From patchwork Fri Apr 30 16:13:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 4241 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FWy8w2f0mz44R4 for ; Fri, 30 Apr 2021 16:13:36 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FWy8v6ZlXz6LQ; Fri, 30 Apr 2021 16:13:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FWy8v5lWnz2y66; Fri, 30 Apr 2021 16:13:35 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FWy8v1FcDz2xWS for ; Fri, 30 Apr 2021 16:13:35 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FWy8t5zZVz5NQ; Fri, 30 Apr 2021 16:13:34 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1619799214; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=shd0n45DbeMhqaNi1YV4wAt/fMJmH8K8cPE9yO0l5Uk=; b=Do9s4EMGNUw7kMS8rmcm1vt5bBIu4anyeNXcfGkSqjaErX0UoEvGWgFlUDMLBAcgQyZXj4 akuyPl+wqqa4Z9DQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1619799214; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=shd0n45DbeMhqaNi1YV4wAt/fMJmH8K8cPE9yO0l5Uk=; b=rDo6K7YWKuXlO5tLHR84kBRHUZl8h489fE+imWtk05C2UlK6bP+yL5K/fGt0JHk0EXRtyF 7mhL0TfmtL4VFneJy2IUkOKdUXMzDetBHmxVwmG1J7inj2DjR1+IzbpM88ETwosSAzHzSK ML6Xm+EduRo1LEPv6IvPZ9rZ5pwpY2gkI6IrWA8tS1gFZ+ShHJ0n3JnnaHkGwNnZLjnUiN WYNmPgooF3+gNNG1+qRhi7vvUGZMXTtXFjc5aH/13CbArhGqAbOfC2pVuWC+O7JokQEqV3 Dn05xKN72pSkFLTaY4wYliqg/4Ma3+qlt0d/xUyGaPKLIHPKr2qSWSmPgGf4Rw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] samba: Update to 4.14.4 Date: Fri, 30 Apr 2021 18:13:32 +0200 Message-Id: <20210430161332.3468134-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from 4.14.3 to 4.14.4 - Update of rootfile not required - Changelog Release Notes for Samba 4.14.4 April 29, 2021 This is a security release in order to address the following defect: o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token. Details o CVE-2021-20254: The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. Most commonly this flaw caused the calling code to crash, but an alert user (Peter Eriksson, IT Department, Linköping University) found this flaw by noticing an unprivileged user was able to delete a file within a network share that they should have been disallowed access to. Analysis of the code paths has not allowed us to discover a way for a remote user to be able to trigger this flaw reproducibly or on demand, but this CVE has been issued out of an abundance of caution. Signed-off-by: Adolf Belka --- lfs/samba | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/samba b/lfs/samba index ee873273a..2e11ba7a9 100644 --- a/lfs/samba +++ b/lfs/samba @@ -24,7 +24,7 @@ include Config -VER = 4.14.3 +VER = 4.14.4 THISAPP = samba-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba -PAK_VER = 78 +PAK_VER = 79 DEPS = avahi cups libtirpc krb5 perl-Parse-Yapp @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 7bf4fc8a7213b04942ac91ec05f62395 +$(DL_FILE)_MD5 = 171629ad42b4b303107e8b0fff942a1f install : $(TARGET)