diff options
| author | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-09 12:54:42 +0000 |
|---|---|---|
| committer | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-09 13:47:54 +0000 |
| commit | 83b0c95301ee39dc9c019024e7711a3b7cc716d2 (patch) | |
| tree | 88e0d7573cada068c6401e03582a393c041b0d31 /main/samba | |
| parent | 2f8c26956e9dccf4bba525609ec28da21fa4ddbc (diff) | |
| download | aports-83b0c95301ee39dc9c019024e7711a3b7cc716d2.tar.bz2 aports-83b0c95301ee39dc9c019024e7711a3b7cc716d2.tar.xz | |
main/samba: fix for CVE-2017-11103. Fixes #7533
Diffstat (limited to 'main/samba')
| -rw-r--r-- | main/samba/APKBUILD | 9 | ||||
| -rw-r--r-- | main/samba/CVE-2017-11103.patch | 42 |
2 files changed, 48 insertions, 3 deletions
diff --git a/main/samba/APKBUILD b/main/samba/APKBUILD index 77dfd41f70..4a899ca569 100644 --- a/main/samba/APKBUILD +++ b/main/samba/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=samba pkgver=4.6.4 -pkgrel=0 +pkgrel=1 pkgdesc="Tools to access a server's filespace and printers via SMB" url="http://www.samba.org" arch="all" @@ -53,11 +53,14 @@ source="https://us1.samba.org/samba/ftp/stable/$pkgname-$pkgver.tar.gz $pkgname.initd $pkgname.confd $pkgname.logrotate + CVE-2017-11103.patch " pkggroups="winbind" builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 4.6.4-r1: +# - CVE-2017-11103 # 4.6.1-r0: # - CVE-2017-2619 @@ -517,7 +520,6 @@ libs() { "$pkgdir"/usr/lib \ "$pkgdir"/usr } - sha512sums="c20e6ad35b701816c35959fd242470dd899fb1b0bf02277ebdc87624dc1059199854b8d759374ab8b23f4842aa01347389a34319635091ade5afb5a94810eac1 samba-4.6.4.tar.gz b43809d7ecbf3968f5154c2ded6ed47dae36921f1895ea98bcce50557eb2ad39b736345ffb4214655ed3154c143c20431d248cde828285380bafbf4d2627df9b uclibc-xattr-create.patch 62d373dbaee75121a1d73f2c09cdca7239705808ff807b171d1d5a28fd4ffc66bdb52494b62786d7aaba8aeece5c08433b532ca96a28d712452fe9daac8d8d2e domain.patch @@ -526,4 +528,5 @@ b43809d7ecbf3968f5154c2ded6ed47dae36921f1895ea98bcce50557eb2ad39b736345ffb421465 202667cb0383414d9289cd67574f5e1140c9a0ff63bb82a746a59b2397a00db15654bfb30cb5ec1cd68a097899be0f849d9aab4c0d210152386c9e66c640f0c0 netapp.patch 6bee83aab500f27248b315d8a5f567940d7232269b021d801b3d51c20ed9e4aad513ee0117f356fb388014a63a145beacb55307ef9addbf7997987304b548fcf samba.initd 4faf581ecef3ec38319e3c4ab6d3995c51fd7ba83180dc5553a2ff4dfb92efadb43030c543292130c4ed0c281dc0972c6973d52d48062c5edb39bb1c4bbb6dd6 samba.confd -f88ebe59ca3a9e9b77dd5993c13ef3e73a838efb8ed858088b464a330132d662f33e25c27819e38835389dee23057a3951de11bae1eef55db8ff5e1ec6760053 samba.logrotate" +f88ebe59ca3a9e9b77dd5993c13ef3e73a838efb8ed858088b464a330132d662f33e25c27819e38835389dee23057a3951de11bae1eef55db8ff5e1ec6760053 samba.logrotate +a923225f8d71f5af06deba6408da11ac7b631a30344cec63b3a9704738e180735bf998643c2b61ea78697b4bd32ed546a8ae451a1ac6dd26714f00c07616086c CVE-2017-11103.patch" diff --git a/main/samba/CVE-2017-11103.patch b/main/samba/CVE-2017-11103.patch new file mode 100644 index 0000000000..a0ae1414e5 --- /dev/null +++ b/main/samba/CVE-2017-11103.patch @@ -0,0 +1,42 @@ +From 9b0972c8e429fee8e15f23ab508a9f0729a4e0b6 Mon Sep 17 00:00:00 2001 +From: Jeffrey Altman <jaltman@secure-endpoints.com> +Date: Wed, 12 Apr 2017 15:40:42 -0400 +Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation + +In _krb5_extract_ticket() the KDC-REP service name must be obtained from +encrypted version stored in 'enc_part' instead of the unencrypted version +stored in 'ticket'. Use of the unecrypted version provides an +opportunity for successful server impersonation and other attacks. + +Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. + +Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894 +(based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea) + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +Reviewed-by: Garming Sam <garming@catalyst.net.nz> +Reviewed-by: Stefan Metzmacher <metze@samba.org> +--- + source4/heimdal/lib/krb5/ticket.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c +index 064bbfb..5a317c7 100644 +--- a/source4/heimdal/lib/krb5/ticket.c ++++ b/source4/heimdal/lib/krb5/ticket.c +@@ -641,8 +641,8 @@ _krb5_extract_ticket(krb5_context context, + /* check server referral and save principal */ + ret = _krb5_principalname2krb5_principal (context, + &tmp_principal, +- rep->kdc_rep.ticket.sname, +- rep->kdc_rep.ticket.realm); ++ rep->enc_part.sname, ++ rep->enc_part.srealm); + if (ret) + goto out; + if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){ +-- +1.9.1 + |