diff options
| author | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-09 12:54:42 +0000 |
|---|---|---|
| committer | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-09 13:13:47 +0000 |
| commit | da33a65c6a75c4ccf48331e1a6aa4088a0c4ae30 (patch) | |
| tree | 031bd3389c192f455425d1ab0cfa52b30d57d24a | |
| parent | 051c3cef7a51ff57a5f7da7bea7c9ee7592ba1f2 (diff) | |
| download | aports-da33a65c6a75c4ccf48331e1a6aa4088a0c4ae30.tar.bz2 aports-da33a65c6a75c4ccf48331e1a6aa4088a0c4ae30.tar.xz | |
main/samba: fix for CVE-2017-11103. Fixes #7535
| -rw-r--r-- | main/samba/APKBUILD | 14 | ||||
| -rw-r--r-- | main/samba/CVE-2017-11103.patch | 42 |
2 files changed, 52 insertions, 4 deletions
diff --git a/main/samba/APKBUILD b/main/samba/APKBUILD index 5122234fc0..2f2c66d11a 100644 --- a/main/samba/APKBUILD +++ b/main/samba/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=samba pkgver=4.4.14 -pkgrel=0 +pkgrel=1 pkgdesc="Tools to access a server's filespace and printers via SMB" url="http://www.samba.org" arch="all" @@ -53,10 +53,13 @@ source="http://us1.samba.org/samba/ftp/stable/samba-$pkgver.tar.gz samba.initd samba.confd samba.logrotate + CVE-2017-11103.patch " pkggroups="winbind" # secfixes: +# 4.4.14-r1: +# - CVE-2017-11103 # 4.4.14-r0: # - CVE-2017-7494 # 4.4.5-r3: @@ -525,7 +528,8 @@ f0d10a87a2067d0d3accdcb6c9b64ea9 domain.patch 39b8cfa9abe6584d13a13ea63459a2e7 netdb-defines.patch c1702b2ad7b68f7d704f50a1bfef3ad3 samba.initd c150433426e18261e6e3eed3930e1a76 samba.confd -b7cafabfb4fa5b3ab5f2e857d8d1c733 samba.logrotate" +b7cafabfb4fa5b3ab5f2e857d8d1c733 samba.logrotate +c41504698740e206d879e8c698a5db19 CVE-2017-11103.patch" sha256sums="b0a564af71536f12f01aae2e1d93a04c588dd53b81a3f3eaf9bb73ba4f6f57dd samba-4.4.14.tar.gz dcf6a7118297d6567d8ff31c9eff1afffdf2f548db36fd17d00cdf0ffc555fe3 uclibc-xattr-create.patch 5554fff0df5d31e67a705c60d97e187b4109c79c8a4063c8ea7ebe1e0e4a7e7e domain.patch @@ -533,7 +537,8 @@ dcf6a7118297d6567d8ff31c9eff1afffdf2f548db36fd17d00cdf0ffc555fe3 uclibc-xattr-c d4a17891a14d9a4290750097cc28279059e6d971fadf132085e857ed4400d5ed netdb-defines.patch 3866a15ab73a9fd704ec8315cff48caf98937c490ba8dc40ce3701cef5ca22c9 samba.initd 1d12f98a7727967b04eb123109b34cfffef320822dc0e8059286b6e3394c3fc0 samba.confd -4c2b7d529126b2fc4f62fb09d99e49a87632d723a2d9d289a61e37dd84145be1 samba.logrotate" +4c2b7d529126b2fc4f62fb09d99e49a87632d723a2d9d289a61e37dd84145be1 samba.logrotate +7303ce056329860a10b5b1f3bb5f79a1f2c57e30ae895d8524c76c38ca56c542 CVE-2017-11103.patch" sha512sums="16c1e7ca3226db58440abf3ad56c86e70d473a7bcba9cb2444ed7127993569206c565d7f8cb834363d2b3106c4e91de4d41b73bf90d9017e688030ceeef60c53 samba-4.4.14.tar.gz b43809d7ecbf3968f5154c2ded6ed47dae36921f1895ea98bcce50557eb2ad39b736345ffb4214655ed3154c143c20431d248cde828285380bafbf4d2627df9b uclibc-xattr-create.patch 62d373dbaee75121a1d73f2c09cdca7239705808ff807b171d1d5a28fd4ffc66bdb52494b62786d7aaba8aeece5c08433b532ca96a28d712452fe9daac8d8d2e domain.patch @@ -541,4 +546,5 @@ b43809d7ecbf3968f5154c2ded6ed47dae36921f1895ea98bcce50557eb2ad39b736345ffb421465 1854577d0e4457e27da367a6c7ec0fb5cfd63cefea0a39181c9d6e78cf8d3eb50878cdddeea3daeec955d00263151c2f86ea754ff4276ef98bc52c0276d9ffe8 netdb-defines.patch 6bee83aab500f27248b315d8a5f567940d7232269b021d801b3d51c20ed9e4aad513ee0117f356fb388014a63a145beacb55307ef9addbf7997987304b548fcf samba.initd 4faf581ecef3ec38319e3c4ab6d3995c51fd7ba83180dc5553a2ff4dfb92efadb43030c543292130c4ed0c281dc0972c6973d52d48062c5edb39bb1c4bbb6dd6 samba.confd -f88ebe59ca3a9e9b77dd5993c13ef3e73a838efb8ed858088b464a330132d662f33e25c27819e38835389dee23057a3951de11bae1eef55db8ff5e1ec6760053 samba.logrotate" +f88ebe59ca3a9e9b77dd5993c13ef3e73a838efb8ed858088b464a330132d662f33e25c27819e38835389dee23057a3951de11bae1eef55db8ff5e1ec6760053 samba.logrotate +a923225f8d71f5af06deba6408da11ac7b631a30344cec63b3a9704738e180735bf998643c2b61ea78697b4bd32ed546a8ae451a1ac6dd26714f00c07616086c CVE-2017-11103.patch" diff --git a/main/samba/CVE-2017-11103.patch b/main/samba/CVE-2017-11103.patch new file mode 100644 index 0000000000..a0ae1414e5 --- /dev/null +++ b/main/samba/CVE-2017-11103.patch @@ -0,0 +1,42 @@ +From 9b0972c8e429fee8e15f23ab508a9f0729a4e0b6 Mon Sep 17 00:00:00 2001 +From: Jeffrey Altman <jaltman@secure-endpoints.com> +Date: Wed, 12 Apr 2017 15:40:42 -0400 +Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation + +In _krb5_extract_ticket() the KDC-REP service name must be obtained from +encrypted version stored in 'enc_part' instead of the unencrypted version +stored in 'ticket'. Use of the unecrypted version provides an +opportunity for successful server impersonation and other attacks. + +Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. + +Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894 +(based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea) + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +Reviewed-by: Garming Sam <garming@catalyst.net.nz> +Reviewed-by: Stefan Metzmacher <metze@samba.org> +--- + source4/heimdal/lib/krb5/ticket.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c +index 064bbfb..5a317c7 100644 +--- a/source4/heimdal/lib/krb5/ticket.c ++++ b/source4/heimdal/lib/krb5/ticket.c +@@ -641,8 +641,8 @@ _krb5_extract_ticket(krb5_context context, + /* check server referral and save principal */ + ret = _krb5_principalname2krb5_principal (context, + &tmp_principal, +- rep->kdc_rep.ticket.sname, +- rep->kdc_rep.ticket.realm); ++ rep->enc_part.sname, ++ rep->enc_part.srealm); + if (ret) + goto out; + if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){ +-- +1.9.1 + |