e5423 CVE-2017-7494.patch" +f99df33f04bf4e6c537fb3a10a315a4ad434ba31296287dde1e73ee43d3e5423 CVE-2017-7494.patch +7303ce056329860a10b5b1f3bb5f79a1f2c57e30ae895d8524c76c38ca56c542 CVE-2017-11103.patch" sha512sums="269dd74ba788657434f51ac70953a293c94bcf98280eaa6f44634c5da54169a5ea7865d543a7c23860c4750a40cdee7caeaf5c7fc3dbc137f444e90f31a09890 samba-4.2.14.tar.gz 4adbbeb75de6c55199e10f284e741ee252f403b7809251caf4baf378669770be01d469b23e12f8119ed5dca5080dd45bda1b5b78cc7a791be44c1eb6fb8c0fa2 fix-libreplace.patch 8d2e1be5f020d0558917f328770b289d0a41836616952d0d3208cecd457df3649f1357a2d35dc54123559ab6a1b720f3189286c65cee90b02ccbae7d676ae383 musl-fix-headers.patch @@ -538,4 +543,5 @@ b43809d7ecbf3968f5154c2ded6ed47dae36921f1895ea98bcce50557eb2ad39b736345ffb421465 f88ebe59ca3a9e9b77dd5993c13ef3e73a838efb8ed858088b464a330132d662f33e25c27819e38835389dee23057a3951de11bae1eef55db8ff5e1ec6760053 samba.logrotate 28150f51bcb558715a8613426d607ae07b2ab08ce58baef23339b1ded76d20191529395529546d2f1923ece2a52e4c1cc12a45e41579360ad9b04d0cacae8e0a samba-4.3.12-security-20016-12-19-CVE-2016-2123,CVE-2016-2125,CVE-2016-2126.patch 8c61126df95ba13bad29a040c8e6ac2d31d91e77b6883b968ef0ab5fa26a9ba8f54c4a83f4878d8aff9e6cb3c4d02a827be07c4736ae1c7cb5ea9cb797bfe360 CVE-2017-2619.patch -d65ba69f87a2890fa514bf7d5bb8fcbdbb38dc9606a06763c349c874cc57e0ff741712a2afe58cad8ea612f405fd42876a16a779ee0f455cb840457ef738c1b5 CVE-2017-7494.patch" +d65ba69f87a2890fa514bf7d5bb8fcbdbb38dc9606a06763c349c874cc57e0ff741712a2afe58cad8ea612f405fd42876a16a779ee0f455cb840457ef738c1b5 CVE-2017-7494.patch +a923225f8d71f5af06deba6408da11ac7b631a30344cec63b3a9704738e180735bf998643c2b61ea78697b4bd32ed546a8ae451a1ac6dd26714f00c07616086c CVE-2017-11103.patch" diff --git a/main/samba/CVE-2017-11103.patch b/main/samba/CVE-2017-11103.patch new file mode 100644 index 00000000000..a0ae1414e5e --- /dev/null +++ b/main/samba/CVE-2017-11103.patch @@ -0,0 +1,42 @@ +From 9b0972c8e429fee8e15f23ab508a9f0729a4e0b6 Mon Sep 17 00:00:00 2001 +From: Jeffrey Altman <jaltman@secure-endpoints.com> +Date: Wed, 12 Apr 2017 15:40:42 -0400 +Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation + +In _krb5_extract_ticket() the KDC-REP service name must be obtained from +encrypted version stored in 'enc_part' instead of the unencrypted version +stored in 'ticket'. Use of the unecrypted version provides an +opportunity for successful server impersonation and other attacks. + +Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. + +Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894 +(based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea) + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +Reviewed-by: Garming Sam <garming@catalyst.net.nz> +Reviewed-by: Stefan Metzmacher <metze@samba.org> +--- + source4/heimdal/lib/krb5/ticket.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c +index 064bbfb..5a317c7 100644 +--- a/source4/heimdal/lib/krb5/ticket.c ++++ b/source4/heimdal/lib/krb5/ticket.c +@@ -641,8 +641,8 @@ _krb5_extract_ticket(krb5_context context, + /* check server referral and save principal */ + ret = _krb5_principalname2krb5_principal (context, + &tmp_principal, +- rep->kdc_rep.ticket.sname, +- rep->kdc_rep.ticket.realm); ++ rep->enc_part.sname, ++ rep->enc_part.srealm); + if (ret) + goto out; + if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){ +-- +1.9.1 + |